Here is the log:
ComboFix 10-06-29.04 - FITZPATRICK 2010-06-30 9:07.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.287 [GMT -4:00]
Running from: c:\documents and settings\FITZPATRICK\Desktop\Combo-Fix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15.inf
c:\windows\Install.txt
c:\windows\system32\IpSvchostF.dll
c:\windows\system32\syspilog.pil
c:\windows\system32\tmp0_8855371163.bk
c:\windows\system32\tmp1_719160608463.bk
c:\windows\system32\winsusrm.dll
Infected copy of c:\windows\system32\drivers\sparrow.sys was found and disinfected
Restored copy from - Kitty had a snack :p
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe
.
((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-30 )))))))))))))))))))))))))))))))
.
2010-06-28 13:20 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-28 13:07 . 2010-06-28 13:07 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-28 13:06 . 2010-06-28 13:06 -------- d-----w- c:\documents and settings\FITZPATRICK\Local Settings\Application Data\NOS
2010-06-28 13:06 . 2010-06-28 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-28 13:05 . 2010-06-28 13:06 -------- d-----w- c:\program files\NOS
2010-06-23 20:13 . 2001-08-17 17:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-06-23 20:13 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-06-23 19:27 . 2010-06-23 19:27 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-06-23 19:15 . 2010-06-23 19:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-06-23 19:15 . 2010-06-23 19:15 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-06-22 00:42 . 2010-06-22 00:42 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-06-16 17:08 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-06-16 17:08 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-06-15 17:37 . 2010-06-15 17:40 -------- d-----w- c:\documents and settings\FITZPATRICK\Application Data\SnapTeam
2010-06-15 17:37 . 2010-06-15 17:37 -------- d-----w- c:\program files\Snap
2010-06-15 17:23 . 2007-04-13 12:56 135168 ----a-r- c:\windows\system32\setupfilter.exe
2010-06-15 17:23 . 2010-06-15 17:23 -------- d-----w- c:\windows\EffectResources
2010-06-15 17:23 . 2007-04-13 12:56 475264 ----a-r- c:\windows\system32\drivers\vmfilter323.sys
2010-06-15 17:23 . 2007-04-13 12:56 219648 ----a-r- c:\windows\system32\drivers\usbvm326.sys
2010-06-09 12:48 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-28 14:04 . 2007-01-26 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-28 14:02 . 2009-06-01 16:31 -------- d-----w- c:\program files\CCleaner
2010-06-28 13:20 . 2004-10-10 02:50 -------- d-----w- c:\program files\Common Files\Java
2010-06-28 13:19 . 2005-09-20 15:33 -------- d-----w- c:\program files\Java
2010-06-28 13:10 . 2004-10-18 22:39 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-27 15:20 . 2008-08-13 22:08 -------- d-----w- c:\program files\Trend Micro
2010-06-26 23:49 . 2009-05-19 14:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-22 00:42 . 2010-06-22 00:42 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-06-16 23:09 . 2010-06-16 21:05 -------- d-----w- c:\documents and settings\FITZPATRICK\Application Data\Skype
2010-06-16 23:07 . 2009-02-10 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Tencent
2010-06-16 23:06 . 2007-03-27 18:42 -------- d-----w- c:\program files\iWin.com
2010-06-16 21:08 . 2010-06-16 21:08 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-16 21:08 . 2010-06-16 21:08 -------- d-----w- c:\documents and settings\FITZPATRICK\Application Data\skypePM
2010-06-16 20:59 . 2010-06-16 20:58 -------- d-----r- c:\program files\Skype
2010-06-16 20:58 . 2010-06-16 20:58 -------- d-----w- c:\program files\Common Files\Skype
2010-06-16 20:58 . 2010-06-16 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-06-16 14:12 . 2008-09-29 18:56 -------- d-----w- c:\documents and settings\FITZPATRICK\Application Data\wsInspector
2010-06-10 23:12 . 2007-01-08 23:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-08 12:57 . 2005-12-02 13:10 -------- d-----w- c:\program files\Google
2010-05-06 20:59 . 2009-01-22 21:17 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2009-01-22 21:18 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2009-01-22 21:17 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2009-01-22 21:18 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2009-01-22 21:17 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2009-01-22 21:17 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2009-01-22 21:17 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2009-01-22 21:18 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-06 10:41 . 2004-08-12 14:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-12 14:09 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2009-05-19 14:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-05-19 14:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2004-08-12 13:55 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-14 16:47 . 2009-01-22 21:18 38848 ----a-w- c:\windows\system32\avastSS.scr
2005-12-02 13:11 . 2005-12-02 13:11 774144 ----a-w- c:\program files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-03-29 290816]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-06-01 341312]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2003-07-15 34880]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2004-10-9 36953]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [2009-06-02 28544]
R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [2009-01-22 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [2009-01-22 19024]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 135664]
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\SYSTEM32\DRIVERS\lne100v5.sys [2008-09-29 36224]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\SYSTEM32\DRIVERS\mr97310v.sys [2004-03-30 118106]
S3 usbvm328;HP Camera;c:\windows\SYSTEM32\DRIVERS\usbvm326.sys [2010-06-15 219648]
S3 vmfilter323;VC0326 filter service for Serome;c:\windows\SYSTEM32\DRIVERS\vmfilter323.sys [2010-06-15 475264]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-06-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 17:25]
2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 17:25]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} -
hxxp://lads.myspace.com/upload/MySpaceUploader2.cab.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-06-30 09:21
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(592)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\wanmpsvc.exe
c:\program files\Dell Photo AIO Printer 922\dlbtbmon.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\AIM6\anotify.exe
.
**************************************************************************
.
Completion time: 2010-06-30 09:33:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-30 13:33
Pre-Run: 3,962,949,632 bytes free
Post-Run: 3,889,516,544 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 64F5756A4F93A9514A45AC4BFCAEB63C