That worked!
Thank you!
Here's the ComboFix results:ComboFix 09-03-26.03 - volcomst0ne56 2009-03-28 7:40:17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.709 [GMT -7:00]
Running from: c:\documents and settings\volcomst0ne56\Desktop\Combo-Fix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Solt Lake Software
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081202184223890.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081204161600468.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081204165725484.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081204184843578.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081206121442218.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081206121702687.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081208173237312.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081209163354062.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081209175310156.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081209180055578.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081210095858343.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081210162915218.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081210215710140.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081211230118093.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081213224747375.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090106172239687.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090107170910359.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090108164704328.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090109230506765.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090109231212625.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090112170141500.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090113171431555.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090114173417500.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090115153836359.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090118220337187.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090120173902750.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090121173659375.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090125120939453.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090126124810828.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090130203813562.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090202164654562.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090204081607751.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090204164308421.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090207080708984.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090207101720750.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090209170229156.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090211170232562.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090213124729328.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090218154754343.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090219172408453.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090224182929031.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090305212232453.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090306144841765.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090306193429890.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090311154532656.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090312155819062.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090318151914562.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090318152057500.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\proas2009.exe
c:\documents and settings\Owner\Application Data\Google\dfxvideo.dll
c:\documents and settings\Owner\Application Data\Google\ggqjh22510678.exe
c:\documents and settings\Owner\Application Data\Google\T-Scan
c:\documents and settings\Owner\Application Data\Google\T-Scan\n.gif
c:\documents and settings\Owner\Application Data\Google\T-Scan\t.gif
c:\documents and settings\Owner\Application Data\Google\T-Scan\y.gif
c:\program files\Common\helper.sig
c:\windows\system32\drivers\svchost.exe
c:\windows\system32\Drivers\TDSSpaxt.sys
c:\windows\system32\TDSScfub.dll
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSoexh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSStkdv.log
c:\windows\system32\winsrc.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-28 )))))))))))))))))))))))))))))))
.
2009-03-24 08:45 . 2009-03-24 08:45 <DIR> d-------- c:\program files\Trend Micro
2009-03-22 12:23 . 1999-05-07 13:24 414,944 --------- c:\windows\system32\COMCT332.OCX
2009-03-22 12:23 . 1998-11-10 10:46 328,480 --------- c:\windows\system32\ssa3d30.ocx
2009-03-22 12:23 . 1998-09-24 12:03 171,967 --a------ c:\windows\system32\Odbcjet.hlp
2009-03-22 12:23 . 2000-10-11 16:02 167,936 --------- c:\windows\system32\RcdScan.dll
2009-03-22 12:23 . 2000-05-08 20:50 29,344 --------- c:\windows\system32\drivers\cmosa.sys
2009-03-22 12:23 . 1998-09-24 12:03 7,348 --a------ c:\windows\system32\Odbcjet.cnt
2009-03-22 12:18 . 2009-03-22 12:18 <DIR> d----c--- C:\SavedPetz
2009-03-22 11:46 . 2009-03-22 11:46 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-22 11:46 . 2009-03-22 11:46 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-03-22 11:45 . 2009-03-22 12:14 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-03-22 11:45 . 2007-08-31 12:13 1,421,736 --a------ c:\windows\system32\wdfcoinstaller01005.dll
2009-03-22 11:45 . 2008-04-13 17:11 21,504 --a------ c:\windows\system32\drivers\hidserv.dll
2009-03-22 11:45 . 2007-08-31 12:15 18,856 --a------ c:\windows\system32\drivers\nuidfltr.sys
2009-03-21 14:27 . 2004-08-27 02:54 <DIR> d-------- c:\documents and settings\Test\WINDOWS
2009-03-21 14:27 . 2005-10-21 17:37 <DIR> d-------- c:\documents and settings\Test\Application Data\You've Got Pictures Screensaver
2009-03-21 14:27 . 2005-10-21 17:38 <DIR> d-------- c:\documents and settings\Test\Application Data\SampleView
2009-03-21 14:27 . 2009-03-21 14:27 <DIR> d-------- c:\documents and settings\Test
2009-03-17 19:41 . 2009-03-17 19:41 <DIR> d-------- c:\program files\AIM Music Link
2009-03-17 08:24 . 2009-03-17 08:24 <DIR> d-------- c:\documents and settings\volcomst0ne56\Application Data\AdobeUM
2009-03-15 13:49 . 2009-03-15 13:49 <DIR> d-------- c:\documents and settings\volcomst0ne56\Application Data\acccore
2009-03-15 13:49 . 2009-03-15 13:49 21 --a------ c:\windows\atid.ini
2009-03-15 13:31 . 2009-03-15 13:31 <DIR> d-------- c:\program files\Common Files\Software Update Utility
2009-03-15 13:26 . 2009-03-15 13:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore
2009-03-15 13:25 . 2009-03-15 13:49 <DIR> d-------- c:\program files\AIM6
2009-03-15 13:25 . 2009-03-15 13:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL OCP
2009-03-15 13:25 . 2009-03-19 20:01 1,430 --ah-c--- C:\IPH.PH
2009-03-15 13:03 . 2009-03-15 13:03 <DIR> d-------- c:\program files\Common Files\Adobe AIR
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-28 14:40 --------- d-----w c:\program files\Common
2009-03-22 19:23 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-22 19:18 --------- d-----w c:\program files\Sierra
2009-03-22 19:18 --------- d-----w c:\program files\Google
2009-03-22 19:17 --------- d-----w c:\program files\Encore
2009-03-22 19:13 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-03-22 19:13 --------- d-----w c:\documents and settings\All Users\Application Data\Napster
2009-03-18 23:22 --------- d-----w c:\program files\Lx_cats
2009-03-15 20:25 --------- d-----w c:\program files\Common Files\AOL
2009-03-15 20:25 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-03-15 17:41 --------- d-----w c:\program files\Microsoft Money 2005
2009-02-13 21:32 10,696 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-02-11 19:20 --------- d-----w c:\documents and settings\lsaludares\Application Data\AdobeUM
2008-09-09 08:24 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090920080910\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-25 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-25 114688]
"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 73728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-03-26 155648]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
R1 cmosa;cmosa;c:\windows\system32\drivers\cmosa.sys [2009-03-22 29344]
R2 ZipMagic Task Manager;ZipMagic Task Manager;c:\progra~1\Allume\ZipMagic\MXTask.exe -Service --> c:\progra~1\Allume\ZipMagic\MXTask.exe -Service [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f1c61b5-4474-11da-a9dd-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.gateway.com/IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-03-28 07:46:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\wdfmgr.exe
c:\progra~1\Allume\ZipMagic\MXTask.exe
c:\progra~1\Allume\ZipMagic\MXTask.exe
c:\windows\system32\wscntfy.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-03-28 7:48:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-28 14:48:27
Pre-Run: 224,414,367,744 bytes free
Post-Run: 225,025,630,208 bytes free
193 --- E O F --- 2009-03-20 04:09:57
New HJT LogLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:54:16 AM, on 3/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRA~1\Allume\ZipMagic\MXTask.exe
C:\PROGRA~1\Allume\ZipMagic\mxtask.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.gateway.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://go.microsoft.com/fwlink/?LinkId=74005O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US
ee://aol/imAppO8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
http://dl8-cdn-01.sun.com/s/ESD44/JSCDL ... 586-jc.cabO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ZipMagic Task Manager - Allume Systems, Inc. - C:\PROGRA~1\Allume\ZipMagic\MXTask.exe
--
End of file - 4710 bytes