Thanks again for the help!
If we ever get through this - I'll need to ask how you think the trojan got in and more importantly - How to block it.
Note: Combofix running very fast - total time now 5 mins - down from 10 before.
One pop up appeared online.
Combofix log when run with CFScript:
------------------------
ComboFix 08-01-29.3 - John 2008-01-30 23:13:16.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446 [GMT -5:00]
Running from: C:\Documents and Settings\John\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\John\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\VundoFix Backups
.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))
.
2008-01-26 15:46 . 2008-01-26 15:46 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-26 15:46 . 2008-01-26 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-26 15:08 . 2008-01-26 15:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-01-17 21:10 . 2008-01-17 21:10 <DIR> d-------- C:\Documents and Settings\John\Application Data\gtk-2.0
2008-01-17 21:10 . 2008-01-17 21:10 <DIR> d-------- C:\Documents and Settings\John\.thumbnails
2008-01-17 21:00 . 2008-01-17 21:00 <DIR> d-------- C:\Program Files\FastStone Image Viewer
2008-01-17 21:00 . 2008-01-17 21:00 <DIR> d-------- C:\Documents and Settings\John\Application Data\FastStone
2008-01-17 20:58 . 2008-01-17 20:58 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-01-17 20:58 . 2008-01-17 21:11 <DIR> d-------- C:\Documents and Settings\John\.gimp-2.4
2008-01-15 22:00 . 2008-01-15 22:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-15 21:58 . 2008-01-15 21:58 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-15 21:58 . 2008-01-15 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-15 21:55 . 2008-01-15 21:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-14 23:42 . 2007-09-07 22:37 87,424 --a------ C:\WINDOWS\system32\drivers\SysPlant.sys
2008-01-14 23:41 . 2008-01-14 23:41 136,496 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-14 23:41 . 2008-01-14 23:41 60,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-14 23:41 . 2008-01-14 23:41 10,652 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-14 23:41 . 2008-01-14 23:41 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-14 23:36 . 2008-01-14 23:41 <DIR> d-------- C:\Program Files\Symantec
2008-01-14 23:36 . 2008-01-29 21:36 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-14 23:36 . 2008-01-14 23:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-12 21:30 . 2008-01-14 23:56 15,360 --a------ C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-12 21:30 . 2008-01-14 23:56 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-10 20:14 . 2008-01-14 23:53 90,112 --a------ C:\WINDOWS\UpdReg.EXE
2008-01-10 15:57 . 2008-01-15 00:05 <DIR> d-------- C:\WINDOWS\system32\vt8
2008-01-10 15:57 . 2008-01-10 15:57 <DIR> d-------- C:\WINDOWS\system32\mp2
2008-01-10 15:57 . 2008-01-10 20:13 <DIR> d-------- C:\WINDOWS\system32\ez4
2008-01-10 15:57 . 2008-01-10 15:57 <DIR> d-------- C:\WINDOWS\system32\che9
2008-01-10 15:56 . 2008-01-29 21:26 <DIR> d-------- C:\Program Files\Dot1XCfg
2008-01-10 15:52 . 2008-01-15 00:02 <DIR> d-------- C:\WINDOWS\system32\edcA01
2008-01-10 15:52 . 2008-01-10 15:57 <DIR> d-------- C:\Temp\Ryuan1
2008-01-10 15:52 . 2008-01-29 21:30 <DIR> d-------- C:\Temp
2008-01-09 22:49 . 2008-01-30 22:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-09 22:49 . 2008-01-09 22:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-07 22:14 . 2008-01-07 22:14 <DIR> d-------- C:\Program Files\Common Files\Avery
2008-01-07 22:14 . 2008-01-08 22:21 <DIR> d-------- C:\Program Files\Avery Wizard 3.1
2008-01-06 21:11 . 2008-01-14 23:16 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-01-06 18:07 . 2008-01-06 18:07 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS
2008-01-06 18:07 . 2008-01-06 18:07 <DIR> d-------- C:\Program Files\Picasa2
2008-01-06 18:07 . 2006-10-04 21:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-06 18:07 . 2006-10-04 21:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-06 18:06 . 2008-01-06 18:06 <DIR> d-------- C:\WINDOWS\system32\runtime
2008-01-06 18:05 . 2008-01-30 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-01 15:30 . 2008-01-01 15:30 <DIR> d-------- C:\Documents and Settings\John\Application Data\muvee Technologies
2008-01-01 15:29 . 2008-01-01 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies
2007-12-31 21:42 . 2008-01-06 19:28 20 ---h----- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-12-31 21:38 . 2007-12-31 21:38 <DIR> d-------- C:\Program Files\PictureProject In Touch Downloader
2007-12-31 21:35 . 2007-12-31 21:35 <DIR> d-------- C:\Program Files\Nikon
2007-12-31 21:35 . 2007-12-31 21:35 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies
2007-12-31 21:35 . 2007-12-31 22:38 <DIR> d-------- C:\Documents and Settings\John\Application Data\Nikon
2007-12-31 21:35 . 2007-12-31 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ultima_T15
2007-12-31 21:35 . 2007-12-31 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nikon
2007-12-31 21:35 . 2007-12-31 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Helper Scripts
2007-12-31 21:35 . 2007-12-31 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EnterNHelp
2007-12-31 21:35 . 2008-01-06 19:28 20 ---h----- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2007-12-31 21:34 . 2007-12-31 22:38 <DIR> d-------- C:\Program Files\Common Files\Nikon
2007-12-14 11:32 . 2007-12-14 11:32 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 03:11 --------- d-----w C:\Program Files\CyberPower PowerPanel Personal Edition
2008-01-30 02:26 --------- d-----w C:\Program Files\REGSHAVE
2008-01-30 02:26 --------- d-----w C:\Program Files\QuickTime
2008-01-30 02:26 --------- d-----w C:\Program Files\iTunes
2008-01-30 02:26 --------- d-----w C:\Program Files\DellSupport
2008-01-18 01:54 --------- d-----w C:\Program Files\Trend Micro
2008-01-15 04:16 --------- d-----w C:\Program Files\Yahoo!
2008-01-08 03:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-07 03:08 --------- d-----w C:\Program Files\America Online 9.0
2008-01-06 23:10 --------- d-----w C:\Program Files\Google
2007-12-07 23:20 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 22:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 22:40 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:55 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 10:59 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.
<pre>
----a-w 249,856 2008-01-13 02:29:40 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
----a-w 249,856 2008-01-15 04:54:15 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
----a-w 249,856 2008-01-15 05:00:35 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
----a-w 249,856 2008-01-16 04:05:31 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
----a-w 249,856 2008-01-16 04:05:32 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
----a-w 249,856 2008-01-16 04:05:34 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
----a-w 1,159,168 2008-01-15 04:54:02 C:\Program Files\Creative\VoiceCenter\AndreaVC .exe
----a-w 1,510,912 2008-01-15 05:01:07 C:\Program Files\Creative\VoiceCenter\AndreaVC .exe
----a-w 1,159,168 2008-01-16 04:13:32 C:\Program Files\Creative\VoiceCenter\AndreaVC .exe
----a-w 1,159,168 2008-01-16 04:13:35 C:\Program Files\Creative\VoiceCenter\AndreaVC .exe
----a-w 1,159,168 2008-01-16 04:13:38 C:\Program Files\Creative\VoiceCenter\AndreaVC .exe
----a-w 1,159,168 2008-01-16 04:13:40 C:\Program Files\Creative\VoiceCenter\AndreaVC .exe
----a-w 1,159,168 2008-01-16 04:13:42 C:\Program Files\Creative\VoiceCenter\AndreaVC .exe
----a-w 1,159,168 2008-01-16 04:13:44 C:\Program Files\Creative\VoiceCenter\AndreaVC .exe
----a-w 1,159,168 2008-01-16 04:13:47 C:\Program Files\Creative\VoiceCenter\AndreaVC .exe
----a-w 286,720 2008-01-15 04:54:07 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-16 04:20:58 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-16 04:21:00 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-16 04:21:02 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-16 04:21:03 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-16 04:21:05 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-16 04:21:07 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-16 04:21:09 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-16 04:21:11 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-16 04:21:13 C:\Program Files\QuickTime\qttask .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 18:40 24576 C:\WINDOWS\MIDIDEF.EXE]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2008-01-14 23:55 102400]
"PowerPanel Personal Edition User Interaction"="C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2008-01-14 23:55 262144]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [2008-01-14 23:56 3092480]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-14 23:56 15360]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2008-01-14 23:56 460784]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2008-01-14 23:57 5207368]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [2008-01-14 23:57 61440]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 16:46 135168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2008-01-14 23:53 32881]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 01:20 339968 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-01-14 23:53 139264]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2008-01-14 23:53 98304]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2008-01-14 23:53 57344]
"MBMon"="CTMBHA.DLL" [2005-05-19 09:54 1345520 C:\WINDOWS\system32\CTMBHA.DLL]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2008-01-14 23:53 90112]
"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC .exe" [2008-01-14 23:54 1159168]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-01-14 23:54 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2008-01-14 23:54 286720]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2008-01-14 23:54 110592]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-01-15 23:05 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2008-01-14 23:54 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2008-01-14 23:54 122940]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-14 23:54 1838592]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2008-01-14 23:54 8192]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2008-01-14 23:54 106496]
"A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2008-01-14 23:54 50744]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe" [2008-01-14 23:54 1880064]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2008-01-14 23:54 57344]
"ymetray"="C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe" [2008-01-14 23:54 40960]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2008-01-14 23:54 496752]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-01-14 23:54 344064]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2008-01-14 23:54 53248]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2008-01-14 23:55 126976]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2008-01-14 23:55 57344]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-14 23:55 271672]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-14 23:55 115560]
C:\Documents and Settings\John\Start Menu\Programs\Startup\
TrueAssistant.lnk - C:\Program Files\TrueAssistant\TrueAssistant.exe [2005-04-02 07:35:00 372224]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06 29696]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2006-03-23 20:12:32 156784]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-03-23 20:06:37 24576]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-06 18:05:23 124400]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 03:15:54 65588]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-12-31 21:35:23 118784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 15:51 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"
R0 SysPlant;SysPlant for NT;C:\WINDOWS\system32\Drivers\SysPlant.sys [2007-09-07 22:37]
R1 WPS;WPS;C:\WINDOWS\system32\drivers\wpsdrvnt.sys [2007-09-07 22:34]
R3 Teefer2;Teefer2 Miniport;C:\WINDOWS\system32\DRIVERS\teefer2.sys [2007-08-06 16:29]
S1 aha154xx;aha154xx;C:\WINDOWS\system32\drivers\aha154xx.sys []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 SNAC;Symantec Network Access Control;"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" [2007-09-07 22:35]
S3 WpsHelper;WpsHelper;C:\WINDOWS\system32\drivers\WpsHelper.sys [2007-06-21 18:03]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24abe41a-c501-11dc-902f-00137210d5c2}]
\Shell\AutoRun\command - F:\wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56466a8b-d4b4-11db-8eb0-00038a000015}]
\Shell\AutoRun\command - F:\system\viewer\Viewer.exe
\Shell\View your videos\command - F:\system\viewer\Viewer.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 23:17:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-30 23:19:00
ComboFix-quarantined-files.txt 2008-01-31 04:18:56
ComboFix2.txt 2008-01-30 03:07:32
ComboFix3.txt 2008-01-29 04:30:52
.
2008-01-10 02:23:16 --- E O F ---
---------------------------------