Ok I beleive I got in all that you told me, I did run into an issue I dont have the XP boot disk and couldn't locate the Recovery Console for Service Pack 3, so I used the one for 2 and it seemed to work without issue.
Here is the SDFix Log:
SDFix: Version 1.194 Run by Jose on Thu 06/19/2008 at 08:20 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\Config\lsass.exe - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-19 20:32:03
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"="C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"="C:\\TOSHIBA\\IVP\\ISM\\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1131163763\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1131163763\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"="C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windowsr NetMeetingr"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Documents and Settings\\Jose\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Jose\\Desktop\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Fri 31 Aug 2007 30,720 ...HR --- "C:\WINDOWS\CdaC13BA.EXE"
Fri 31 Aug 2007 112,128 ...HR --- "C:\WINDOWS\CdaC14BA.DLL"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Mon 3 Jul 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 14 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Finished!Here is the Combo Fix Log:
ComboFix 08-06-19.1 - Jose 2008-06-19 23:34:37.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.932 [GMT -6:00]
Running from: C:\Documents and Settings\Jose\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jose\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Jose\Application Data\macromedia\Flash Player\#SharedObjects\QDND484Y\www.broadcaster.com
C:\Documents and Settings\Jose\Application Data\macromedia\Flash Player\#SharedObjects\QDND484Y\www.broadcaster.com\BCLUserPrefs.sol
C:\Documents and Settings\Jose\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Jose\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Jose\My Documents\SSTEM~1
C:\Documents and Settings\Jose\My Documents\YMBOLS~1
C:\Program Files\Common Files\{306A9~1
C:\Program Files\Common Files\{606A9~1
C:\WINDOWS\BM6359ad97.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\jTCccMoq.ini
C:\WINDOWS\system32\jTCccMoq.ini2
C:\WINDOWS\system32\loUDcJjl.ini
C:\WINDOWS\system32\loUDcJjl.ini2
C:\WINDOWS\system32\qosvelnu.dll
C:\WINDOWS\system32\rwqsobxq.dll
C:\WINDOWS\system32\yfjirmbu.ini
.
((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 )))))))))))))))))))))))))))))))
.
2008-06-19 20:01 . 2008-06-19 20:02 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-19 19:52 . 2008-06-19 20:37 <DIR> d-------- C:\SDFix
2008-06-19 11:06 . 2008-04-22 22:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-19 11:06 . 2007-04-17 03:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-19 11:06 . 2007-03-07 23:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-19 11:06 . 2008-04-22 22:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-19 11:06 . 2008-04-22 22:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-19 11:06 . 2008-04-22 22:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-19 11:06 . 2008-04-22 22:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-19 11:06 . 2008-04-22 22:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-19 11:06 . 2008-04-22 01:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-19 10:58 . 2008-06-19 10:58 <DIR> d-------- C:\VundoFix Backups
2008-06-19 10:52 . 2008-04-14 06:30 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-19 10:52 . 2008-05-08 08:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-18 07:24 . 2008-06-18 07:24 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\WTablet
2008-06-18 07:02 . 2008-06-18 07:02 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-06-18 07:02 . 2008-06-18 07:02 <DIR> d-------- C:\WINDOWS\system32\en
2008-06-18 07:02 . 2008-06-18 07:02 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-18 07:02 . 2008-06-18 07:02 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-18 07:00 . 2008-06-18 07:02 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-18 06:53 . 2008-06-18 06:53 <DIR> d-------- C:\WINDOWS\EHome
2008-06-18 05:34 . 2004-08-03 22:29 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-06-18 05:25 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-06-18 05:25 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-06-18 05:25 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-06-18 05:25 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-06-18 00:50 . 2008-06-18 00:55 <DIR> d-------- C:\Program Files\Panda Security
2008-06-17 22:44 . 2008-06-17 22:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-17 22:43 . 2008-06-18 00:46 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-17 22:43 . 2008-06-17 22:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 22:43 . 2008-06-17 22:43 <DIR> d-------- C:\Documents and Settings\Jose\Application Data\SUPERAntiSpyware.com
2008-06-17 22:32 . 2008-06-17 22:32 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 22:32 . 2008-06-17 22:32 <DIR> d-------- C:\Documents and Settings\Jose\Application Data\Malwarebytes
2008-06-17 22:32 . 2008-06-17 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-17 22:32 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-17 22:32 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-17 22:31 . 2008-06-17 22:31 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-16 19:29 . 2008-06-16 19:28 691,545 --a------ C:\WINDOWS\unins000.exe
2008-06-16 19:29 . 2008-06-16 19:29 2,539 --a------ C:\WINDOWS\unins000.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 05:38 --------- d-----w C:\Documents and Settings\Jose\Application Data\WTablet
2008-06-20 02:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-18 13:53 --------- d-----w C:\Documents and Settings\Jose\Application Data\uTorrent
2008-06-17 01:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-11 07:14 --------- d-----w C:\Documents and Settings\Jose\Application Data\AdobeUM
2008-05-28 08:47 --------- d-----w C:\Documents and Settings\Jose\Application Data\Any Video Converter Professional
2008-05-10 03:30 --------- d-----w C:\Program Files\Any Video Converter Professional
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 14:02 --------- d-----w C:\Documents and Settings\Jose\Application Data\Move Networks
2008-05-07 07:01 5,514 -c--a-w C:\Documents and Settings\Jose\Application Data\wklnhst.dat
2008-05-07 06:54 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-05-07 06:53 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-28 02:10 --------- d-----w C:\Program Files\Any Video Converter
2008-04-28 02:10 --------- d-----w C:\Documents and Settings\Jose\Application Data\Any Video Converter
2008-04-20 23:30 --------- d-----w C:\Program Files\Quicken
2008-04-14 00:12 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 00:12 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 00:12 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
2008-04-14 00:12 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2008-04-14 00:12 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 00:12 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 00:12 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
2008-04-14 00:12 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 00:12 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 00:11 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-14 00:11 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 00:11 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-14 00:11 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-14 00:11 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-14 00:11 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 344,064 2005-08-06 05:05:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
-c--a-w 94,208 2005-11-24 20:38:08 C:\Program Files\Common Files\Ahead\Lib\bak\NMBgMonitor.exe
-c--a-w 188,416 2005-05-19 15:57:36 C:\Program Files\ltmoh\bak\Ltmoh.exe
-c--a-w 155,648 2006-07-03 05:39:12 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 282,624 2007-04-27 15:41:54 C:\Program Files\QuickTime\qttask.exe
-c--a-w 471,040 2006-08-18 10:15:35 C:\Program Files\SlySoft\AnyDVD\bak\AnyDVD.exe
-c--a-w 688,218 2004-10-14 23:26:40 C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe
-c--a-w 98,394 2004-10-14 23:28:02 C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe
-c--a-w 65,536 2004-12-30 08:32:20 C:\Program Files\TOSHIBA\TOSCDSPD\bak\toscdspd.exe
-c--a-w 352,256 2005-11-25 21:07:16 C:\Program Files\TOSHIBA\TOSHIBA Applet\bak\thotkey.exe
-c--a-w 122,880 2005-04-27 00:13:20 C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\bak\SmoothView.exe
-c--a-w 1,077,322 2005-07-15 18:52:42 C:\Program Files\TOSHIBA\Touch and Launch\bak\PadExe.exe
-c--a-w 73,728 2005-11-10 18:24:50 C:\Program Files\TOSHIBA\Tvs\bak\TvsTray.exe
-c--a-w 15,360 2004-08-04 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2008-04-14 00:12:16 C:\WINDOWS\system32\ctfmon.exe
-c--a-w 155,648 2001-07-09 15:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe
-c--a-w 122,940 2005-08-01 13:10:00 C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31C44199-FA00-87D3-2A91-F72D61D4AD93}]
C:\WINDOWS\system32\tksxfgtp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38FFD9B9-E425-4970-990F-482FACFE2A7E}]
C:\WINDOWS\system32\qoMccCTj.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9BF64A5F-57D3-4CAB-BD2C-ECE635439407}]
C:\WINDOWS\system32\ljJcDUol.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 18:12 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [ ]
"Winstx"="C:\361101032253735984.exe" [ ]
"Winstm"="C:\36110103225100468296.exe" [ ]
"Winstj"="C:\36110103225100468296.exe" [ ]
"Winste"="C:\36110103225100468296.exe" [ ]
"Winstf"="C:\361101032253735984.exe" [ ]
"Winstk"="C:\361101032253735984.exe" [ ]
"Winsta"="C:\361101032253735984.exe" [ ]
"Winstg"="C:\36110103225100468296.exe" [ ]
"Winstv"="C:\36110103225100468296.exe" [ ]
"Winstr"="C:\36110103225100468296.exe" [ ]
"Winstw"="C:\36110103225100468296.exe" [ ]
"Winstu"="C:\361101032253735984.exe" [ ]
"Winstq"="C:\36110103225100468296.exe" [ ]
"Winsts"="C:\36110103225100468296.exe" [ ]
"Winsti"="C:\36110103225100468296.exe" [ ]
"Winsty"="C:\361101032253735984.exe" [ ]
"Winstn"="C:\361101032253735984.exe" [ ]
"Eprc"="C:\DOCUME~1\Jose\MYDOCU~1\YMBOLS~1\winword.exe" [ ]
"Ghvw"="C:\Program Files\?racle\n?tdde.exe" [ ]
"Winstz"="C:\361101032253735984.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-18 00:46 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 13:14 15473664 C:\WINDOWS\RTHDCPL.exe]
"NDSTray.exe"="NDSTray.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 08:29 88203 C:\WINDOWS\agrsmmsg.exe]
"TFncKy"="TFncKy.exe" []
"TPSMain"="TPSMain.exe" [2005-05-31 23:00 282624 C:\WINDOWS\system32\TPSMain.exe]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [ ]
"CFSServ.exe"="CFSServ.exe" []
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 01:21 176128]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-03-31 22:34 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2004-05-04 16:17 491520]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SansaDispatch"="C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [ ]
"BarbieGirlsTray"="C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe" [2007-03-14 20:59 24576]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-11-04 21:20:51 155648]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-18 00:46 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-06-18 00:46 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Documents and Settings\\Jose\\Desktop\\utorrent.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 17:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 17:16]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 13:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12:30]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5834012b-84ca-11db-9d05-0016e30ec92b}]
\Shell\AutoRun\command - setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d59b4f8-303d-11dc-9d63-0016e30ec92b}]
\Shell\AutoRun\command - F:\wd_windows_tools\setup.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-06-19 17:06:02 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-19 23:38:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-06-19 23:43:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-20 05:43:42
Pre-Run: 1,159,864,320 bytes free
Post-Run: 1,048,322,048 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
265 --- E O F --- 2008-06-19 17:08:27
And here is the HiJack This Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:30 AM, on 6/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Jose\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.toshibadirect.com/dpdstartR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.toshibadirect.com/dpdstartR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {31C44199-FA00-87D3-2A91-F72D61D4AD93} - C:\WINDOWS\system32\tksxfgtp.dll (file missing)
O2 - BHO: (no name) - {31C44199-FA00-87D3-2A91-F72D61D4AD93} - C:\WINDOWS\system32\tksxfgtp.dll (file missing)
O2 - BHO: (no name) - {38FFD9B9-E425-4970-990F-482FACFE2A7E} - C:\WINDOWS\system32\qoMccCTj.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {9BF64A5F-57D3-4CAB-BD2C-ECE635439407} - C:\WINDOWS\system32\ljJcDUol.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [BarbieGirlsTray] C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Winstx] C:\361101032253735984.exe
O4 - HKCU\..\Run: [Winstm] C:\36110103225100468296.exe
O4 - HKCU\..\Run: [Winstj] C:\36110103225100468296.exe
O4 - HKCU\..\Run: [Winste] C:\36110103225100468296.exe
O4 - HKCU\..\Run: [Winstf] C:\361101032253735984.exe
O4 - HKCU\..\Run: [Winstk] C:\361101032253735984.exe
O4 - HKCU\..\Run: [Winsta] C:\361101032253735984.exe
O4 - HKCU\..\Run: [Winstg] C:\36110103225100468296.exe
O4 - HKCU\..\Run: [Winstv] C:\36110103225100468296.exe
O4 - HKCU\..\Run: [Winstr] C:\36110103225100468296.exe
O4 - HKCU\..\Run: [Winstw] C:\36110103225100468296.exe
O4 - HKCU\..\Run: [Winstu] C:\361101032253735984.exe
O4 - HKCU\..\Run: [Winstq] C:\36110103225100468296.exe
O4 - HKCU\..\Run: [Winsts] C:\36110103225100468296.exe
O4 - HKCU\..\Run: [Winsti] C:\36110103225100468296.exe
O4 - HKCU\..\Run: [Winsty] C:\361101032253735984.exe
O4 - HKCU\..\Run: [Winstn] C:\361101032253735984.exe
O4 - HKCU\..\Run: [Eprc] "C:\DOCUME~1\Jose\MYDOCU~1\YMBOLS~1\winword.exe" -vt yazr
O4 - HKCU\..\Run: [Ghvw] C:\Program Files\?racle\n?tdde.exe
O4 - HKCU\..\Run: [Winstz] C:\361101032253735984.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
--
End of file - 9782 bytes
Thanks again for all your help!!