Thank you for the reply! I followed the instructions and ran ComboFix but it took several hours for the log file to finish. (started it prior to 6pm last night and had to leave it overnight) Here are the results of the scan and its log:
ComboFix 10-05-25.02 - George 05/25/2010 16:49:26.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.43 [GMT -5:00]
Running from: c:\documents and settings\George\Desktop\ComboFix.exe
AV: Charter Security Suite 9.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Charter Security Suite 9.01 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Shared
c:\windows\system32\hack
c:\windows\system32\hack\OEMLINK\OEM1.reg
c:\windows\system32\hack\OEMLINK\OEM2.reg
c:\windows\system32\hack\OEMLINK\OEM3.reg
c:\windows\system32\sstray.exe
Infected copy of c:\windows\system32\drivers\sym_hi.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-04-25 to 2010-05-25 )))))))))))))))))))))))))))))))
.
2010-05-24 20:07 . 2010-05-24 20:07 388096 ----a-r- c:\documents and settings\George\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-24 20:03 . 2010-05-24 20:03 -------- d-----w- c:\program files\Trend Micro
2010-05-24 19:47 . 2010-05-24 19:47 503808 ----a-w- c:\documents and settings\George\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3b27b60b-n\msvcp71.dll
2010-05-24 19:47 . 2010-05-24 19:47 499712 ----a-w- c:\documents and settings\George\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3b27b60b-n\jmc.dll
2010-05-24 19:47 . 2010-05-24 19:47 348160 ----a-w- c:\documents and settings\George\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3b27b60b-n\msvcr71.dll
2010-05-24 19:47 . 2010-05-24 19:47 12800 ----a-w- c:\documents and settings\George\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2fb36385-n\decora-d3d.dll
2010-05-24 19:47 . 2010-05-24 19:47 61440 ----a-w- c:\documents and settings\George\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2fb36385-n\decora-sse.dll
2010-05-24 19:46 . 2010-05-24 19:46 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-24 17:25 . 2010-05-24 17:25 -------- d-----w- c:\program files\CCleaner
2010-05-20 19:38 . 2010-05-20 19:41 -------- d-----w- c:\windows\system32\NtmsData
2010-05-20 15:34 . 2010-05-20 15:34 63488 ----a-w- c:\documents and settings\George\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-20 15:34 . 2010-05-20 15:34 52224 ----a-w- c:\documents and settings\George\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-20 15:34 . 2010-05-20 15:34 117760 ----a-w- c:\documents and settings\George\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-20 15:33 . 2010-05-20 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-20 15:33 . 2010-05-20 15:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-20 15:33 . 2010-05-20 15:33 -------- d-----w- c:\documents and settings\George\Application Data\SUPERAntiSpyware.com
2010-05-20 15:32 . 2010-05-20 15:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-20 09:47 . 2010-05-20 09:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-05-18 10:25 . 2010-05-23 00:51 664 ----a-w- c:\windows\system32\d3d9caps.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-25 17:21 . 2008-08-27 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-05-25 05:53 . 2008-10-16 01:34 13240 ----a-w- c:\documents and settings\George\Application Data\wklnhst.dat
2010-05-24 19:55 . 2004-05-02 15:55 -------- d-----w- c:\program files\Java
2010-05-24 19:47 . 2004-05-02 15:55 -------- d-----w- c:\program files\Common Files\Java
2010-05-17 21:44 . 2010-03-23 02:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-13 22:46 . 2008-07-01 16:39 -------- d-----w- c:\program files\Google
2010-04-29 20:39 . 2010-03-23 02:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-03-23 02:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 18:31 . 2009-09-30 01:05 69 ----a-w- c:\documents and settings\George\jagex_runescape_preferences2.dat
2010-03-28 18:11 . 2008-07-01 16:13 41 ----a-w- c:\documents and settings\George\jagex_runescape_preferences.dat
2010-03-28 05:35 . 2010-03-28 05:35 0 ----a-w- c:\documents and settings\George\jagex__preferences3.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-27 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-03-04 2904064]
"nwiz"="nwiz.exe" [2004-03-04 782336]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-03-04 46080]
"CHotkey"="zHotkey.exe" [2003-06-04 496640]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-10 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2003-12-18 1241138]
"SunKistEM"="c:\program files\eMachines Bay Reader\shwiconem.exe" [2004-03-12 135168]
"Lexmark 2200 Series"="c:\program files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 57344]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2004-02-04 294912]
"F-Secure Manager"="c:\program files\Charter High-Speed Security Suite\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2004-5-1 1742384]
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]
WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2008-8-5 745472]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 135664]
R3 SjyPkt;SjyPkt;c:\windows\System32\Drivers\SjyPkt.sys [2002-10-02 13532]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files\Charter High-Speed Security Suite\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Charter High-Speed Security Suite\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2009-12-10 33920]
S0 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2009-08-05 80000]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys [2009-08-05 68064]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-06 68168]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys [2005-04-01 66048]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Charter High-Speed Security Suite\Anti-Virus\minifilter\fsgk.sys [2010-05-06 113856]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Charter High-Speed Security Suite\ORSP Client\fsorsp.exe [2010-05-17 55992]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2006-03-27 167808]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - FSBL
*Deregistered* - fsbl
.
Contents of the 'Scheduled Tasks' folder
2010-05-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-27 08:43]
2010-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 23:21]
2010-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 23:21]
2010-05-26 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\CHARTE~1\ANTI-V~1\fsav.exe [2008-05-27 15:56]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\program files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Performance Center - c:\program files\Ascentive\Performance Center\APCMain.exe
HKLM-Run-nForce Tray Options - sstray.exe
HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-05-25 17:02
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(776)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\charter high-speed security suite\hips\fshook32.dll
- - - - - - - > 'lsass.exe'(832)
c:\program files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL
c:\program files\charter high-speed security suite\hips\fshook32.dll
.
Completion time: 2010-05-25 23:57:35
ComboFix-quarantined-files.txt 2010-05-26 04:57
Pre-Run: 298,930,163,712 bytes free
Post-Run: 298,949,111,808 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional Edition" /fastdetect /NoExecute=OptIn
- - End Of File - - 6D1E16E53FB1210EFE62C5A868CFF78E