heres my log that combo fix has prompted me with
ComboFix 09-03-10.03 - Owner 2009-03-11 22:00:01.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.487 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\docume~1\Owner\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\Owner\LOCALS~1\Temp\tmp2.tmp
c:\program files\Adssite Games Collection
c:\program files\Adssite Games Collection\BattlesOfHelicopters.exe
c:\program files\Adssite Games Collection\BobAndBill.exe
c:\program files\Adssite Games Collection\CrazyBlocks.exe
c:\program files\Adssite Games Collection\Lines.exe
c:\program files\Adssite Games Collection\uninstall.exe
c:\program files\Adssite Games Collection\VideoPool.exe
c:\program files\Common Files\System\Uninstall
c:\program files\INSTALL.LOG
c:\windows\install.exe
c:\windows\system32\dcads-remove.exe
c:\windows\system32\mysidesearch_sidebar_uninstall.exe
c:\windows\system32\qsrwlonqapjao.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UAClyqqakbe.dat
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-02-12 to 2009-03-12 )))))))))))))))))))))))))))))))
.
2009-03-10 22:24 . 2009-03-10 22:24 24,352 --a------ c:\windows\system32\AAWService_2009_03_10_22_24_27.dmp
2009-03-10 21:01 . 2009-03-10 21:01 <DIR> dr------- c:\program files\Norton Support
2009-03-10 20:41 . 2009-03-10 20:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2009-03-10 20:40 . 2009-03-10 20:40 <DIR> d-------- c:\windows\system32\drivers\NAV
2009-03-10 20:40 . 2009-03-10 20:40 <DIR> d-------- c:\program files\Windows Sidebar
2009-03-10 20:40 . 2009-03-10 20:40 <DIR> d-------- c:\program files\Symantec
2009-03-10 20:40 . 2009-03-10 20:40 <DIR> d-------- c:\program files\NortonInstaller
2009-03-10 20:40 . 2009-03-10 20:40 <DIR> d-------- c:\program files\Norton AntiVirus
2009-03-10 20:40 . 2009-03-10 20:44 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2009-03-10 20:40 . 2009-03-10 20:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-03-10 20:40 . 2009-03-10 20:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-03-10 20:40 . 2009-03-10 20:40 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-10 20:40 . 2009-03-10 20:40 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-03-10 20:40 . 2009-03-10 20:40 36,272 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-03-10 20:40 . 2009-03-10 20:40 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-10 20:40 . 2009-03-10 20:40 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-03-10 20:28 . 2009-03-10 20:28 <DIR> d-------- c:\program files\Viewpoint
2009-03-10 20:28 . 2009-03-10 20:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Viewpoint
2009-03-09 23:41 . 2009-03-09 23:41 <DIR> d-------- c:\documents and settings\Owner\Application Data\AVGTOOLBAR
2009-03-09 23:41 . 2009-03-09 23:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-09 23:21 . 2009-03-09 23:21 22,889 --a------ c:\windows\system32\AAWService_2009_03_09_23_21_55.dmp
2009-03-09 23:10 . 2009-01-18 16:35 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-09 22:08 . 2009-03-09 22:08 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-03-09 22:08 . 2009-03-09 22:08 <DIR> d-------- c:\program files\Lavasoft
2009-03-09 22:08 . 2009-03-09 22:08 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-09 22:08 . 2009-01-18 16:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-09 21:59 . 2009-03-09 22:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-05 11:39 . 2004-08-04 01:56 21,504 --a------ c:\windows\system32\hidserv.dll
2009-03-05 11:39 . 2004-08-04 01:56 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2009-03-03 19:00 . 2009-03-03 19:19 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-03-03 13:56 . 2009-03-05 09:10 69,158 --a------ c:\windows\system32\qsrwlonqapjao.dll-uninst.exe
2009-03-02 21:55 . 2008-06-13 08:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2009-03-02 21:55 . 2008-06-13 08:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-03-02 21:52 . 2008-05-01 09:30 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2009-03-02 16:45 . 2009-03-02 16:45 <DIR> d-------- c:\program files\support.com
2009-03-02 16:45 . 2009-03-02 16:45 <DIR> d-------- c:\program files\Common Files\SupportSoft
2009-03-02 16:45 . 2009-03-02 16:45 1,147 --a------ C:\net_save.dna
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-10 04:37 --------- d-----w c:\program files\McAfee
2009-03-10 04:37 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-03-05 02:21 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com
2009-03-04 17:43 --------- d-----w c:\program files\Common Files\AOL
2009-03-04 17:43 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-03-04 17:42 --------- d-----w c:\program files\Google
2009-02-22 01:51 --------- d-----w c:\program files\BellSouth
2009-02-22 01:28 --------- d-----w c:\program files\BearShare Applications
2009-02-18 04:07 12,496 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2006-03-16 00:42 0 ----a-w c:\documents and settings\Mark\Application Data\wklnhst.dat
2008-04-08 19:51 8 --sh--r c:\windows\system32\1074846871.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-04 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"HostManager"="c:\program files\Common Files\AOL\1104964342\ee\AOLSoftware.exe" [2006-03-08 48280]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-03-27 126104]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2005-01-05 1742384]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1104964342\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-09 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1002000.007\SymEFA.sys [2009-03-10 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1002000.007\BHDrvx86.sys [2009-03-10 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1002000.007\cchpx86.sys [2009-03-10 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090310.003\IDSxpx86.sys [2009-03-11 276344]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [2009-03-10 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-10 101936]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
S3 1e07d21f-679c-4c51-b363-ad56f2569d34;1e07d21f-679c-4c51-b363-ad56f2569d34;\??\e:\cds300\cds300.dll --> e:\cds300\cds300.dll [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88db96a1-5f67-11d9-b266-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88db96a2-5f67-11d9-b266-806d6172696f}]
\shell\PlayWithPowerDVD\Command - "c:\program files\CyberLink\PowerDVD\PowerDVD.exe" "%l"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{feb7fba1-5bcb-11d9-85ee-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder
2009-03-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 16:34]
2009-02-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
.
- - - - ORPHANS REMOVED - - - -
BHO-{EEEBED9A-15BB-9770-FC90-0DE5CD42ABB8} - c:\windows\system32\qsrwlonqapjao.dll
HKCU-Run-14F2FBE77919B1974F5E762474498647 - c:\program files\A360\av360.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-11 22:02:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
Completion time: 2009-03-11 22:03:24
ComboFix-quarantined-files.txt 2009-03-12 03:03:21
Pre-Run: 172,287,811,584 bytes free
Post-Run: 172,308,054,016 bytes free
181 --- E O F --- 2009-03-11 01:47:57