Here you go, Cookie. Sorry for the delay
ComboFix 09-10-17.01 - Owner 10/18/2009 17:01.5.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.573 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\puppy.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\drivers
c:\recycler\S-1-5-21-3329240391-1965415232-3094706456-500
c:\windows\Installer\17621.msp
c:\windows\Installer\1d74e1.msp
c:\windows\Installer\262bc9.msp
c:\windows\Installer\262c08.msp
c:\windows\Installer\2d721f1.msp
c:\windows\Installer\2d721f5.msp
c:\windows\Installer\2e93286.msp
c:\windows\Installer\7a313.msp
c:\windows\Installer\7a318.msp
c:\windows\Installer\b18c41f.msi
c:\windows\Installer\be8786.msi
c:\windows\Installer\f13e26d.msp
c:\windows\Installer\f13e2ac.msp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NWCWORKSTATION
-------\Service_NWCWorkstation
((((((((((((((((((((((((( Files Created from 2009-09-18 to 2009-10-18 )))))))))))))))))))))))))))))))
.
2009-10-18 20:06 . 2009-10-18 21:38 -------- d-----w- c:\documents and settings\Owner\Application Data\Canon
2009-10-16 19:14 . 2000-01-21 08:18 41472 ----a-w- c:\windows\system32\IPROF32.DLL
2009-10-16 19:14 . 2000-01-21 08:18 193024 ----a-w- c:\windows\system32\QCON3216.EXE
2009-10-16 19:14 . 2000-01-21 08:18 225280 ----a-w- c:\windows\system32\QCON32.DLL
2009-10-16 19:14 . 2000-01-21 08:18 195968 ----a-w- c:\windows\system32\QCONNECT.DLL
2009-10-16 19:14 . 1999-07-14 19:44 6838 ----a-w- c:\windows\ICOADB32.DAT
2009-10-16 19:14 . 1999-07-13 19:54 57344 ----a-w- c:\windows\ICG32.DLL
2009-10-16 19:14 . 1999-11-05 23:43 66048 ----a-w- c:\windows\system32\MRTRATE.DLL
2009-10-16 19:14 . 1999-11-05 23:43 65024 ----a-w- c:\windows\system32\MRTMNGR.EXE
2009-10-16 19:14 . 1999-11-05 23:43 36404 ----a-w- c:\windows\system32\drivers\MRTRATE.SYS
2009-10-16 19:14 . 2000-01-21 08:17 73728 ----a-w- c:\windows\system32\Q_ENCLIB.DLL
2009-10-16 19:14 . 2000-01-21 08:17 51200 ----a-w- c:\windows\system32\Q_ENCUTL.DLL
2009-10-16 15:23 . 2009-10-16 15:23 148376 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-16 15:04 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-16 03:16 . 2009-10-16 03:16 -------- d-----w- c:\documents and settings\Owner\ErrorLogs
2009-10-16 02:17 . 2009-10-16 02:17 -------- d-----w- c:\program files\Uniblue
2009-10-12 22:04 . 2009-10-12 22:04 -------- dc----w- C:\BJPrinter
2009-10-12 22:04 . 2004-06-14 20:00 7680 ----a-w- c:\windows\system32\CNMVS6y.DLL
2009-10-12 22:04 . 2004-06-14 20:00 116736 ----a-w- c:\windows\system32\CNMLM6y.DLL
2009-10-12 21:48 . 2001-08-23 23:58 266240 ----a-w- c:\windows\system32\ippsrw711.dll
2009-10-12 21:48 . 2001-08-23 23:58 1589248 ----a-w- c:\windows\system32\ippsw711.dll
2009-10-12 21:48 . 2001-08-23 23:58 77824 ----a-w- c:\windows\system32\ippsr11.dll
2009-10-12 21:48 . 2001-08-23 23:58 176128 ----a-w- c:\windows\system32\ipps11.dll
2009-10-12 21:48 . 2001-08-23 23:58 159744 ----a-w- c:\windows\system32\ippjw711.dll
2009-10-12 21:48 . 2001-08-23 23:58 2592768 ----a-w- c:\windows\system32\ippiw711.dll
2009-10-12 21:48 . 2001-08-23 23:58 466944 ----a-w- c:\windows\system32\ippcvw711.dll
2009-10-12 21:48 . 2001-08-23 23:58 94208 ----a-w- c:\windows\system32\ippcv11.dll
2009-10-12 21:48 . 2001-08-23 23:58 65536 ----a-w- c:\windows\system32\ippj11.dll
2009-10-12 21:48 . 2001-08-23 23:58 225280 ----a-w- c:\windows\system32\ippi11.dll
2009-10-12 21:48 . 2001-03-10 22:56 40960 ----a-w- c:\windows\system32\IPPCPUID.DLL
2009-10-12 21:47 . 1997-10-13 18:19 11776 ----a-w- c:\windows\system32\pmsbfn32.dll
2009-10-12 21:47 . 2009-10-12 21:47 -------- d-----w- c:\program files\NewSoft
2009-10-12 21:47 . 2009-10-12 21:47 -------- d-----w- c:\documents and settings\Owner\Application Data\NewSoft
2009-10-12 21:35 . 2009-10-12 21:36 -------- d-----w- c:\windows\MP780,750
2009-10-12 21:31 . 2009-10-12 21:31 -------- d-----w- c:\documents and settings\Owner\Application Data\ScanSoft
2009-10-12 21:31 . 2009-10-12 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SSScanWizard
2009-10-12 21:31 . 2009-10-12 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SSScanAppDataDir
2009-10-12 21:31 . 2009-10-12 21:44 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-10-12 21:31 . 2009-10-12 21:31 -------- d-----w- c:\program files\ScanSoft
2009-10-12 21:01 . 2009-10-12 21:01 -------- d-----w- c:\program files\Common Files\xing shared
2009-10-12 21:00 . 2009-10-12 21:00 -------- d-----w- c:\program files\real
2009-09-24 00:59 . 2009-10-14 22:44 -------- d-----w- c:\program files\iTunes
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-18 22:11 . 2007-02-16 23:40 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-16 20:54 . 2006-02-14 01:33 39462 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-10-16 14:46 . 2007-10-13 16:27 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-10-16 14:45 . 2006-02-14 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\RetroExp
2009-10-16 03:20 . 2006-02-09 20:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-16 02:19 . 2009-04-28 01:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2009-10-14 22:44 . 2008-05-04 23:47 -------- d-----w- c:\program files\Common Files\Apple
2009-10-14 19:58 . 2006-07-03 00:27 -------- d-----w- c:\program files\LimeWire
2009-10-14 19:28 . 2006-07-03 00:28 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2009-10-13 13:05 . 2007-02-16 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-13 00:12 . 2006-02-12 22:58 -------- d-----w- c:\program files\CHAOS32
2009-10-12 21:42 . 2008-02-25 00:15 -------- d-----w- c:\program files\Canon
2009-10-12 21:01 . 2006-02-09 20:50 -------- d-----w- c:\program files\Common Files\Real
2009-10-12 21:00 . 2003-08-13 01:17 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-08 22:04 . 2007-10-13 16:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-15 02:23 . 2006-07-23 20:57 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-09-15 02:07 . 2009-06-04 03:01 -------- d-----w- c:\program files\QuickTime
2009-09-15 02:07 . 2006-07-01 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-11 14:18 . 2006-02-09 20:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 01:19 . 2009-09-10 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-04 21:03 . 2006-02-09 20:18 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2006-02-09 20:19 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2006-02-09 20:19 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-07 00:24 . 2006-02-09 20:20 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2006-02-09 20:20 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2006-02-09 22:25 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2006-02-09 20:20 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2006-02-09 20:20 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2006-02-09 20:16 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2006-02-09 20:20 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2008-02-10 22:40 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 00:23 . 2008-02-10 22:40 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 00:23 . 2006-02-09 20:20 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2006-02-09 20:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 01:44 . 2006-02-09 20:18 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-05 00:52 . 2009-08-05 00:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 14:20 . 2006-02-09 20:29 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-25 10:23 . 2008-12-21 15:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 02:15 . 2009-07-21 02:15 664 ----a-w- c:\windows\system32\d3d9caps.dat
2007-12-11 16:56 . 2007-12-11 16:56 88 ----a-w- c:\program files\hvhionsh.txt
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-16 454784]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-08-27 139264]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-08-25 714608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-09-18 1519616]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-08 61952]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2005-05-03 543232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 18:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
backup=c:\windows\pss\Billminder.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
backup=c:\windows\pss\Quicken Startup.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 1:53 PM 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 12:39 PM 32256]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [8/25/2007 12:07 AM 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/30/2009 7:41 PM 102448]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 3:55 PM 23888]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [11/12/2008 6:56 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [11/12/2008 6:56 PM 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [11/16/2008 4:41 PM 40832]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]
S4 mrtRate;mrtRate;c:\windows\system32\drivers\MRTRATE.SYS [10/16/2009 2:14 PM 36404]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2009-10-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2009-10-12 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Owner.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 01:19]
2009-10-18 c:\windows\Tasks\User_Feed_Synchronization-{631DC610-6066-44E4-808D-11E1D2038592}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyServer = 168.94.74.68:8080
uInternet Settings,ProxyOverride = *.local
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
SafeBoot-svcWRSSSDK
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-10-18 17:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(992)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(4084)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Symantec Shared\NPC\2.0\NPCEXT.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\wdfmgr.exe
c:\windows\system32\dllhost.exe
c:\puppy\CF28976.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Completion time: 2009-10-18 17:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-18 22:41
ComboFix2.txt 2007-12-11 00:36
Pre-Run: 177,444,872,192 bytes free
Post-Run: 178,953,011,200 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINNT="Windows XP Media Center Edition" /noexecute=optin /fastdetect
254 --- E O F --- 2009-10-15 08:14
Welcome to Tech Support Guy! Read our Welcome Guide or take a minute to watch the video below!
Malware Removal & HijackThis Logs 
Search 
