I'm really sorry for the late reply and thank you for your assistance. Using ComboFix has taken two days for various reasons. Anyhoo, here's the log file:
ComboFix 10-08-17.02 - Aleta Sanders 08/17/2010 23:12:53.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.325 [GMT -4:00]
Running from: c:\documents and settings\Aleta Sanders\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Aleta Sanders\Application Data\install.dat
c:\documents and settings\Aleta Sanders\Local Settings\Application Data\{6BBAA482-5D0E-4771-814E-21BCDAAB341E}
c:\documents and settings\Aleta Sanders\Local Settings\Application Data\{6BBAA482-5D0E-4771-814E-21BCDAAB341E}\chrome.manifest
c:\documents and settings\Aleta Sanders\Local Settings\Application Data\{6BBAA482-5D0E-4771-814E-21BCDAAB341E}\chrome\content\_cfg.js
c:\documents and settings\Aleta Sanders\Local Settings\Application Data\{6BBAA482-5D0E-4771-814E-21BCDAAB341E}\chrome\content\overlay.xul
c:\documents and settings\Aleta Sanders\Local Settings\Application Data\{6BBAA482-5D0E-4771-814E-21BCDAAB341E}\install.rdf
c:\documents and settings\Aleta Sanders\Local Settings\Application Data\Windows Server
c:\documents and settings\Aleta Sanders\Local Settings\Application Data\Windows Server\server.dat
c:\documents and settings\All Users\Application Data\hpe3A.dll
c:\documents and settings\Ezana\Application Data\install.dat
c:\documents and settings\Sabah\Application Data\install.dat
C:\install.exe
c:\program files\iWin\tbiWi1.dll
c:\windows\system32\config\system~1\applic~1\install.dat
c:\windows\system32\drivers\edparwo.sys
c:\windows\system32\Thumbs.db
c:\windows\system32\winlogon.exe . . . is infected!!
c:\windows\explorer.exe . . . is infected!!
Infected copy of c:\windows\system32\drivers\i8042prt.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_OSPPSVC
-------\Service_osppsvc
((((((((((((((((((((((((( Files Created from 2010-07-18 to 2010-08-18 )))))))))))))))))))))))))))))))
.
2010-08-18 07:20 . 2010-08-18 07:21 -------- d-----w- c:\documents and settings\Sabah\Application Data\PCToolsFirewallPlus
2010-08-17 01:01 . 2010-08-17 01:01 388096 ----a-r- c:\documents and settings\Aleta Sanders\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-17 01:01 . 2010-08-17 01:01 -------- d-----w- c:\program files\Trend Micro
2010-08-17 00:52 . 2010-08-17 00:53 -------- d-----w- c:\documents and settings\Aleta Sanders\Application Data\PCToolsFirewallPlus
2010-08-17 00:46 . 2010-01-12 13:34 70664 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-08-17 00:46 . 2010-01-07 15:35 58816 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2010-08-17 00:46 . 2010-01-07 15:35 32680 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-08-17 00:45 . 2010-01-13 12:59 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-08-17 00:45 . 2010-08-17 00:55 -------- d-----w- c:\program files\PC Tools Firewall Plus
2010-08-16 22:55 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-16 22:55 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-16 22:55 . 2010-08-16 22:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-16 20:29 . 2010-08-16 20:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-16 20:23 . 2010-07-17 09:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-16 20:00 . 2010-08-16 20:00 -------- d-----w- c:\program files\CCleaner
2010-08-16 19:28 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-08-16 19:28 . 2010-03-29 14:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-08-16 19:28 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-08-16 19:28 . 2010-04-08 18:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-08-16 19:27 . 2010-08-17 00:46 -------- d-----w- c:\program files\Common Files\PC Tools
2010-08-16 19:27 . 2010-08-16 19:28 -------- d-----w- c:\program files\Spyware Doctor
2010-08-16 19:27 . 2010-08-16 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-08-16 19:27 . 2010-08-16 19:27 -------- d-----w- c:\documents and settings\Aleta Sanders\Application Data\PC Tools
2010-08-16 15:49 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-16 15:49 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-16 15:49 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-16 15:49 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-16 15:48 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-08-16 15:48 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-08-16 15:48 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-16 15:48 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-16 15:47 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-16 15:47 . 2010-08-16 15:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-08-16 15:47 . 2010-08-16 15:47 -------- d-----w- c:\program files\Alwil Software
2010-08-15 19:13 . 2010-08-16 06:13 -------- d-----w- c:\documents and settings\Aleta Sanders\Local Settings\Application Data\ckgyknepn
2010-08-15 19:12 . 2010-08-15 19:12 0 ----a-w- c:\windows\Rcoyoheyevalana.bin
2010-08-15 19:12 . 2010-08-15 19:12 120 ----a-w- c:\windows\Mkiga.dat
2010-08-15 19:09 . 2010-08-16 04:22 -------- d-----w- c:\documents and settings\Aleta Sanders\Application Data\6139FD3F43EFFA39E0446AA163992656
2010-08-15 08:47 . 2010-08-15 08:47 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-08-15 08:09 . 2010-08-15 08:33 2928402903 ----a-w- c:\documents and settings\Aleta Sanders\My Documents.zip
2010-08-14 15:35 . 2010-08-16 20:32 63488 ----a-w- c:\documents and settings\Aleta Sanders\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-14 15:35 . 2010-08-14 15:35 52224 ----a-w- c:\documents and settings\Aleta Sanders\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-14 15:35 . 2010-08-16 20:32 117760 ----a-w- c:\documents and settings\Aleta Sanders\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-14 15:31 . 2010-08-14 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-14 15:31 . 2010-08-14 15:31 -------- d-----w- c:\documents and settings\Aleta Sanders\Application Data\SUPERAntiSpyware.com
2010-08-13 16:27 . 2010-08-14 18:03 -------- d-----w- c:\documents and settings\Aleta Sanders\Local Settings\Application Data\duivsjuhj
2010-08-06 03:49 . 2010-08-06 03:49 503808 ----a-w- c:\documents and settings\Aleta Sanders\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5becc8b2-n\msvcp71.dll
2010-08-06 03:49 . 2010-08-06 03:49 348160 ----a-w- c:\documents and settings\Aleta Sanders\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5becc8b2-n\msvcr71.dll
2010-08-06 03:49 . 2010-08-06 03:49 499712 ----a-w- c:\documents and settings\Aleta Sanders\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5becc8b2-n\jmc.dll
2010-08-06 03:49 . 2010-08-06 03:49 61440 ----a-w- c:\documents and settings\Aleta Sanders\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-36e18519-n\decora-sse.dll
2010-08-06 03:49 . 2010-08-06 03:49 12800 ----a-w- c:\documents and settings\Aleta Sanders\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-36e18519-n\decora-d3d.dll
2010-08-05 03:04 . 2010-08-05 11:54 -------- d-----w- c:\documents and settings\Aleta Sanders\Local Settings\Application Data\Deployment
2010-08-04 19:02 . 2010-07-23 21:22 1496064 ----a-w- c:\documents and settings\Aleta Sanders\Application Data\Mozilla\Firefox\Profiles\oy3t2c2p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-08-04 19:02 . 2010-07-23 21:22 43008 ----a-w- c:\documents and settings\Aleta Sanders\Application Data\Mozilla\Firefox\Profiles\oy3t2c2p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-08-04 19:02 . 2010-07-23 21:22 338944 ----a-w- c:\documents and settings\Aleta Sanders\Application Data\Mozilla\Firefox\Profiles\oy3t2c2p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-08-04 19:02 . 2010-07-23 21:22 346112 ----a-w- c:\documents and settings\Aleta Sanders\Application Data\Mozilla\Firefox\Profiles\oy3t2c2p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-07-31 03:27 . 2010-07-31 03:27 -------- d-sh--w- c:\documents and settings\Sabah\PrivacIE
2010-07-31 03:27 . 2010-07-31 03:27 -------- d-----w- c:\documents and settings\Sabah\Application Data\StumbleUpon
2010-07-31 03:27 . 2010-07-31 03:27 -------- d-----w- c:\documents and settings\Sabah\Local Settings\Application Data\Conduit
2010-07-31 03:27 . 2010-07-31 03:27 -------- d-----w- c:\documents and settings\Sabah\Local Settings\Application Data\iWin
2010-07-31 03:27 . 2010-07-31 03:27 -------- d-----w- c:\documents and settings\Sabah\Local Settings\Application Data\Google
2010-07-30 14:22 . 2010-07-30 14:22 -------- d-----w- c:\documents and settings\Ezana\Local Settings\Application Data\BVRP Software
2010-07-23 11:56 . 2010-07-23 11:56 -------- d-----w- c:\documents and settings\Aleta Sanders\Application Data\com.focusboosterapp.focusbooster.8E5F79C899747AD22E21DB62AA496926DA6BBC64.1
2010-07-23 11:56 . 2010-07-23 11:56 -------- d-----w- c:\program files\Focus Booster
2010-07-23 11:29 . 2010-07-23 11:29 61440 ----a-w- c:\documents and settings\Aleta Sanders\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5ad18a6e-n\decora-sse.dll
2010-07-23 11:29 . 2010-07-23 11:29 503808 ----a-w- c:\documents and settings\Aleta Sanders\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6c063074-n\msvcp71.dll
2010-07-23 11:29 . 2010-07-23 11:29 348160 ----a-w- c:\documents and settings\Aleta Sanders\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6c063074-n\msvcr71.dll
2010-07-23 11:29 . 2010-07-23 11:29 12800 ----a-w- c:\documents and settings\Aleta Sanders\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5ad18a6e-n\decora-d3d.dll
2010-07-23 11:29 . 2010-07-23 11:29 499712 ----a-w- c:\documents and settings\Aleta Sanders\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6c063074-n\jmc.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-18 07:31 . 2009-03-03 22:32 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp
2010-08-18 07:28 . 2009-04-30 10:48 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-08-18 07:28 . 2009-04-10 03:40 57752 ----a-w- c:\windows\system32\rpcnet.dll
2010-08-18 03:31 . 2009-05-04 03:29 -------- d-----w- c:\program files\iWin
2010-08-17 11:05 . 2010-04-09 15:49 -------- d-----w- c:\documents and settings\Aleta Sanders\Application Data\SoftGrid Client
2010-08-16 20:23 . 2009-03-03 22:27 -------- d-----w- c:\program files\Java
2010-08-16 18:50 . 2009-10-14 21:29 126008 ----a-w- c:\documents and settings\Aleta Sanders\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-16 18:48 . 2009-11-27 21:27 -------- d-----w- c:\program files\Common Files\TXText
2010-08-16 18:48 . 2009-11-27 21:26 -------- d-----w- c:\program files\Broderbund
2010-08-16 18:42 . 2009-03-03 22:42 -------- d-----w- c:\program files\Dell Webcam
2010-08-16 18:42 . 2009-03-03 22:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-16 18:41 . 2009-03-03 22:43 -------- d-----w- c:\program files\Creative
2010-08-16 18:37 . 2009-11-04 00:06 -------- d-----w- c:\program files\Brother
2010-08-16 18:34 . 2009-05-04 03:34 -------- d-----w- c:\program files\iWin.com
2010-08-16 05:05 . 2009-04-30 10:48 17408 -c--a-w- c:\windows\system32\rpcnetp.dll
2010-08-14 18:21 . 2010-07-11 04:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Speedbit
2010-08-14 18:03 . 2010-07-10 13:27 -------- d-----w- c:\program files\iWin Games
2010-08-13 14:23 . 2010-08-16 02:32 183886 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
2010-08-12 05:23 . 2009-10-26 21:58 -------- d-----w- c:\documents and settings\Aleta Sanders\Application Data\PrimoPDF
2010-08-11 07:33 . 2009-03-03 22:40 -------- d-----w- c:\program files\Microsoft Works
2010-08-09 11:30 . 2009-10-29 00:57 -------- d-----w- c:\program files\RingCentral
2010-08-09 11:30 . 2009-10-29 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\RingCentral
2010-08-08 21:16 . 2009-10-14 21:27 55620 ----a-w- c:\documents and settings\Aleta Sanders\Application Data\wklnhst.dat
2010-08-05 12:15 . 2010-02-07 01:17 -------- d-----w- c:\program files\Google
2010-08-05 12:12 . 2010-02-15 18:21 -------- d-----w- c:\documents and settings\Sabah\Application Data\Teleca
2010-08-05 12:12 . 2010-02-15 17:19 -------- d-----w- c:\documents and settings\Ezana\Application Data\Teleca
2010-08-05 12:12 . 2010-06-26 23:17 -------- d-----w- c:\program files\Common Files\Teleca Shared
2010-08-05 12:09 . 2009-12-24 17:42 -------- d-----w- c:\program files\HTC
2010-08-05 12:06 . 2009-11-26 05:27 -------- d-----w- c:\program files\Encore
2010-08-05 11:49 . 2010-06-22 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2010-07-03 14:59 . 2009-10-14 21:01 664 ----a-w- c:\documents and settings\Aleta Sanders\Local Settings\Application Data\d3d9caps.dat
2010-07-03 01:11 . 2010-03-03 21:16 439816 ----a-w- c:\documents and settings\Aleta Sanders\Application Data\Real\Update\setup3.10\setup.exe
2010-06-30 12:31 . 2008-04-25 20:33 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-26 23:20 . 2009-12-24 17:46 -------- d-----w- c:\documents and settings\Aleta Sanders\Application Data\Teleca
2010-06-24 12:22 . 2008-04-25 20:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 02:18 . 2010-06-22 16:18 -------- d-----w- c:\program files\Cricket Broadband Connect
2010-06-23 13:44 . 2008-04-25 20:33 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 02:48 . 2010-06-23 02:48 -------- d-----w- c:\documents and settings\Aleta Sanders\Application Data\Alawar
2010-06-22 16:19 . 2010-06-22 16:19 -------- d-----w- c:\program files\PANTECH
2010-06-22 16:18 . 2010-06-22 16:18 -------- d-----w- c:\program files\Common Files\Avanquest software Shared
2010-06-21 15:27 . 2008-04-25 20:33 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-04-25 20:33 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-04-26 01:44 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2008-04-25 20:33 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-12-29 23:22 . 2009-12-17 19:16 119312 ----a-w- c:\program files\mozilla firefox\components\affdfcbadbfead.dll
.
------- Sigcheck -------
[-] 2008-04-14 . CEE3922616FB3E862B28965473E241CF . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . 142E50036F14068A750CD493AA679F99 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Aleta Sanders\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-15 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WSED"="c:\program files\WSED\WSED.exe" [2008-12-12 238888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-13 198160]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-23 18063872]
"PlayMovie"="c:\program files\Dell\PlayMovie\PMVService.exe" [2008-12-11 177384]
"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2008-12-24 92696]
"PCMAgent"="c:\program files\Dell\Media Experience\PCMAgent.exe" [2008-12-11 148776]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-24 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-24 354840]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-11-11 442536]
"CLMLServer"="c:\program files\Dell\Media Experience\Kernel\CLML\CLMLSvc.exe" [2008-12-11 202024]
"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2008-11-05 623912]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-06 2289664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2008-04-14 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"{F9AA8FE2-E89A-E99B-E8b8-E9AE9B9ABA99}"="c:\program files\Cricket Broadband Connect\AvqAutoRun.exe" [2009-10-19 73728]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-05-11 1287120]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
c:\documents and settings\Aleta Sanders\Start Menu\Programs\Startup\
Google Chrome.lnk - c:\documents and settings\Aleta Sanders\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [2009-12-14 945720]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [3/3/2009 6:32 PM 14248]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/16/2010 3:28 PM 218592]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/16/2010 11:49 AM 165456]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [8/16/2010 3:28 PM 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/16/2010 11:49 AM 17744]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [9/26/2009 7:35 AM 819600]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [7/7/2010 4:50 PM 176408]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [8/16/2010 3:28 PM 88040]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [9/23/2009 3:04 PM 447832]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [3/3/2009 6:42 PM 135936]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [3/3/2009 8:08 PM 5088416]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [3/3/2009 8:08 PM 110080]
R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [3/3/2009 8:08 PM 148056]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [3/3/2009 8:08 PM 133472]
R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [3/3/2009 8:08 PM 271328]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [8/16/2010 8:46 PM 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [8/16/2010 8:46 PM 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [8/16/2010 8:45 PM 115216]
R3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [6/22/2010 12:19 PM 54544]
R3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [6/22/2010 12:19 PM 12048]
R3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [6/22/2010 12:19 PM 160400]
R3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [6/22/2010 12:19 PM 115216]
R3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [6/22/2010 12:19 PM 160400]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [3/3/2009 8:07 PM 157696]
R3 sftfs;sftfs;c:\program files\Microsoft Application Virtualization Client\drivers\SftFSXP.sys [9/23/2009 3:04 PM 543064]
R3 sftplay;sftplay;c:\program files\Microsoft Application Virtualization Client\drivers\sftplayxp.sys [9/23/2009 3:04 PM 190312]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [9/23/2009 3:05 PM 21864]
R3 sftvol;sftvol;c:\program files\Microsoft Application Virtualization Client\drivers\SftVolXP.sys [9/23/2009 3:04 PM 14680]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [9/23/2009 3:04 PM 203608]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 9:18 PM 135664]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [3/3/2009 8:07 PM 129024]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys --> c:\windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [12/12/2009 1:39 AM 9472]
S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\drivers\PTUMWCDF.sys [6/22/2010 12:19 PM 22032]
--- Other Services/Drivers In Memory ---
*Deregistered* - BMLoad
.
Contents of the 'Scheduled Tasks' folder
2010-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cac6ae8e7a4a8e.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 01:18]
2010-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2870019680-4263584670-1697931001-1006Core1cac6ae3f9a9f2c.job
- c:\documents and settings\Aleta Sanders\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-15 03:23]
2010-08-18 c:\windows\Tasks\User_Feed_Synchronization-{5E178C74-6EBA-4B70-B8B0-E5C851430BA7}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
2010-08-18 c:\windows\Tasks\User_Feed_Synchronization-{A2BDE66F-77B2-46CD-8BCA-B62726FEA3A6}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Aleta Sanders\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: {7D0DA0B3-63C2-48C1-A339-6180107E969E} = 172.28.221.53 172.28.221.54
FF - ProfilePath - c:\documents and settings\Aleta Sanders\Application Data\Mozilla\Firefox\Profiles\oy3t2c2p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\Aleta Sanders\Application Data\Mozilla\Firefox\Profiles\oy3t2c2p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Mozilla Firefox\components\affdfcbadbfead.dll
FF - component: c:\program files\Mozilla Firefox\extensions\
[email protected]\components\Shim.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Aleta Sanders\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-LoJackForLaptops - c:\program files\LFLInstall\InstallManager.exe
HKLM-Run-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-BrMfcWnd - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-08-18 03:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1564)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\System32\BCMLogon.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
- - - - - - - > 'explorer.exe'(3788)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\windows\system32\rpcnet.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2010-08-18 03:38:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-18 07:38
Pre-Run: 138,039,341,056 bytes free
Post-Run: 138,057,777,152 bytes free
- - End Of File - - D27714A33D38F688E0CB7DFC4B4AEE85
Thanks!