[bigdaddyclint]

Ok here is my deal I think i have a browser hijacker not shure what one but its pretty bad i think here is my hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:37 PM, on 1/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18343)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\DOCUME~1\BIGDAD~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecu...s/as2stubie.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...abs/tgctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.su...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{886ED2A5-BD5A-4239-BA36-31E4F99878E0}: NameServer = 208.67.222.222,208.67.220.220
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Norton 2009 Reset (.norton2009Reset) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Norton\Norton2009Reset.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7157 bytes

I have used norton 2009, spyware doctor in safemode, super anti spyware, browser hijack recover, xsoftspy and cc cleaner not sure what else to do any help would be great.

[Advertisements]

i think i fixed the issue just wanted someone to look at my log for combo fix.. ran it it found 2 files and deleted them. not i don't have re-directs now when i search and click on a link in yahoo or Google in IE here is my log.

ComboFix 09-01-19.03 - bigdaddyclint 2009-01-19 19:50:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.722 [GMT -6:00]
Running from: c:\documents and settings\bigdaddyclint\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated)
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
FW: Norton Internet Security *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gaopdxxtndpskk.sys
c:\windows\system32\gaopdxdlijnmtk.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2008-12-20 to 2009-01-20 )))))))))))))))))))))))))))))))
.

2009-01-19 17:33 . 2009-01-19 17:33 <DIR> d-------- c:\windows\ERUNT
2009-01-19 17:32 . 2009-01-19 17:40 <DIR> d-------- C:\SDFix
2009-01-19 17:13 . 2009-01-19 18:13 <DIR> d-------- c:\program files\Spyware Doctor
2009-01-19 17:13 . 2009-01-19 17:13 <DIR> d-------- c:\program files\Common Files\PC Tools
2009-01-19 17:13 . 2009-01-19 17:13 <DIR> d-------- c:\documents and settings\bigdaddyclint\Application Data\PC Tools
2009-01-19 17:13 . 2009-01-19 17:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2009-01-19 17:13 . 2008-07-28 12:29 160,792 --a------ c:\windows\system32\drivers\pctfw2.sys
2009-01-19 17:13 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2009-01-19 17:13 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2009-01-19 17:13 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2009-01-19 17:13 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2009-01-19 16:04 . 2009-01-19 16:04 <DIR> d--hs---- c:\documents and settings\bigdaddyclint\IECompatCache
2009-01-19 16:02 . 2009-01-19 16:02 <DIR> d--hs---- c:\documents and settings\bigdaddyclint\PrivacIE
2009-01-19 10:42 . 2009-01-19 10:43 <DIR> d--h-c--- c:\windows\ie8
2009-01-19 10:36 . 2009-01-19 10:36 <DIR> d--hs---- c:\documents and settings\bigdaddyclint\IETldCache
2009-01-19 10:30 . 2009-01-19 16:56 <DIR> d--h----- c:\program files\Explorer
2009-01-19 10:14 . 2009-01-19 10:14 <DIR> d-------- c:\program files\Browser Hijack Recover
2009-01-19 10:14 . 2009-01-19 10:14 0 --a------ c:\windows\system32\8104297.jun
2009-01-19 10:04 . 2009-01-19 10:43 1,374 --a------ c:\windows\imsins.BAK
2009-01-19 09:49 . 2009-01-19 09:49 0 --a------ c:\windows\nsreg.dat
2009-01-18 22:38 . 2009-01-18 22:40 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-18 22:38 . 2009-01-18 22:38 <DIR> d-------- c:\documents and settings\bigdaddyclint\Application Data\SUPERAntiSpyware.com
2009-01-18 22:38 . 2009-01-18 22:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-18 22:37 . 2009-01-18 22:37 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-18 22:00 . 2009-01-18 22:09 <DIR> d-------- c:\program files\XoftSpy
2009-01-18 21:35 . 2009-01-18 21:35 <DIR> d-------- c:\program files\Trend Micro
2009-01-18 21:28 . 2009-01-18 21:28 <DIR> d-------- c:\program files\Opera
2009-01-18 21:13 . 2009-01-18 21:13 <DIR> d-------- c:\program files\CCleaner
2009-01-18 21:11 . 2009-01-18 21:11 <DIR> d-------- c:\program files\Panda Security
2009-01-18 21:11 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-01-18 21:07 . 2009-01-18 21:07 <DIR> d-------- c:\windows\Sun
2009-01-18 21:07 . 2009-01-18 21:20 <DIR> d-------- c:\documents and settings\bigdaddyclint\.housecall6.6
2009-01-18 21:07 . 2009-01-18 21:06 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-18 21:07 . 2009-01-18 21:06 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-18 21:06 . 2009-01-18 21:06 <DIR> d-------- c:\program files\Java
2009-01-18 20:28 . 2009-01-18 20:28 <DIR> dr------- c:\program files\Norton Support
2009-01-18 19:52 . 2009-01-18 20:04 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-18 19:51 . 2009-01-18 19:51 <DIR> d-------- c:\program files\Reference Assemblies
2009-01-18 19:51 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-01-18 19:40 . 2009-01-18 20:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2009-01-18 19:00 . 2009-01-18 19:00 124,688 --a------ c:\windows\system32\MSWINSCK.OCX
2009-01-18 18:59 . 2009-01-18 20:25 <DIR> d-------- c:\program files\Symantec
2009-01-18 18:59 . 2009-01-18 20:33 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2009-01-18 18:59 . 2009-01-18 18:59 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-18 18:59 . 2009-01-18 18:59 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-01-18 18:59 . 2009-01-18 18:59 35,888 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-01-18 18:59 . 2009-01-18 18:59 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-18 18:59 . 2009-01-18 18:59 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-01-18 18:58 . 2009-01-18 18:58 <DIR> d-------- c:\windows\system32\drivers\NIS
2009-01-18 18:58 . 2009-01-18 18:58 <DIR> d-------- c:\program files\Windows Sidebar
2009-01-18 18:58 . 2009-01-18 18:58 <DIR> d-------- c:\program files\NortonInstaller
2009-01-18 18:58 . 2009-01-18 18:59 <DIR> d-------- c:\program files\Norton Internet Security
2009-01-18 18:58 . 2009-01-18 18:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-01-18 18:58 . 2009-01-18 20:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-01-18 15:20 . 2009-01-17 19:20 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InstallShield
2009-01-18 15:20 . 2009-01-18 15:20 <DIR> d-------- c:\documents and settings\Administrator
2009-01-18 14:39 . 2009-01-19 18:12 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-17 23:08 . 2009-01-17 23:08 <DIR> d-------- c:\documents and settings\bigdaddyclint\Application Data\vlc
2009-01-17 23:04 . 2009-01-17 23:04 <DIR> d-------- c:\program files\VideoLAN
2009-01-17 23:02 . 2009-01-17 23:02 <DIR> d-------- c:\program files\Lavasoft
2009-01-17 23:02 . 2009-01-18 14:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-17 22:28 . 2009-01-17 22:28 <DIR> d-------- c:\documents and settings\bigdaddyclint\Application Data\ProSelect Resources
2009-01-17 22:25 . 2009-01-17 22:34 <DIR> d-------- c:\program files\TimeExposure
2009-01-17 20:26 . 2009-01-17 20:26 <DIR> d-------- c:\windows\system32\LogFiles
2009-01-17 20:20 . 2009-01-17 20:26 <DIR> d-------- c:\windows\SxsCaPendDel
2009-01-17 20:16 . 2009-01-19 17:41 <DIR> d-------- c:\program files\DNA
2009-01-17 20:16 . 2009-01-17 20:16 <DIR> d-------- c:\program files\BitTorrent
2009-01-17 20:16 . 2009-01-19 19:48 <DIR> d-------- c:\documents and settings\bigdaddyclint\Application Data\DNA
2009-01-17 20:16 . 2009-01-19 10:34 <DIR> d-------- c:\documents and settings\bigdaddyclint\Application Data\BitTorrent
2009-01-17 19:57 . 2009-01-18 19:58 <DIR> d-------- c:\program files\MSBuild
2009-01-17 19:49 . 2009-01-17 19:49 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2009-01-17 19:47 . 2007-04-13 11:51 321,024 --a------ c:\windows\system32\ERUpdateHidden.EXE
2009-01-17 19:47 . 2006-03-23 12:02 258,048 --a------ c:\windows\system32\Uninstall_eRecovery.exe
2009-01-17 19:47 . 2006-03-30 13:06 258,048 --a------ c:\windows\system32\CheckD2DSystem.exe
2009-01-17 19:47 . 2004-11-03 09:06 159,744 --a------ c:\windows\system32\CloseProcessWindow.dll
2009-01-17 19:47 . 2005-12-09 09:12 16,384 --a------ c:\windows\system32\ClearEvent.exe
2009-01-17 19:47 . 2006-03-23 21:55 730 --a------ c:\windows\system32\setup.iss
2009-01-17 19:46 . 2009-01-17 19:46 125 --a------ c:\windows\xUninstall.bat
2009-01-17 19:45 . 2009-01-17 19:46 <DIR> d-------- c:\windows\JMCR_DIR
2009-01-17 19:45 . 2008-05-14 04:53 110,080 --a------ c:\windows\system32\JmCrIcon.dll
2009-01-17 19:43 . 2009-01-17 19:43 <DIR> d-------- c:\windows\SUYIN NB Cam
2009-01-17 19:43 . 2009-01-17 19:43 <DIR> d-------- c:\program files\Common Files\SNP2UVC
2009-01-17 19:43 . 2008-06-13 17:43 4,342,912 --a------ c:\windows\system32\acer.exe
2009-01-17 19:42 . 2009-01-17 19:43 <DIR> d-------- c:\windows\ACER
2009-01-17 19:42 . 2009-01-17 19:42 <DIR> d-------- c:\program files\Acer Incorporated
2009-01-17 19:42 . 2007-04-19 13:41 83,554,304 --a------ c:\windows\system32\acer.scr
2009-01-17 19:40 . 2009-01-17 20:26 <DIR> d-------- c:\program files\Google
2009-01-17 19:39 . 2009-01-17 19:39 <DIR> d-------- c:\program files\Launch Manager
2009-01-17 19:39 . 2009-01-17 19:39 83 --a------ c:\windows\QtZgAcer.UNI
2009-01-17 19:37 . 2009-01-17 19:37 <DIR> d-------- c:\program files\FLV-Media Player
2009-01-17 19:34 . 2009-01-17 19:36 <DIR> d-------- c:\program files\MagicISO
2009-01-17 19:33 . 2009-01-17 19:20 <DIR> d-------- c:\documents and settings\bigdaddyclint\Application Data\InstallShield
2009-01-17 19:33 . 2009-01-19 16:04 <DIR> d-------- c:\documents and settings\bigdaddyclint
2009-01-17 19:26 . 2009-01-17 19:26 <DIR> d-a------ c:\windows\AcerStore

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-18 22:55 --------- d-----w c:\program files\McAfee
2009-01-18 22:55 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-01-18 22:53 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-01-18 02:19 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-18 01:45 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-18 01:23 --------- d-----w c:\program files\Synaptics
2009-01-18 01:23 --------- d-----w c:\program files\Realtek
2009-01-18 01:22 --------- d-----w c:\program files\Microsoft.NET
2009-01-18 01:22 --------- d-----w c:\program files\Microsoft Works
2009-01-18 01:22 --------- d-----w c:\program files\microsoft frontpage
2009-01-18 01:22 --------- d-----w c:\program files\InterVideo
2009-01-18 01:22 --------- d-----w c:\program files\Intel
2009-01-18 01:21 --------- d-----w c:\program files\Common Files\InterVideo
2009-01-18 01:21 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-18 01:21 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-01-18 01:21 --------- d-----w c:\program files\Common Files\Adobe
2009-01-18 01:21 --------- d-----w c:\program files\Atheros
2009-01-18 01:20 --------- d-----w c:\documents and settings\All Users\Application Data\Atheros
2008-12-06 23:53 906,240 ----a-w c:\windows\system32\wininet.dll
2008-12-06 23:53 43,008 ----a-w c:\windows\system32\licmgr10.dll
2008-12-06 23:52 18,944 ----a-w c:\windows\system32\corpol.dll
2008-12-06 23:51 72,704 ----a-w c:\windows\system32\admparse.dll
2008-12-06 23:51 71,680 ----a-w c:\windows\system32\iesetup.dll
2008-12-06 23:51 420,864 ----a-w c:\windows\system32\vbscript.dll
2008-12-06 23:50 34,304 ----a-w c:\windows\system32\imgutil.dll
2008-12-06 23:49 48,128 ----a-w c:\windows\system32\mshtmler.dll
2008-12-06 23:49 45,568 ----a-w c:\windows\system32\mshta.exe
2008-12-06 23:39 156,160 ----a-w c:\windows\system32\msls31.dll
2008-08-15 17:51 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-17 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-24 1044480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-13 821768]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-18 136600]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 c:\windows\RTHDCPL.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-06-04 114688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-18 28544]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1001000.021\SymEFA.sys [2009-01-18 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1001000.021\BHDrvx86.sys [2009-01-18 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1001000.021\cchpx86.sys [2009-01-18 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys [2009-01-18 274808]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2009-01-19 160792]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-18 99376]
R4 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe [2009-01-18 115560]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-19 356920]
S4 .norton2009Reset;Norton 2009 Reset;c:\documents and settings\All Users\Application Data\Norton\Norton2009Reset.exe [2009-01-18 281625]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-01-19 c:\windows\Tasks\XoftSpy.job
- c:\program files\XoftSpy\XoftSpy.exe [2005-01-05 12:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mWindow Title =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
TCP: {886ED2A5-BD5A-4239-BA36-31E4F99878E0} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\bigdaddyclint\Application Data\Mozilla\Firefox\Profiles\kptpl99k.default\
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-19 19:52:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.1.0.33\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1172)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(1228)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
.
Completion time: 2009-01-19 19:54:30
ComboFix-quarantined-files.txt 2009-01-20 01:54:27

Pre-Run: 140,903,948,288 bytes free
Post-Run: 140,839,985,152 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

246 --- E O F --- 2009-01-18 10:40:06

[bigdaddyclint]

i think i fixed the issue just wanted someone to look at my log for combo fix.. ran it it found 2 files and deleted them. not i don't have re-directs now when i search and click on a link in yahoo or Google in IE here is my log.

ComboFix 09-01-19.03 - bigdaddyclint 2009-01-19 19:50:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.722 [GMT -6:00]
Running from: c:\documents and settings\bigdaddyclint\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated)
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
FW: Norton Internet Security *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gaopdxxtndpskk.sys
c:\windows\system32\gaopdxdlijnmtk.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2008-12-20 to 2009-01-20 )))))))))))))))))))))))))))))))
.

2009-01-19 17:33 . 2009-01-19 17:33 <DIR> d-------- c:\windows\ERUNT
2009-01-19 17:32 . 2009-01-19 17:40 <DIR> d-------- C:\SDFix
2009-01-19 17:13 . 2009-01-19 18:13 <DIR> d-------- c:\program files\Spyware Doctor
2009-01-19 17:13 . 2009-01-19 17:13 <DIR> d-------- c:\program files\Common Files\PC Tools
2009-01-19 17:13 . 2009-01-19 17:13 <DIR> d-------- c:\documents and settings\bigdaddyclint\Application Data\PC Tools
2009-01-19 17:13 . 2009-01-19 17:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2009-01-19 17:13 . 2008-07-28 12:29 160,792 --a------ c:\windows\system32\drivers\pctfw2.sys
2009-01-19 17:13 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2009-01-19 17:13 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2009-01-19 17:13 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2009-01-19 17:13 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2009-01-19 16:04 . 2009-01-19 16:04 <DIR> d--hs---- c:\documents and settings\bigdaddyclint\IECompatCache
2009-01-19 16:02 . 2009-01-19 16:02 <DIR> d--hs---- c:\documents and settings\bigdaddyclint\PrivacIE
2009-01-19 10:42 . 2009-01-19 10:43 <DIR> d--h-c--- c:\windows\ie8
2009-01-19 10:36 . 2009-01-19 10:36 <DIR> d--hs---- c:\documents and settings\bigdaddyclint\IETldCache
2009-01-19 10:30 . 2009-01-19 16:56 <DIR> d--h----- c:\program files\Explorer
2009-01-19 10:14 . 2009-01-19 10:14 <DIR> d-------- c:\program files\Browser Hijack Recover
2009-01-19 10:14 . 2009-01-19 10:14 0 --a------ c:\windows\system32\8104297.jun
2009-01-19 10:04 . 2009-01-19 10:43 1,374 --a------ c:\windows\imsins.BAK
2009-01-19 09:49 . 2009-01-19 09:49 0 --a------ c:\windows\nsreg.dat
2009-01-18 22:38 . 2009-01-18 22:40 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-18 22:38 . 2009-01-18 22:38 <DIR> d-------- c:\documents and settings\bigdaddyclint\Application Data\SUPERAntiSpyware.com
2009-01-18 22:38 . 2009-01-18 22:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-18 22:37 . 2009-01-18 22:37 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-18 22:00 . 2009-01-18 22:09 <DIR> d-------- c:\program files\XoftSpy
2009-01-18 21:35 . 2009-01-18 21:35 <DIR> d-------- c:\program files\Trend Micro
2009-01-18 21:28 . 2009-01-18 21:28 <DIR> d-------- c:\program files\Opera
2009-01-18 21:13 . 2009-01-18 21:13 <DIR> d-------- c:\program files\CCleaner
2009-01-18 21:11 . 2009-01-18 21:11 <DIR> d-------- c:\program files\Panda Security
2009-01-18 21:11 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-01-18 21:07 . 2009-01-18 21:07 <DIR> d-------- c:\windows\Sun
2009-01-18 21:07 . 2009-01-18 21:20 <DIR> d-------- c:\documents and settings\bigdaddyclint\.housecall6.6
2009-01-18 21:07 . 2009-01-18 21:06 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-18 21:07 . 2009-01-18 21:06 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-18 21:06 . 2009-01-18 21:06 <DIR> d-------- c:\program files\Java
2009-01-18 20:28 . 2009-01-18 20:28 <DIR> dr------- c:\program files\Norton Support
2009-01-18 19:52 . 2009-01-18 20:04 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-18 19:51 . 2009-01-18 19:51 <DIR> d-------- c:\program files\Reference Assemblies
2009-01-18 19:51 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-01-18 19:40 . 2009-01-18 20:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2009-01-18 19:00 . 2009-01-18 19:00 124,688 --a------ c:\windows\system32\MSWINSCK.OCX
2009-01-18 18:59 . 2009-01-18 20:25 <DIR> d-------- c:\program files\Symantec
2009-01-18 18:59 . 2009-01-18 20:33 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2009-01-18 18:59 . 2009-01-18 18:59 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-18 18:59 . 2009-01-18 18:59 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-01-18 18:59 . 2009-01-18 18:59 35,888 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-01-18 18:59 . 2009-01-18 18:59 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-18 18:59 . 2009-01-18 18:59 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-01-18 18:58 . 2009-01-18 18:58 <DIR> d-------- c:\windows\system32\drivers\NIS
2009-01-18 18:58 . 2009-01-18 18:58 <DIR> d-------- c:\program files\Windows Sidebar
2009-01-18 18:58 . 2009-01-18 18:58 <DIR> d-------- c:\program files\NortonInstaller
2009-01-18 18:58 . 2009-01-18 18:59 <DIR> d-------- c:\program files\Norton Internet Security
2009-01-18 18:58 . 2009-01-18 18:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-01-18 18:58 . 2009-01-18 20:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-01-18 15:20 . 2009-01-17 19:20 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InstallShield
2009-01-18 15:20 . 2009-01-18 15:20 <DIR> d-------- c:\documents and settings\Administrator
2009-01-18 14:39 . 2009-01-19 18:12 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-17 23:08 . 2009-01-17 23:08 <DIR> d-------- c:\documents and settings\bigdaddyclint\Application Data\vlc
2009-01-17 23:04 . 2009-01-17 23:04 <DIR> d-------- c:\program files\VideoLAN
2009-01-17 23:02 . 2009-01-17 23:02 <DIR> d-------- c:\program files\Lavasoft
2009-01-17 23:02 . 2009-01-18 14:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-17 22:28 . 2009-01-17 22:28 <DIR> d-------- c:\documents and settings\bigdaddyclint\Application Data\ProSelect Resources
2009-01-17 22:25 . 2009-01-17 22:34 <DIR> d-------- c:\program files\TimeExposure
2009-01-17 20:26 . 2009-01-17 20:26 <DIR> d-------- c:\windows\system32\LogFiles
2009-01-17 20:20 . 2009-01-17 20:26 <DIR> d-------- c:\windows\SxsCaPendDel
2009-01-17 20:16 . 2009-01-19 17:41 <DIR> d-------- c:\program files\DNA
2009-01-17 20:16 . 2009-01-17 20:16 <DIR> d-------- c:\program files\BitTorrent
2009-01-17 20:16 . 2009-01-19 19:48 <DIR> d-------- c:\documents and settings\bigdaddyclint\Application Data\DNA
2009-01-17 20:16 . 2009-01-19 10:34 <DIR> d-------- c:\documents and settings\bigdaddyclint\Application Data\BitTorrent
2009-01-17 19:57 . 2009-01-18 19:58 <DIR> d-------- c:\program files\MSBuild
2009-01-17 19:49 . 2009-01-17 19:49 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2009-01-17 19:47 . 2007-04-13 11:51 321,024 --a------ c:\windows\system32\ERUpdateHidden.EXE
2009-01-17 19:47 . 2006-03-23 12:02 258,048 --a------ c:\windows\system32\Uninstall_eRecovery.exe
2009-01-17 19:47 . 2006-03-30 13:06 258,048 --a------ c:\windows\system32\CheckD2DSystem.exe
2009-01-17 19:47 . 2004-11-03 09:06 159,744 --a------ c:\windows\system32\CloseProcessWindow.dll
2009-01-17 19:47 . 2005-12-09 09:12 16,384 --a------ c:\windows\system32\ClearEvent.exe
2009-01-17 19:47 . 2006-03-23 21:55 730 --a------ c:\windows\system32\setup.iss
2009-01-17 19:46 . 2009-01-17 19:46 125 --a------ c:\windows\xUninstall.bat
2009-01-17 19:45 . 2009-01-17 19:46 <DIR> d-------- c:\windows\JMCR_DIR
2009-01-17 19:45 . 2008-05-14 04:53 110,080 --a------ c:\windows\system32\JmCrIcon.dll
2009-01-17 19:43 . 2009-01-17 19:43 <DIR> d-------- c:\windows\SUYIN NB Cam
2009-01-17 19:43 . 2009-01-17 19:43 <DIR> d-------- c:\program files\Common Files\SNP2UVC
2009-01-17 19:43 . 2008-06-13 17:43 4,342,912 --a------ c:\windows\system32\acer.exe
2009-01-17 19:42 . 2009-01-17 19:43 <DIR> d-------- c:\windows\ACER
2009-01-17 19:42 . 2009-01-17 19:42 <DIR> d-------- c:\program files\Acer Incorporated
2009-01-17 19:42 . 2007-04-19 13:41 83,554,304 --a------ c:\windows\system32\acer.scr
2009-01-17 19:40 . 2009-01-17 20:26 <DIR> d-------- c:\program files\Google
2009-01-17 19:39 . 2009-01-17 19:39 <DIR> d-------- c:\program files\Launch Manager
2009-01-17 19:39 . 2009-01-17 19:39 83 --a------ c:\windows\QtZgAcer.UNI
2009-01-17 19:37 . 2009-01-17 19:37 <DIR> d-------- c:\program files\FLV-Media Player
2009-01-17 19:34 . 2009-01-17 19:36 <DIR> d-------- c:\program files\MagicISO
2009-01-17 19:33 . 2009-01-17 19:20 <DIR> d-------- c:\documents and settings\bigdaddyclint\Application Data\InstallShield
2009-01-17 19:33 . 2009-01-19 16:04 <DIR> d-------- c:\documents and settings\bigdaddyclint
2009-01-17 19:26 . 2009-01-17 19:26 <DIR> d-a------ c:\windows\AcerStore

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-18 22:55 --------- d-----w c:\program files\McAfee
2009-01-18 22:55 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-01-18 22:53 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-01-18 02:19 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-18 01:45 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-18 01:23 --------- d-----w c:\program files\Synaptics
2009-01-18 01:23 --------- d-----w c:\program files\Realtek
2009-01-18 01:22 --------- d-----w c:\program files\Microsoft.NET
2009-01-18 01:22 --------- d-----w c:\program files\Microsoft Works
2009-01-18 01:22 --------- d-----w c:\program files\microsoft frontpage
2009-01-18 01:22 --------- d-----w c:\program files\InterVideo
2009-01-18 01:22 --------- d-----w c:\program files\Intel
2009-01-18 01:21 --------- d-----w c:\program files\Common Files\InterVideo
2009-01-18 01:21 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-18 01:21 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-01-18 01:21 --------- d-----w c:\program files\Common Files\Adobe
2009-01-18 01:21 --------- d-----w c:\program files\Atheros
2009-01-18 01:20 --------- d-----w c:\documents and settings\All Users\Application Data\Atheros
2008-12-06 23:53 906,240 ----a-w c:\windows\system32\wininet.dll
2008-12-06 23:53 43,008 ----a-w c:\windows\system32\licmgr10.dll
2008-12-06 23:52 18,944 ----a-w c:\windows\system32\corpol.dll
2008-12-06 23:51 72,704 ----a-w c:\windows\system32\admparse.dll
2008-12-06 23:51 71,680 ----a-w c:\windows\system32\iesetup.dll
2008-12-06 23:51 420,864 ----a-w c:\windows\system32\vbscript.dll
2008-12-06 23:50 34,304 ----a-w c:\windows\system32\imgutil.dll
2008-12-06 23:49 48,128 ----a-w c:\windows\system32\mshtmler.dll
2008-12-06 23:49 45,568 ----a-w c:\windows\system32\mshta.exe
2008-12-06 23:39 156,160 ----a-w c:\windows\system32\msls31.dll
2008-08-15 17:51 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-17 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-24 1044480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-13 821768]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-18 136600]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 c:\windows\RTHDCPL.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-06-04 114688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-18 28544]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1001000.021\SymEFA.sys [2009-01-18 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1001000.021\BHDrvx86.sys [2009-01-18 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1001000.021\cchpx86.sys [2009-01-18 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys [2009-01-18 274808]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2009-01-19 160792]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-18 99376]
R4 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe [2009-01-18 115560]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-19 356920]
S4 .norton2009Reset;Norton 2009 Reset;c:\documents and settings\All Users\Application Data\Norton\Norton2009Reset.exe [2009-01-18 281625]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-01-19 c:\windows\Tasks\XoftSpy.job
- c:\program files\XoftSpy\XoftSpy.exe [2005-01-05 12:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mWindow Title =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
TCP: {886ED2A5-BD5A-4239-BA36-31E4F99878E0} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\bigdaddyclint\Application Data\Mozilla\Firefox\Profiles\kptpl99k.default\
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-19 19:52:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.1.0.33\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1172)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(1228)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
.
Completion time: 2009-01-19 19:54:30
ComboFix-quarantined-files.txt 2009-01-20 01:54:27

Pre-Run: 140,903,948,288 bytes free
Post-Run: 140,839,985,152 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

246 --- E O F --- 2009-01-18 10:40:06