Only thing I could run was Combofix. Couldn't run Hijackthis, Malwarebytes, or Spydot S&D. Here is my Combofix Log
ComboFix 09-09-11.03 - Tony 09/12/2009 10:19.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.406 [GMT -4:00]
Running from: c:\documents and settings\Tony\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\jestertb.dll
c:\windows\run.log
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\wpd99.drv
D:\Autorun.inf
-- Previous Run --
Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll
--------
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ANTIPPRO2009_100
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Service_AntipPro2009_100
((((((((((((((((((((((((( Files Created from 2009-08-12 to 2009-09-12 )))))))))))))))))))))))))))))))
.
2009-09-08 04:15 . 2009-09-08 04:15 -------- d-----w- c:\program files\Trend Micro
2009-09-02 23:47 . 2009-09-02 23:47 73056 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-02 22:42 . 2009-09-02 22:42 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2009-09-02 22:38 . 2009-09-02 22:38 -------- d-----w- c:\windows\LMI1D.tmp
2009-09-02 04:36 . 2009-09-02 04:36 -------- d-----w- c:\documents and settings\Tony\Application Data\Malwarebytes
2009-09-02 04:36 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-02 04:36 . 2009-09-02 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-02 04:36 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-02 03:49 . 2009-09-02 03:49 -------- d-----w- c:\documents and settings\Tony\Local Settings\Application Data\ICS
2009-09-01 22:11 . 2009-09-01 22:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-09-01 04:25 . 2009-09-12 01:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-01 04:25 . 2009-09-03 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-30 00:08 . 2009-08-30 00:08 -------- d-----w- c:\program files\Norton Support
2009-08-30 00:08 . 2009-08-30 00:08 -------- d-----w- c:\documents and settings\Tony\Local Settings\Application Data\Symantec
2009-08-29 01:03 . 2009-08-29 01:03 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-08-29 00:56 . 2009-08-29 00:56 -------- d-----w- c:\documents and settings\Tony\Application Data\Research In Motion
2009-08-29 00:47 . 2009-08-29 00:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-08-29 00:47 . 2009-08-29 00:48 -------- d-----w- c:\program files\Roxio
2009-08-29 00:38 . 2007-01-18 14:24 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2009-08-29 00:36 . 2009-08-29 00:37 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-08-29 00:36 . 2009-08-29 00:36 -------- d-----w- c:\program files\Research In Motion
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-04 00:59 . 2009-05-15 01:16 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-08-29 01:03 . 2006-04-21 04:01 -------- d-----w- c:\documents and settings\Tony\Application Data\Roxio
2009-08-29 00:54 . 2006-04-17 01:09 95040 ----a-w- c:\documents and settings\Tony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-29 00:51 . 2006-02-15 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-08-29 00:48 . 2008-05-21 01:12 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-08-05 09:01 . 2004-08-04 08:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-26 23:22 . 2009-03-14 02:35 -------- d-----w- c:\program files\Safari
2009-07-26 23:14 . 2006-05-01 02:41 -------- d-----w- c:\program files\iTunes
2009-07-26 23:13 . 2009-07-26 23:13 -------- d-----w- c:\program files\iPod
2009-07-26 23:13 . 2009-01-18 14:36 -------- d-----w- c:\program files\Common Files\Apple
2009-07-17 19:01 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 08:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2004-08-04 08:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 08:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2004-08-04 08:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 08:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 08:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 08:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 08:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 08:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2006-06-04 16:40 . 2006-06-04 16:40 22 --sha-w- c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"OfotoNow USB Detection"="c:\progra~1\Ofoto\OfotoNow\OFUSBS.DLL" [2002-11-05 77824]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"HostManager"="c:\program files\Common Files\AOL\1145440098\ee\AOLSoftware.exe" [2006-03-08 48280]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2005-04-18 71256]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-04-19 26112]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 99480]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-03-27 126104]
"WildTangent CDA"="c:\program files\WildTangent\Apps\CDA\GameDrvr.exe" [2005-03-29 28616]
"NapsterShell"="c:\program files\Napster\napster.exe" [2008-05-09 323216]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
c:\documents and settings\Tony\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
PowerReg Scheduler V3.exe [2006-9-22 225280]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Monitor.lnk - c:\program files\ArcSoft\Media Card Companion\MCC Monitor.exe [2008-6-21 110592]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145440098\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Activision\\Quantum of Solace(TM)\\JB_LiveEngine_s.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SymEFA.sys [3/24/2009 9:55 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys [3/24/2009 9:55 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.087\cchpx86.sys [3/24/2009 9:53 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090910.003\IDSXpx86.sys [9/10/2009 9:18 PM 276344]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [3/24/2009 9:54 PM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/29/2009 11:34 AM 102448]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 5:06 AM 231424]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-12 10:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1232)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2464)
c:\windows\system32\WININET.dll
c:\progra~1\Ofoto\OfotoNow\OFUSBS.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\progra~1\HPQ\shared\HPQTOA~1.EXE
c:\windows\system32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-12 10:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-12 14:49
Pre-Run: 44,021,989,376 bytes free
Post-Run: 43,970,375,680 bytes free
233 --- E O F --- 2009-09-12 13:41
ComboFix 09-09-11.03 - Tony 09/12/2009 10:19.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.406 [GMT -4:00]
Running from: c:\documents and settings\Tony\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\jestertb.dll
c:\windows\run.log
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\wpd99.drv
D:\Autorun.inf
-- Previous Run --
Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll
--------
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ANTIPPRO2009_100
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Service_AntipPro2009_100
((((((((((((((((((((((((( Files Created from 2009-08-12 to 2009-09-12 )))))))))))))))))))))))))))))))
.
2009-09-08 04:15 . 2009-09-08 04:15 -------- d-----w- c:\program files\Trend Micro
2009-09-02 23:47 . 2009-09-02 23:47 73056 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-02 22:42 . 2009-09-02 22:42 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2009-09-02 22:38 . 2009-09-02 22:38 -------- d-----w- c:\windows\LMI1D.tmp
2009-09-02 04:36 . 2009-09-02 04:36 -------- d-----w- c:\documents and settings\Tony\Application Data\Malwarebytes
2009-09-02 04:36 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-02 04:36 . 2009-09-02 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-02 04:36 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-02 03:49 . 2009-09-02 03:49 -------- d-----w- c:\documents and settings\Tony\Local Settings\Application Data\ICS
2009-09-01 22:11 . 2009-09-01 22:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-09-01 04:25 . 2009-09-12 01:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-01 04:25 . 2009-09-03 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-30 00:08 . 2009-08-30 00:08 -------- d-----w- c:\program files\Norton Support
2009-08-30 00:08 . 2009-08-30 00:08 -------- d-----w- c:\documents and settings\Tony\Local Settings\Application Data\Symantec
2009-08-29 01:03 . 2009-08-29 01:03 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-08-29 00:56 . 2009-08-29 00:56 -------- d-----w- c:\documents and settings\Tony\Application Data\Research In Motion
2009-08-29 00:47 . 2009-08-29 00:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-08-29 00:47 . 2009-08-29 00:48 -------- d-----w- c:\program files\Roxio
2009-08-29 00:38 . 2007-01-18 14:24 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2009-08-29 00:36 . 2009-08-29 00:37 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-08-29 00:36 . 2009-08-29 00:36 -------- d-----w- c:\program files\Research In Motion
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-04 00:59 . 2009-05-15 01:16 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-08-29 01:03 . 2006-04-21 04:01 -------- d-----w- c:\documents and settings\Tony\Application Data\Roxio
2009-08-29 00:54 . 2006-04-17 01:09 95040 ----a-w- c:\documents and settings\Tony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-29 00:51 . 2006-02-15 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-08-29 00:48 . 2008-05-21 01:12 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-08-05 09:01 . 2004-08-04 08:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-26 23:22 . 2009-03-14 02:35 -------- d-----w- c:\program files\Safari
2009-07-26 23:14 . 2006-05-01 02:41 -------- d-----w- c:\program files\iTunes
2009-07-26 23:13 . 2009-07-26 23:13 -------- d-----w- c:\program files\iPod
2009-07-26 23:13 . 2009-01-18 14:36 -------- d-----w- c:\program files\Common Files\Apple
2009-07-17 19:01 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 08:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2004-08-04 08:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 08:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2004-08-04 08:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 08:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 08:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 08:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 08:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 08:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2006-06-04 16:40 . 2006-06-04 16:40 22 --sha-w- c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"OfotoNow USB Detection"="c:\progra~1\Ofoto\OfotoNow\OFUSBS.DLL" [2002-11-05 77824]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"HostManager"="c:\program files\Common Files\AOL\1145440098\ee\AOLSoftware.exe" [2006-03-08 48280]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2005-04-18 71256]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-04-19 26112]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 99480]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-03-27 126104]
"WildTangent CDA"="c:\program files\WildTangent\Apps\CDA\GameDrvr.exe" [2005-03-29 28616]
"NapsterShell"="c:\program files\Napster\napster.exe" [2008-05-09 323216]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
c:\documents and settings\Tony\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
PowerReg Scheduler V3.exe [2006-9-22 225280]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Monitor.lnk - c:\program files\ArcSoft\Media Card Companion\MCC Monitor.exe [2008-6-21 110592]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145440098\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Activision\\Quantum of Solace(TM)\\JB_LiveEngine_s.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SymEFA.sys [3/24/2009 9:55 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys [3/24/2009 9:55 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.087\cchpx86.sys [3/24/2009 9:53 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090910.003\IDSXpx86.sys [9/10/2009 9:18 PM 276344]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [3/24/2009 9:54 PM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/29/2009 11:34 AM 102448]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 5:06 AM 231424]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-12 10:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1232)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2464)
c:\windows\system32\WININET.dll
c:\progra~1\Ofoto\OfotoNow\OFUSBS.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\progra~1\HPQ\shared\HPQTOA~1.EXE
c:\windows\system32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-12 10:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-12 14:49
Pre-Run: 44,021,989,376 bytes free
Post-Run: 43,970,375,680 bytes free
233 --- E O F --- 2009-09-12 13:41