My apologies on my slow reply. I work in California during the week, so I try not to touch my computer on the weekends so I can play with my kid.
I ran the combo fix. It found some stuff and cleaned and deleted. Below is the log. Hopefully that's everything. Let me know if there is anything else. Thanks for the help so far.
Brian
ComboFix 09-06-29.04 - Brian Gibson 06/30/2009 1:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.366 [GMT -7:00]
Running from: c:\documents and settings\Brian Gibson\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\mdm.exe
c:\windows\system32\Memman.vxd
c:\windows\system32\skinboxer43.dll
c:\windows\system32\twain_32
Infected copy of c:\windows\system32\ws2_32.dll was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 )))))))))))))))))))))))))))))))
.
2009-06-24 17:51 . 2009-06-24 17:51 -------- d-----w- c:\documents and settings\Brian Gibson\Application Data\Music Recognition
2009-06-23 22:16 . 2009-06-23 22:16 -------- d-----w- c:\program files\Elaborate Bytes
2009-06-23 03:54 . 2009-06-23 17:59 117760 ----a-w- c:\documents and settings\Brian Gibson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-23 03:53 . 2009-06-23 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-23 03:53 . 2009-06-23 03:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-23 03:53 . 2009-06-23 03:53 -------- d-----w- c:\documents and settings\Brian Gibson\Application Data\SUPERAntiSpyware.com
2009-06-23 03:52 . 2009-06-23 03:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-22 14:42 . 2009-06-22 14:42 -------- d-----w- c:\documents and settings\Brian Gibson\Library
2009-06-22 14:42 . 2009-06-22 14:42 -------- d-----w- c:\documents and settings\Brian Gibson\Application Data\com.adobe.ExMan
2009-06-18 08:22 . 2009-06-18 08:22 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-18 08:22 . 2009-06-18 08:22 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-18 08:22 . 2009-06-18 08:22 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-18 08:22 . 2009-06-18 08:22 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-18 08:22 . 2009-06-18 08:22 296800 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-18 08:22 . 2009-06-18 08:22 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-18 08:22 . 2009-06-18 08:22 72704 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-18 08:22 . 2009-06-18 08:22 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-18 08:21 . 2009-06-18 08:21 561016 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-18 08:21 . 2009-06-18 08:21 565096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-18 08:21 . 2009-06-18 08:21 2349384 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-18 08:21 . 2009-06-18 08:21 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-18 08:21 . 2009-06-18 08:21 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-18 08:21 . 2009-06-18 08:21 1003344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-16 14:51 . 2009-06-04 08:21 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-04 22:01 . 2009-04-29 04:55 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-06-04 22:01 . 2009-04-29 04:55 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-04 22:01 . 2009-04-29 04:55 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2009-06-04 22:01 . 2009-04-28 09:05 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-06-04 22:01 . 2009-04-29 04:55 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-06-04 22:01 . 2009-04-29 04:55 383488 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2009-06-04 22:01 . 2008-07-09 14:25 2455488 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2009-06-04 22:01 . 2009-04-29 04:55 6066176 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-04 08:48 . 2009-06-04 08:48 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-06-04 08:48 . 2009-06-04 08:48 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-06-04 08:21 . 2009-06-04 08:20 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-04 08:21 . 2009-06-04 08:21 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-04 08:21 . 2009-06-04 08:21 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-04 08:20 . 2009-06-04 08:20 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-04 08:20 . 2009-06-04 08:20 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-04 08:20 . 2009-06-04 08:20 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-04 08:16 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-04 08:16 . 2009-06-04 08:16 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 20:27 . 2006-12-13 06:36 27280 ----a-w- c:\documents and settings\Brian Gibson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-25 16:48 . 2008-11-03 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-25 06:14 . 2007-01-02 05:12 -------- d-----w- c:\program files\SQLyog
2009-06-24 21:39 . 2008-12-05 18:08 -------- d-----w- c:\program files\Sun
2009-06-24 21:37 . 2006-12-13 03:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-24 21:33 . 2009-05-06 19:30 -------- d-----w- c:\program files\Coupons
2009-06-24 21:32 . 2009-05-22 16:58 -------- d-----w- c:\program files\Search Engine Builder Standard
2009-06-24 09:59 . 2008-11-21 06:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-22 23:08 . 2007-07-29 03:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-16 08:51 . 2007-06-20 14:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-04 16:37 . 2007-04-23 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-04 08:48 . 2008-10-23 14:11 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-06-04 08:21 . 2007-06-20 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-04 08:16 . 2007-06-20 14:07 -------- d-----w- c:\program files\Lavasoft
2009-06-03 07:33 . 2009-06-03 07:33 65536 ----a-w- c:\windows\system32\221.tmp
2009-05-25 12:16 . 2009-05-25 12:16 134312 ----a-w- c:\windows\system32\ElbyVCD.dll
2009-05-25 12:01 . 2009-05-25 12:01 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2009-05-22 23:08 . 2009-05-22 23:08 29696 ----a-w- c:\windows\system32\drivers\VClone.sys
2009-05-22 16:03 . 2009-05-22 16:03 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Bytemobile
2009-05-22 16:01 . 2009-05-22 16:01 -------- d-----w- c:\documents and settings\Brian Gibson\Application Data\DBUpdater
2009-05-22 16:01 . 2009-05-22 16:01 -------- d-----w- c:\documents and settings\Brian Gibson\Application Data\AT&T
2009-05-22 16:01 . 2009-05-22 16:01 -------- d-----w- c:\documents and settings\Brian Gibson\Application Data\Sierra Wireless
2009-05-22 15:57 . 2009-05-22 15:57 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-05-22 15:57 . 2009-05-22 15:56 -------- d-----w- c:\program files\Sierra Wireless Inc
2009-05-22 15:56 . 2009-05-22 15:56 -------- d-----w- c:\program files\Common Files\Research in Motion
2009-05-22 15:56 . 2009-05-22 15:56 -------- d-----w- c:\program files\AT&T
2009-05-22 15:56 . 2009-05-22 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AT&T
2009-05-22 15:53 . 2009-05-22 15:53 -------- d-----w- c:\program files\Option
2009-05-07 15:32 . 2004-08-04 10:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 14:13 . 2008-11-03 21:17 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-01 14:13 . 2008-11-03 21:16 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-01 14:13 . 2008-11-03 21:16 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-04-29 04:56 . 2006-03-04 03:33 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-08-04 10:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 10:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Brian Gibson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-24 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-07-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-07-14 118784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"eFax 4.2"="c:\program files\eFax Messenger 4.2 New\J2GDllCmd.exe" [2006-07-14 107008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-05 136600]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-01 1947928]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2008-12-01 33280]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-18 518488]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
c:\documents and settings\Brian Gibson\Start Menu\Programs\Startup\
SDK Tray Menu.lnk - c:\program files\Java\jdk1.5.0_13\bin\javaw.exe [2007-10-17 53346]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\ipsecdialer.exe [2006-4-20 177216]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
VPN Client.lnk - c:\windows\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2007-12-3 6144]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-01 14:13 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/4/2009 1:21 AM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/3/2008 2:16 PM 325896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/3/2008 2:16 PM 298776]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 4:45 AM 13088]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 1003344]
S2 CVPNDRV;Cisco Systems IPsec Driver;\??\c:\windows\system32\Drivers\CVPNDRV.sys --> c:\windows\system32\Drivers\CVPNDRV.sys [?]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [11/20/2008 8:07 PM 113152]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2/18/2008 2:14 PM 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2/8/2008 10:00 AM 59648]
S3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [3/30/2007 10:38 AM 8064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
.
Contents of the 'Scheduled Tasks' folder
2009-06-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 08:21]
2009-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 22:57]
2009-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-764733703-725345543-1003Core.job
- c:\documents and settings\Brian Gibson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-24 15:31]
2009-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-764733703-725345543-1003UA.job
- c:\documents and settings\Brian Gibson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-24 15:31]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-AdobeBridge - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*
http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*
http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{0402343A-B530-482b-AA27-A61CEC3E4D2E} - {C30B6FCB-F8B0-4DD4-9207-AA4952BB3F52} - c:\program files\Core Services\Companion.JS\CompanionJS.dll
LSP: bmnet.dll
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\Brian Gibson\Application Data\Mozilla\Firefox\Profiles\544e6flc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Brian Gibson\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-06-30 01:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1454471165-764733703-725345543-1003\Software\Microsoft\Driver Signing]
@Denied: (2) (Administrators)
@Allowed: (2) (Administrators)
"Policy"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A1146105-B145-D547-791CC80E83BF21B6}\{DC78455E-4161-0768-1856DB98A0FFD8AF}\{619B65F9-9B50-CD99-3F29A63495E25D6C}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Driver Signing]
@Denied: (2) (Administrators)
"Policy"=hex:00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1080)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'explorer.exe'(3660)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-06-30 2:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-30 09:07
Pre-Run: 4,926,005,248 bytes free
Post-Run: 5,174,853,632 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
306 --- E O F --- 2009-06-24 09:59