So, here is the log (its Greek to me). If there is any feedback, I would appreciate it. This is my father in law's computer and I'm just trying to help him. He uses it very simply; email, fantasy sports, news.
Thank you.
ComboFix 09-05-30.04 - Fuzzyface 05/31/2009 10:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.118 [GMT -4:00]
Running from: c:\documents and settings\Fuzzyface\Desktop\ComboFix.exe
AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: PC-cillin Internet Security - Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Fuzzyface\protect.dll
c:\documents and settings\Fuzzyface\Start Menu\Programs\Startup\ChkDisk.dll
c:\documents and settings\Fuzzyface\Start Menu\Programs\Startup\ChkDisk.lnk
c:\windows\system32\autochk.dll
.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 14:55 . 2008-01-10 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\temp
2009-05-30 03:24 . 2009-05-30 03:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2009-05-30 03:18 . 2009-05-30 03:18 -------- d-----w- c:\program files\Ask.com
2009-05-30 03:17 . 2009-05-30 03:17 -------- d-----w- c:\program files\Webroot
2009-05-30 03:17 . 2009-05-30 03:17 -------- d-----w- c:\documents and settings\Fuzzyface\Application Data\Webroot
2009-05-30 03:17 . 2009-05-30 03:17 164 ----a-w- c:\windows\install.dat
2009-05-29 18:18 . 2007-11-28 06:38 -------- d-----w- c:\program files\Common Files\AOL
2009-05-29 18:18 . 2007-11-28 06:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-05-29 17:41 . 2004-08-10 19:03 77859 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-29 09:02 . 2008-09-24 20:20 103720 ----a-w- c:\documents and settings\Fuzzyface\GoToAssistDownloadHelper.exe
2009-05-13 19:39 . 2009-05-30 03:17 1563008 ----a-w- c:\windows\WRSetup.dll
2009-04-21 22:27 . 2009-04-21 22:27 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-04-21 22:27 . 2009-04-21 22:27 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-04-21 22:27 . 2009-04-21 22:27 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-04-10 17:49 . 2009-04-10 17:49 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-10 15:30 . 2007-12-29 19:12 58208 ----a-w- c:\documents and settings\Fuzzyface\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-04 00:39 . 2009-04-04 00:39 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-04 00:39 . 2007-11-28 06:39 -------- d-----w- c:\program files\Microsoft Works
2009-03-06 14:00 . 2004-08-10 18:51 284160 ----a-w- c:\windows\system32\pdh.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-09 19:06 764296 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-28 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 2061816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-11-28 98304]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-05-13 6345840]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-09-22 282624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-11-28 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/21/2009 6:27 PM 29808]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [11/9/2007 4:20 AM 36368]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [5/29/2009 11:19 PM 1205760]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [11/9/2007 4:20 AM 280392]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [11/9/2007 4:19 AM 345696]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [11/9/2007 4:19 AM 923216]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [11/9/2007 4:19 AM 566872]
.
Contents of the 'Scheduled Tasks' folder
2009-05-31 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
2009-05-31 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-02-09 19:06]
2009-05-30 c:\windows\Tasks\wrSpySweeper_L1D697DCCEBA34F018E3F0BBDEAAFF600.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-05-30 19:40]
2009-05-30 c:\windows\Tasks\wrSpySweeper_L1D697DCCEBA34F018E3F0BBDEAAFF600.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-05-30 19:40]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Verizon Internet Security Suite - c:\program files\Verizon\Verizon Internet Security Suite\Rps.exe
Notify-dimsntfy - (no file)
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.verizon.net/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0071127
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-31 10:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\TEMP\TMP0000000A7166A8297825583E 524288 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1236)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\drivers\KodakCCS.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Completion time: 2009-05-31 11:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-31 15:03
Pre-Run: 42,581,712,896 bytes free
Post-Run: 42,801,545,216 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
163 --- E O F --- 2009-05-29 18:39