The log follows. However, I have been unable to figure out how to disable Norton AV 2006 while running in sage mode (it won't uninstall in the normal fashion). I don't see any obvious process running that appears to relate to it, so I am a bit stuck.
Heres the log:
ComboFix 10-02-04.05 - Administrator 02/04/2010 20:18:51.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1792 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
AV: Norton Internet Security 2006 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\_000005_.tmp.dll
.
((((((((((((((((((((((((( Files Created from 2010-01-05 to 2010-02-05 )))))))))))))))))))))))))))))))
.
2010-02-04 20:57 . 2010-02-04 20:57 -------- d-----w- C:\_OTL
2010-02-04 14:28 . 2010-02-04 14:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-02-04 00:19 . 2010-02-04 00:19 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-03 20:53 . 2010-02-03 20:53 -------- d-s---w- c:\documents and settings\Administrator\UserData
2010-02-03 03:16 . 2010-02-03 03:16 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Thunderbird
2010-02-03 03:16 . 2010-02-03 03:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Thunderbird
2010-02-02 18:41 . 2010-02-02 18:41 -------- d-----w- c:\documents and settings\James Bond\Local Settings\Application Data\Threat Expert
2010-02-02 17:46 . 2007-10-23 15:27 110592 ----a-w- c:\documents and settings\Administrator\Application Data\U3\temp\cleanup.exe
2010-02-02 16:22 . 2008-05-02 16:41 3493888 ---ha-w- c:\documents and settings\Administrator\Application Data\U3\temp\Launchpad Removal.exe
2010-02-02 05:41 . 2010-02-02 05:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-02-02 05:33 . 2010-02-02 05:33 -------- d-----w- c:\program files\ERUNT
2010-02-02 04:38 . 2010-02-02 04:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Talkback
2010-02-02 04:38 . 2010-02-02 04:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-02-02 03:46 . 2009-11-10 16:26 767952 ----a-w- c:\windows\BDTSupport.dll
2010-02-02 03:46 . 2009-11-10 16:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-02-02 03:46 . 2009-11-10 16:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-02-02 03:46 . 2009-11-10 16:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-02-02 03:46 . 2009-10-28 07:36 1152444 ----a-w- c:\windows\UDB.zip
2010-02-02 03:46 . 2008-11-26 18:08 131 ----a-w- c:\windows\IDB.zip
2010-02-02 03:46 . 2009-10-30 17:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-02 03:45 . 2009-11-09 17:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-02 03:45 . 2009-10-06 22:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-02 03:45 . 2009-09-03 15:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-02 03:45 . 2010-02-02 05:04 -------- d-----w- c:\program files\Spyware Doctor
2010-02-02 03:45 . 2010-02-02 03:45 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-02 03:45 . 2010-02-02 03:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-02-02 03:45 . 2010-02-02 03:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools
2010-02-02 03:45 . 2010-02-04 19:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-02 03:40 . 2010-02-02 03:40 -------- d-----w- c:\documents and settings\James Bond\Application Data\Malwarebytes
2010-02-02 02:50 . 2010-02-02 02:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-02-02 02:50 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-02 02:50 . 2010-02-02 03:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-02 02:50 . 2010-02-02 02:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-02 02:50 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-02 02:49 . 2010-02-02 17:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2010-02-02 02:38 . 2004-08-04 10:00 9728 -c--a-w- c:\windows\system32\dllcache\rwnh.dll
2010-02-02 02:37 . 2004-08-04 10:00 92160 -c--a-w- c:\windows\system32\dllcache\evntwin.exe
2010-02-02 02:34 . 2004-08-04 10:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-02-02 02:24 . 2004-08-04 10:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-02-02 02:24 . 2004-08-04 10:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-02-02 02:24 . 2004-08-04 10:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-02-02 02:24 . 2004-08-04 10:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-02-02 00:13 . 2010-02-04 20:57 -------- d-----w- c:\documents and settings\James Bond\Local Settings\Application Data\ygjdbr
2010-02-01 20:15 . 2010-02-01 20:15 -------- d-----w- c:\windows\dell
2010-01-16 23:07 . 2010-01-16 23:07 -------- d-----w- c:\documents and settings\James Bond\Application Data\ZoomBrowser EX
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 16:13 . 2008-06-18 14:34 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-02-04 16:12 . 2007-06-25 15:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-02 18:38 . 2007-06-25 16:07 -------- d-----w- c:\program files\Symantec
2010-02-02 18:38 . 2007-06-26 00:53 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-02-02 18:38 . 2007-06-26 00:53 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-02-02 18:38 . 2007-06-25 16:07 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-02-02 18:38 . 2007-06-25 16:07 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-02 18:25 . 2007-08-29 19:40 -------- d-----w- c:\program files\eMusic Download Manager
2010-02-02 18:19 . 2007-07-12 21:21 -------- d-----w- c:\program files\GIMP-2.0
2010-02-02 18:16 . 2007-06-01 17:19 -------- d-----w- c:\program files\ClamWin
2010-02-02 05:10 . 2007-01-03 19:53 97280 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-02 02:33 . 2004-08-11 22:12 23428 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-31 15:58 . 2009-05-17 12:52 3766 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-01-31 15:58 . 2009-05-17 12:52 3766 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-01-29 15:37 . 2009-07-17 16:35 1 ----a-w- c:\documents and settings\James Bond\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-29 08:23 . 2007-06-25 16:08 -------- d-----w- c:\program files\Norton Internet Security
2010-01-21 16:11 . 2008-01-03 15:48 -------- d-----w- c:\documents and settings\James Bond\Application Data\U3
2010-01-13 04:41 . 2009-07-02 13:04 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-01-11 20:30 . 2009-05-17 12:52 88 --sh--r- c:\documents and settings\All Users\Application Data\DB46FF29C7.sys
2010-01-11 20:30 . 2009-05-17 12:52 88 --sh--r- c:\documents and settings\All Users\Application Data\DB46FF29C7.sys
2009-12-27 18:16 . 2009-12-27 18:16 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-12-27 18:16 . 2009-12-27 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-12-27 18:07 . 2009-12-27 18:07 -------- d-----w- c:\documents and settings\James Bond\Application Data\ParetoLogic
2009-12-27 18:07 . 2009-12-27 18:07 -------- d-----w- c:\program files\ParetoLogic
2009-12-24 14:45 . 2008-02-19 20:13 -------- d-----w- c:\program files\RegCure
2006-09-18 00:14 . 2006-09-18 00:14 77824 ----a-w- c:\program files\lens Rev3.exe
2008-12-21 01:42 . 2007-05-29 19:37 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-21 01:42 . 2007-05-29 19:37 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-21 01:42 . 2007-05-29 19:37 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-21 01:42 . 2007-05-29 19:37 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-21 01:42 . 2007-05-29 19:37 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-06-03 15:50 . 2009-06-03 15:50 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-06-03 15:50 . 2009-06-03 15:50 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-06-03 15:50 . 2009-06-03 15:50 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2009-06-03 15:50 . 2009-06-03 15:50 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-06-23 53248]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-01-03 169984]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-05-26 257088]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-23 52840]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]
"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE" [2008-03-21 83232]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
c:\documents and settings\James Bond\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-1-3 24576]
SonicWALL Global VPN Client.lnk - c:\program files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe [2008-9-25 1160464]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VectorWorks 12.5.1\\VectorWorks.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [9/25/2008 2:40 PM 101528]
R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [9/25/2008 2:39 PM 24876]
S2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/17/2006 4:25 PM 65536]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/1/2010 3:48 PM 102448]
.
Contents of the 'Scheduled Tasks' folder
2010-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 18:42]
2010-01-30 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - James Bond.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-02-05 17:13]
2010-02-01 c:\windows\Tasks\ParetoLogic Privacy Controls_{F6327A48-F313-11DE-87B7-006073E6610A}.job
- c:\program files\ParetoLogic\Privacy Controls\Pareto_PC.exe [2009-12-02 00:46]
2010-02-02 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-04 18:19]
2010-01-29 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-04 18:19]
2010-02-01 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]
2010-02-04 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]
2010-01-31 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]
.
.
------- Supplementary Scan -------
.
uStart Page =
www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070103mStart Page =
hxxp://www.dell.commSearch Bar =
hxxp://www.google.com/ieIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\u8pox49l.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-ClamWin - c:\program files\ClamWin\bin\ClamTray.exe
AddRemove-VLC media player - c:\program files\VideoLAN\VLC\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-02-04 20:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
.
Completion time: 2010-02-04 20:22:06
ComboFix-quarantined-files.txt 2010-02-05 02:22
Pre-Run: 22,542,876,672 bytes free
Post-Run: 22,605,959,168 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - C70EBD49DFC18B564367289DEF457D9D