Hi, below are the 2 requested logs.
combofix.txt log
ComboFix 09-07-14.07 - byue 07/14/2009 23:20.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1303 [GMT -7:00]
Running from: c:\documents and settings\byue\Desktop\tech support\Combo-Fix.exe
Command switches used :: c:\documents and settings\byue\Desktop\tech support\cfscript.txt
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FILE ::
"c:\windows\ASSE.dat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\McAfee
c:\documents and settings\All Users\Application Data\McAfee\MSC\Cache\McSubDB.Bak
c:\documents and settings\All Users\Application Data\McAfee\MSC\mcifolog.log
c:\documents and settings\All Users\Application Data\McAfee\MSC\mcini.ini
c:\documents and settings\All Users\Application Data\McAfee\MSC\McSubDB.Dat
c:\windows\ASSE.dat
.
((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))
.
2009-07-15 06:07 . 2009-07-15 06:07 -------- d-----w- c:\windows\LastGood
2009-07-11 06:04 . 2009-07-11 06:04 -------- d-----w- c:\program files\Trend Micro
2009-07-10 01:54 . 2009-07-10 01:54 -------- d-----w- c:\program files\iPod
2009-07-10 01:53 . 2009-07-10 01:54 -------- d-----w- c:\program files\iTunes
2009-07-10 01:52 . 2009-07-10 01:53 -------- d-----w- c:\program files\QuickTime
2009-07-10 01:49 . 2009-07-10 01:49 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-30 00:54 . 2009-06-30 00:54 -------- d-sh--w- c:\documents and settings\byue\PrivacIE
2009-06-28 20:52 . 2009-03-31 18:23 39200 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2009-06-28 20:52 . 2009-03-31 18:23 33056 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2009-06-28 20:52 . 2009-03-31 18:23 12576 ----a-w- c:\windows\system32\drivers\TfKbMon.sys
2009-06-28 20:52 . 2009-03-31 18:23 51488 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2009-06-28 10:06 . 2009-06-28 10:06 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-28 10:06 . 2009-06-28 10:06 -------- d-sh--w- c:\documents and settings\byue\IETldCache
2009-06-28 06:28 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-28 06:28 . 2009-06-28 06:28 -------- d-----w- c:\windows\ie8updates
2009-06-28 06:28 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-28 06:28 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-28 06:25 . 2009-06-28 06:28 -------- dc-h--w- c:\windows\ie8
2009-06-28 01:13 . 2008-12-11 15:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-28 01:12 . 2009-04-03 18:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-28 01:12 . 2008-12-18 19:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-28 01:12 . 2009-06-28 01:13 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-28 01:12 . 2008-12-10 18:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-28 01:12 . 2009-07-15 06:17 -------- d-----w- c:\program files\Spyware Doctor
2009-06-28 01:12 . 2009-06-28 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-06-28 01:12 . 2009-06-28 01:12 -------- d-----w- c:\documents and settings\byue\Application Data\PC Tools
2009-06-28 01:09 . 2008-11-20 19:19 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-06-28 01:09 . 2008-11-20 19:19 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-06-28 01:09 . 2009-06-28 01:09 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-06-28 01:08 . 2009-06-28 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-16 02:19 . 2009-06-16 02:19 -------- d-----w- c:\program files\REFN
2009-06-16 02:18 . 2009-06-16 02:18 -------- d-----w- c:\windows\Downloaded Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 06:17 . 2009-04-11 11:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp
2009-07-15 06:15 . 2009-01-09 02:49 -------- d-----w- c:\program files\Java
2009-07-10 01:54 . 2009-04-13 00:13 -------- d-----w- c:\program files\Common Files\Apple
2009-06-28 01:09 . 2009-05-16 01:08 -------- d-----w- c:\program files\Google
2009-06-21 02:53 . 2009-04-10 22:04 -------- d-----w- c:\documents and settings\byue\Application Data\Azureus
2009-06-14 06:29 . 2009-06-13 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-14 06:29 . 2009-06-14 02:21 -------- d-----w- c:\program files\Lavasoft
2009-06-14 06:25 . 2009-06-13 21:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-14 06:25 . 2009-06-13 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-13 23:27 . 2009-05-16 01:08 -------- d-----w- c:\program files\DivX
2009-06-13 21:56 . 2009-04-11 00:50 -------- d-----w- c:\program files\ArtisanDVDPlayer
2009-06-13 20:04 . 2009-06-13 20:04 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-11 06:55 . 2009-06-11 06:55 152576 ----a-w- c:\documents and settings\byue\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-05-30 13:44 . 2009-04-11 12:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-05-21 18:33 . 2009-05-16 07:17 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-17 21:24 . 2009-05-16 00:48 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-05-17 21:24 . 2009-05-16 00:48 -------- d-----w- c:\program files\AVS4YOU
2009-05-16 07:16 . 2009-05-16 07:16 152576 ----a-w- c:\documents and settings\byue\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-13 05:15 . 2009-01-09 01:18 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 08:09 . 2009-04-10 22:05 68904 ----a-w- c:\documents and settings\byue\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-07 15:32 . 2009-01-09 01:18 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-23 04:28 . 2009-04-23 04:28 386048 ----a-w- c:\documents and settings\byue\Application Data\Free-backup.info\JustZIPit\JustZIPit.exe
2009-04-17 12:26 . 2009-01-09 01:18 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 07:56 . 2009-04-16 07:56 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-04-16 07:56 . 2009-04-16 07:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-04-16 07:56 . 2009-04-16 07:56 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-04-16 06:25 . 2009-01-09 02:45 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-03 03:00 . 2009-06-14 05:46 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-28 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EDS"="c:\program files\Samsung\Samsung EDS\EDSAgent.exe" [2007-12-21 659456]
"Chrome3"="c:\program files\s3graphics\chrome3\Chrome3.exe" [2008-12-09 712704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
"SUPBackGround"="c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe" [2008-12-04 298664]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-11-27 2768896]
"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-15 151552]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-11-17 17676288]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2008-05-16 94208]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-17 580200]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Spyware Doctor\\pctsGui.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/13/2009 7:21 PM 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/27/2009 6:12 PM 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [6/28/2009 1:52 PM 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [6/28/2009 1:52 PM 39200]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [6/27/2009 6:13 PM 159600]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [4/10/2009 3:04 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [4/10/2009 3:04 PM 234888]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [1/8/2009 7:50 PM 4300]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [1/14/2008 8:01 PM 30208]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [1/8/2009 6:21 PM 534528]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [6/28/2009 1:52 PM 33056]
R3 vcrdrx32;VIA MSP Cardreader Host Controller;c:\windows\system32\drivers\vcrdrx32.sys [1/8/2009 6:21 PM 90752]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [1/8/2009 7:54 PM 238464]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [6/27/2009 6:12 PM 64392]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/27/2009 6:12 PM 348752]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2009-07-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-28 01:07]
.
.
------- Supplementary Scan -------
.
uStart Page = about
:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\byue\Application Data\Mozilla\Firefox\Profiles\07zv4oxm.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-07-14 23:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(796)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2009-07-15 23:26
ComboFix-quarantined-files.txt 2009-07-15 06:26
ComboFix2.txt 2009-07-14 03:54
Pre-Run: 128,008,368,128 bytes free
Post-Run: 127,977,684,992 bytes free
182 --- E O F --- 2009-06-28 10:00
Kaspersky online scan
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, July 15, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, July 15, 2009 08:38:34
Records in database: 2470542
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
Scan statistics:
Files scanned: 47249
Threat name: 4
Infected objects: 17
Suspicious objects: 0
Duration of the scan: 01:42:15
File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gxvxcdkvjndqeocwrsafkelkdalwrsmyswtag.sys.vir Infected: Trojan.Win32.Tdss.aetr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gxvxcdwupxmjlrcttiturypijwilrgwugujov.sys.vir Infected: Trojan.Win32.Tdss.aetr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gxvxcdxodskmpxjsaoyltubndeuevvmfrmogm.sys.vir Infected: Trojan.Win32.Tdss.aetr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gxvxcjcdlmlhbgrrpxmcoedjbobutfaqiomvm.sys.vir Infected: Rootkit.Win32.Agent.kvr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gxvxcsrnvpujhioyktevxowkbgkcirqobltfm.sys.vir Infected: Trojan.Win32.Tdss.aetr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gxvxcudotewcirrnopqfvkilxymnqjtarwwrq.sys.vir Infected: Trojan.Win32.Tdss.aetr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gxvxcwswespqyprtlilrmobxvhoexnqwfkdpx.sys.vir Infected: Rootkit.Win32.Agent.kvr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gxvxchreeybwumllothqpxudpgkostjlpkfnc.dll.vir Infected: Trojan.Win32.Tdss.acdc 1
C:\System Volume Information\_restore{8D6B4944-8CD3-4D60-8EA1-5E084EC34B44}\RP41\A0007787.sys Infected: Trojan.Win32.Tdss.aetr 1
C:\System Volume Information\_restore{8D6B4944-8CD3-4D60-8EA1-5E084EC34B44}\RP41\A0007788.sys Infected: Trojan.Win32.Tdss.aetr 1
C:\System Volume Information\_restore{8D6B4944-8CD3-4D60-8EA1-5E084EC34B44}\RP41\A0007789.sys Infected: Trojan.Win32.Tdss.aetr 1
C:\System Volume Information\_restore{8D6B4944-8CD3-4D60-8EA1-5E084EC34B44}\RP41\A0007790.sys Infected: Rootkit.Win32.Agent.kvr 1
C:\System Volume Information\_restore{8D6B4944-8CD3-4D60-8EA1-5E084EC34B44}\RP41\A0007791.sys Infected: Trojan.Win32.Tdss.aetr 1
C:\System Volume Information\_restore{8D6B4944-8CD3-4D60-8EA1-5E084EC34B44}\RP41\A0007792.sys Infected: Trojan.Win32.Tdss.aetr 1
C:\System Volume Information\_restore{8D6B4944-8CD3-4D60-8EA1-5E084EC34B44}\RP41\A0007793.sys Infected: Rootkit.Win32.Agent.kvr 1
C:\System Volume Information\_restore{8D6B4944-8CD3-4D60-8EA1-5E084EC34B44}\RP41\A0007794.dll Infected: Trojan.Win32.Tdss.acdc 1
C:\System Volume Information\_restore{8D6B4944-8CD3-4D60-8EA1-5E084EC34B44}\RP41\A0007818.com Infected: Trojan.Win32.Tdss.admj 1
The selected area was scanned.