ronwin

Here is the log and a new hijacklog (attached).
The logs are dated Jan 27, system clock was wrong and has been corrected.

I tried to test install of System Restore by attemting to turn it off.
Got error "System Restore encountered an error trying to enable/disable one or more drives. Please restart your machine and try again."


ComboFix 08-01-23.2 - Roz 2008-01-27 10:47:13.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.111 [GMT -5:00]
Running from: C:\Documents and Settings\Roz\Desktop\ComboFix.exe
.
ADS - svchost.exe: deleted 88 bytes in 2 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\LocalService\Application Data\install.dat
C:\Documents and Settings\Roz\Application Data\macromedia\Flash Player\#SharedObjects\SXHMD8DF\www.broadcaster.com
C:\Documents and Settings\Roz\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Roz\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\Common Files\companion wizard
C:\Program Files\Common Files\Companion Wizard\log.txt
C:\Program Files\Online Video Add-on
C:\Program Files\Online Video Add-on\ot.ico
C:\Program Files\Online Video Add-on\ts.ico
C:\Program Files\Online Video Add-on\uninst.exe
C:\Program Files\popcorn Terms.html
C:\Program Files\SoftPortal
C:\Program Files\SoftPortal\Soft\ATHtBt\HtBt.dll
C:\Program Files\SoftPortal\Soft\ATHtBt\ui.uim
C:\Program Files\SoftPortal\Soft\ExpertAntivirus\ExpertAntivirus.exe
C:\Program Files\SoftPortal\Soft\ExpertAntivirus\ui.uim
C:\Program Files\SoftPortal\Soft\info.txt
C:\Program Files\ucleaner_setup.exe
C:\WA6P
C:\WINDOWS\180axhook.dll
C:\WINDOWS\azentretien.dll
C:\WINDOWS\DTSVC
C:\WINDOWS\inf\ultra.inf
C:\WINDOWS\jawa32.ocx
C:\WINDOWS\system32\_000233_.tmp.dll
C:\WINDOWS\system32\bln.dll
C:\WINDOWS\system32\config\system~1\applic~1\install.dat
C:\WINDOWS\system32\config\systemprofile\Application Data\Install.dat
C:\WINDOWS\system32\drivers\inetx26.img
C:\WINDOWS\system32\owbow.dll
C:\WINDOWS\system32\SoUI.dll
C:\WINDOWS\system32\stdecodw.exe
C:\WINDOWS\system32\swlad1.dll
C:\WINDOWS\system32\swlad2.dll
C:\WINDOWS\system32\tnnbs.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DRIVERPP
-------\LEGACY_FOPN




((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.

2008-01-25 13:17 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-01-25 13:17 . 2008-01-17 14:14 211 --a------ C:\Boot.bak
2008-01-25 13:15 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 13:21 . 2008-01-22 13:22 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-17 17:41 . 2008-01-17 17:41 <DIR> d-------- C:\Program Files\Panda Security
2008-01-17 17:04 . 2008-01-17 17:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-17 14:24 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssidrv.sys
2008-01-17 14:24 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys
2008-01-17 14:24 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sshrmd.sys
2008-01-17 14:24 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SSFS0BB9.sys
2008-01-17 14:23 . 2008-01-17 14:23 <DIR> d-------- C:\Program Files\Webroot
2008-01-17 14:23 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-01-15 14:45 . 2008-01-15 14:45 <DIR> d-------- C:\Program Files\Windows Defender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-22 18:03 5 ----a-w C:\WINDOWS\system32\drivers\usbkbd.sys
2008-01-21 15:44 5 ----a-w C:\WINDOWS\system32\drivers\tdiip.sys
2008-01-21 15:44 5 ----a-w C:\djebmm350.exe
2008-01-19 21:21 --------- d-----w C:\Program Files\McAfee
2007-12-27 15:59 --------- d-----w C:\Program Files\SiteAdvisor
2007-08-02 11:34 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2004-11-16 18:45 848 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3CFA533-7680-4943-A863-B8216390E847}]
2007-12-07 04:34 196608 --a------ C:\WINDOWS\SYSTEM32\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BlnShell]
@={B36CB35E-FC61-45AE-8D97-EDE5C0CA0572}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HtBtShell]
@={282E8AE5-A8E3-412D-B40C-F5080832FFE0}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 21:57 395776]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 08:56 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DelayShred"="c:\program files\mcafee\mshr\ShrCL.exe" [2007-07-25 14:10 111904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 14:45 53248]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe" [2006-02-01 17:33 1880064]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-03-30 10:42 36904]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 01:33 582992]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, msnsspc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2006-10-23 00:48 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-12 08:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-09-20 08:32 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-09-20 08:36 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-09-20 08:35 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a------ 2003-09-03 20:12 221184 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaPipe P2P Loader]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2004-04-19 14:45 131072 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2004-04-11 20:15 290816 C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2004-10-12 06:40 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 00:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]
C:\WINDOWS\system32\kernelwind32.exe

S2 0095091200654302mcinstcleanup;McAfee Application Installer Cleanup (0095091200654302);C:\WINDOWS\TEMP\009509~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog []
S3 Radialpoint Security Services;Radialpoint Security Services;C:\WINDOWS\system32\dllhost.exe [2004-08-12 08:56]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 18:23:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-15 05:04:45 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-10-31 05:00:05 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe.4239 0
"2008-01-27 15:36:41 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-18 06:00:12 C:\WINDOWS\Tasks\wrSpySweeper_L29670AFD87814A4C9DB0C145FA27FB04.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe>/ScheduleSweep=wrSpySweeper_L29670AFD87814A4C9DB0C145FA27FB04
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- C:\
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 11:03:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.