OK, I disabled PC Tools Firewall and reran the CFScript it ran, and then attempted to shut Windows down. It "kinda" locked up, no display definitely did not reboot (as it indicated) however, no BSOD. I did a cold shut down after about 15 minutes and upon booting up ComboFix saved a log that appears below:
ComboFix 10-04-17.07 - Patrick 04/23/2010 16:04:24.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.582 [GMT -4:00]
Running from: c:\documents and settings\Patrick\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Patrick\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
FILE ::
"c:\documents and settings\Patrick\udpcrawl.tmp"
"c:\windows\system32\corpol.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Patrick\Application Data\Azureus
c:\documents and settings\Patrick\Application Data\Azureus\.certs
c:\documents and settings\Patrick\Application Data\Azureus\.keystore
c:\documents and settings\Patrick\Application Data\Azureus\.lock
c:\documents and settings\Patrick\Application Data\Azureus\active\846D3C16576085E128B6CC886153006F952DE1EE.dat
c:\documents and settings\Patrick\Application Data\Azureus\azureus.config
c:\documents and settings\Patrick\Application Data\Azureus\azureus.statistics
c:\documents and settings\Patrick\Application Data\Azureus\devices.config
c:\documents and settings\Patrick\Application Data\Azureus\dht\addresses.dat
c:\documents and settings\Patrick\Application Data\Azureus\dht\contacts.dat
c:\documents and settings\Patrick\Application Data\Azureus\dht\diverse.dat
c:\documents and settings\Patrick\Application Data\Azureus\dht\version.dat
c:\documents and settings\Patrick\Application Data\Azureus\downloads.config
c:\documents and settings\Patrick\Application Data\Azureus\ipfilter.cache
c:\documents and settings\Patrick\Application Data\Azureus\logs\debug_1.log
c:\documents and settings\Patrick\Application Data\Azureus\metasearch.config
c:\documents and settings\Patrick\Application Data\Azureus\net\pm_10796.dat
c:\documents and settings\Patrick\Application Data\Azureus\net\pm_default.dat
c:\documents and settings\Patrick\Application Data\Azureus\plugins\azupnpav\cd.dat
c:\documents and settings\Patrick\Application Data\Azureus\tables.config
c:\documents and settings\Patrick\Application Data\Azureus\torrents\846D3C16576085E128B6CC886153006F952DE1EE[1].torrent
c:\documents and settings\Patrick\udpcrawl.tmp
c:\program files\WildTangent
c:\program files\WildTangent\Apps\GameChannel\Games\C0A0AA4D-C79B-48CA-8843-2B02B626C9E6\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\C0A0AA4D-C79B-48CA-8843-2B02B626C9E6\options.dat
c:\program files\WildTangent\LicenseStores\WT\6DEEEEDF-6404-4f02-AE07-4F4CB1A3D5F6.wtlic
c:\program files\WildTangent\LicenseStores\WT\wt.sto
.
((((((((((((((((((((((((( Files Created from 2010-03-23 to 2010-04-23 )))))))))))))))))))))))))))))))
.
2010-04-22 12:39 . 2010-04-22 12:39 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-22 12:38 . 2010-04-22 12:38 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-11 23:14 . 2010-04-11 23:14 -------- d-----w- c:\documents and settings\Patrick\Local Settings\Application Data\Collectorz.com
2010-04-11 23:13 . 2010-04-11 23:13 -------- d-----w- c:\program files\Collectorz.com
2010-04-11 21:11 . 2010-04-11 21:12 -------- d-----w- c:\documents and settings\Patrick\Application Data\Disk Explorer Professional 3
2010-04-11 20:46 . 2010-04-11 20:46 -------- d-----w- c:\documents and settings\Patrick\.JavaHelp
2010-04-11 20:39 . 2010-04-11 20:50 -------- d-----w- c:\documents and settings\Patrick\.jajuk
2010-04-11 20:37 . 2010-04-11 20:50 -------- d-----w- c:\program files\Jajuk
2010-04-11 20:08 . 2010-04-11 20:24 -------- d-----w- c:\program files\Media Catalog Studio
2010-04-11 19:59 . 2010-04-11 19:59 -------- d-----w- c:\documents and settings\Patrick\Application Data\Pmcc
2010-04-11 11:47 . 2010-04-11 11:47 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-04-11 11:47 . 2010-04-11 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-09 20:47 . 2010-04-09 20:47 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-06 15:33 . 2010-04-06 15:33 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-04-06 15:33 . 2010-04-06 15:33 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-04-06 15:33 . 2010-04-06 15:33 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-04-06 15:33 . 2010-04-06 15:33 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-04-06 15:33 . 2010-04-06 15:33 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-04-06 15:33 . 2010-04-06 15:33 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-04-06 15:33 . 2010-04-06 15:33 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-04-06 15:33 . 2010-04-06 15:33 341272 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxch32.dll
2010-04-06 15:33 . 2010-04-06 15:33 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-04-06 15:33 . 2010-04-06 15:33 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-04-06 15:33 . 2010-04-06 15:33 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-04-06 15:33 . 2010-04-06 15:33 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-04-06 15:32 . 2010-04-06 15:32 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-04-06 15:32 . 2010-04-06 15:32 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-04-06 15:32 . 2010-04-06 15:32 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-04 20:54 . 2010-04-04 20:54 -------- d-----w- C:\desktopclean
2010-04-04 17:05 . 2010-04-04 17:05 -------- d-----w- c:\documents and settings\Anna\Application Data\PCToolsFirewallPlus
2010-04-03 23:12 . 2010-04-03 23:12 -------- d-----w- C:\$AVG
2010-04-03 22:59 . 2010-04-03 22:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-03 22:59 . 2010-04-22 12:39 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-03 22:59 . 2010-04-03 22:59 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-03 22:59 . 2010-04-03 22:59 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-03 22:59 . 2010-04-23 12:47 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-03 22:57 . 2010-04-03 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-03 22:27 . 2010-04-03 22:40 52224 ----a-w- c:\documents and settings\Patrick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-03 22:26 . 2010-04-03 22:43 117760 ----a-w- c:\documents and settings\Patrick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-03 22:24 . 2010-04-03 22:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-27 22:54 . 2010-03-27 22:55 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-27 22:53 . 2010-03-27 22:55 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-27 20:31 . 2010-03-27 20:31 -------- d-----w- c:\documents and settings\Patrick\Application Data\PCToolsFirewallPlus
2010-03-27 20:29 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-27 20:29 . 2009-11-09 15:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-27 20:29 . 2010-01-07 16:40 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-27 20:29 . 2010-03-27 20:29 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-27 20:29 . 2010-01-12 13:34 70664 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-03-27 20:29 . 2010-01-07 15:35 58816 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2010-03-27 20:29 . 2010-01-07 15:35 32680 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-03-27 20:29 . 2010-01-13 12:59 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-03-27 20:29 . 2010-03-27 20:32 -------- d-----w- c:\program files\PC Tools Firewall Plus
2010-03-27 03:14 . 2010-03-27 19:28 -------- d-----w- c:\program files\a-squared Free
2010-03-26 19:54 . 2010-03-26 19:55 -------- d-----w- c:\program files\DVD Shrink
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-23 20:17 . 2006-12-20 16:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-18 12:57 . 2008-10-18 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-04-09 20:44 . 2008-11-27 19:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-04 17:56 . 2007-07-20 22:26 -------- d-----w- c:\documents and settings\Patrick\Application Data\LimeWire
2010-04-03 22:39 . 2006-12-20 16:24 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-03 22:25 . 2008-11-27 19:41 -------- d-----w- c:\documents and settings\Patrick\Application Data\SUPERAntiSpyware.com
2010-03-27 22:57 . 2010-03-27 20:29 120 ----a-w- c:\documents and settings\Administrator\udpcrawl.tmp
2010-03-27 20:37 . 2009-10-23 13:57 -------- d-----w- c:\program files\Panda Security
2010-03-27 18:12 . 2006-12-20 16:26 -------- d-----w- c:\program files\Trend Micro
2010-03-26 21:05 . 2006-12-29 20:10 -------- d-----w- c:\program files\Civil Series 2004
2010-03-21 14:45 . 2006-12-20 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-21 00:00 . 2008-08-09 11:39 -------- d-----w- c:\program files\Security Task Manager
2010-03-20 20:33 . 2010-03-20 20:33 -------- d-----w- c:\program files\AVG
2010-03-20 13:53 . 2009-01-19 20:09 -------- d-----w- c:\program files\Postal2STP
2010-03-19 20:42 . 2010-01-17 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-03-19 18:29 . 2010-03-19 18:29 -------- d-----w- c:\documents and settings\Patrick\Application Data\Uniblue
2010-03-19 14:14 . 2010-01-10 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-18 02:50 . 2010-03-18 02:50 -------- d-----w- c:\documents and settings\Patrick\Application Data\Intermedia Software
2010-03-18 01:18 . 2010-03-18 01:18 -------- d-----w- c:\documents and settings\Patrick\Application Data\Digital Media Solutions
2010-03-14 04:01 . 2010-01-20 04:43 42 ----a-w- c:\documents and settings\Anna\Application Data\MTC-savedinstructor.dat
2010-03-14 03:17 . 2010-03-14 03:17 38 ----a-w- c:\documents and settings\Anna\Application Data\MTC-savedfolder.dat
2010-03-13 19:24 . 2010-03-13 19:24 54 ----a-w- c:\documents and settings\Patrick\Application Data\MTC-savedfolder.dat
2010-03-11 12:38 . 2004-08-11 23:00 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-11 23:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-11 23:00 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-11 23:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2004-08-11 23:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 16:51 . 2010-02-02 04:38 3247296 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-16 14:08 . 2004-08-11 23:00 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 04:59 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-11 23:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-11 23:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-22 22:12 . 2006-12-24 19:58 88 --sh--r- c:\windows\system32\A97C080420.sys
2010-01-22 22:12 . 2006-12-24 19:58 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
1997-06-23 17:06 . 1997-06-23 17:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-04-11_19.18.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-23 20:17 . 2010-04-23 20:17 16384 c:\windows\temp\Perflib_Perfdata_598.dat
+ 2010-04-23 20:16 . 2010-04-23 20:16 16384 c:\windows\temp\Perflib_Perfdata_4d0.dat
+ 2010-01-13 14:01 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll
+ 2004-08-11 23:00 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll
+ 2010-04-11 23:21 . 2010-04-11 23:21 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\TVM\d5f6c4ddc906680d085f6e6a76246b19\TVM.ni.dll
+ 2010-04-11 23:21 . 2010-04-11 23:21 68608 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Inte#\4108fbcfcb9c25c35a98fa51aa4a45b4\Intuit.Ctg.Wte.InterviewControlLibrary.ni.dll
+ 2004-08-11 23:00 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
+ 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2008-05-09 10:53 . 2010-03-09 11:09 430080 c:\windows\system32\dllcache\vbscript.dll
- 2008-05-09 10:53 . 2008-05-09 10:53 430080 c:\windows\system32\dllcache\vbscript.dll
+ 2008-06-20 11:08 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2008-11-12 22:36 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys
+ 2010-02-12 04:33 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2010-03-18 01:18 . 2003-08-26 20:03 757760 c:\windows\system32\CDDBUI.dll
+ 2010-03-18 01:18 . 2003-08-26 20:01 630784 c:\windows\system32\CDDBControl.dll
+ 2008-11-12 22:36 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-04-11 23:21 . 2010-04-11 23:21 656384 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Serv#\a1d5c654e44f6641673fc184784bd694\Intuit.Ctg.Wte.Service.Interface.ni.dll
+ 2008-10-16 02:50 . 2010-02-17 13:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-16 02:50 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-16 02:50 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 02:50 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-16 02:50 . 2010-02-17 13:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-16 02:50 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 02:50 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 02:50 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-04-11 23:21 . 2010-04-11 23:21 4153344 c:\windows\assembly\NativeImages_v2.0.50727_32\ttax\90187d61a7bc5ba56307c85d2d93c418\ttax.ni.dll
+ 2010-04-11 23:21 . 2010-04-11 23:21 1323520 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Map\99639ace6996426854e3ce6cd8b1ffcb\Intuit.Ctg.Map.ni.dll
+ 2007-12-25 12:23 . 2010-04-06 17:52 31971272 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2007-12-10 18:46 1510424 ----a-w- c:\program files\free-downloads.net\tbfree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2007-12-10 1510424]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2007-12-10 1510424]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-09 2010864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"dlcimon.exe"="c:\program files\Dell AIO Printer 946\dlcimon.exe" [2006-02-13 430080]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"HostManager"="c:\program files\Common Files\AOL\1172251831\ee\AOLSoftware.exe" [2006-09-26 50736]
"DLCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-10-20 73728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-20 98304]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"NoActiveDesktopChanges"="00000000" [X]
"NoActiveDesktop"="0 (0x0)" [X]
"NoSaveSettings"="0 (0x0)" [X]
"ClassicShell"="0 (0x0)" [X]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-20 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-04-03 22:43 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-03 22:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/31/2008 8:57 PM 715248]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/3/2010 6:59 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/3/2010 6:59 PM 242896]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [3/27/2010 4:29 PM 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/17/2008 3:11 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/17/2008 3:11 PM 66632]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/3/2010 6:58 PM 308064]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [7/14/2006 3:01 AM 13824]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [3/27/2010 4:29 PM 88040]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 9:09 PM 11032]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [7/14/2006 3:02 AM 13696]
R3 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [3/27/2010 4:29 PM 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [3/27/2010 4:29 PM 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [3/27/2010 4:29 PM 115216]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/17/2008 3:11 PM 12872]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-04-23 16:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCICATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16?
?
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
NoActiveDesktopChanges = 3F 00 00 00
NoActiveDesktop = 63
NoSaveSettings = 63
ClassicShell = 63
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spmy.sys hal.dll >>UNKNOWN [0x86D86944]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7508f28
\Driver\ACPI -> ACPI.sys @ 0xf7285cb8
\Driver\iaStor -> iaStor.sys @ 0xf71aa150
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Intel(R) 82566DC Gigabit Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf706ebb0
PacketIndicateHandler -> NDIS.sys @ 0xf707ba21
SendHandler -> NDIS.sys @ 0xf705987b
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1480)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(2664)
c:\windows\system32\WININET.dll
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\wdfmgr.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dlcicoms.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Completion time: 2010-04-23 16:20:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-23 20:20
ComboFix2.txt 2010-04-17 21:29
ComboFix3.txt 2010-04-11 19:19
Pre-Run: 121,341,382,656 bytes free
Post-Run: 121,375,903,744 bytes free
- - End Of File - - E7D6B248365BA7D36FD230199CB4AB76
I then reran HijackThis and the log appears below:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:37 PM, on 4/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell AIO Printer 946\dlcimon.exe
C:\Program Files\Common Files\AOL\1172251831\ee\AOLSoftware.exe
C:\WINDOWS\system32\dlcicoms.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [dlcimon.exe] "C:\Program Files\Dell AIO Printer 946\dlcimon.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1172251831\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DLCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269719756937O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -
http://download.eset.com/special/eos/OnlineScanner.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: dlci_device - - C:\WINDOWS\system32\dlcicoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 7623 bytes