Broni....... cleanup Gateway

[buetow]

Performed as directed............

New CF Log:

ComboFix 09-07-06.02 - Owner 07/06/2009 16:36.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.657 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\atf\Qctest\PCDoc\PCDRDRV.sys"
"c:\docume~1\Owner\LOCALS~1\Temp\jfdcd.sys"
"c:\documents and settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_JFDCD
-------\Service_jfdcd
-------\Service_PCDRDRV


((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))
.

2009-07-06 01:22 . 2009-07-06 01:22 -------- d-----w- c:\program files\Trend Micro
2009-07-05 23:43 . 2009-07-05 23:43 -------- d-----w- c:\program files\Copy of Fox
2009-07-05 21:24 . 2009-07-05 21:24 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-07-05 21:24 . 2009-06-17 16:27 38160 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-07-05 21:24 . 2009-07-05 21:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-05 21:24 . 2009-07-05 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-05 21:24 . 2009-06-17 16:27 19096 ----a-w- c:\winnt\system32\drivers\mbam.sys
2009-07-05 21:18 . 2008-10-16 19:06 268648 ----a-w- c:\winnt\system32\mucltui.dll
2009-07-05 21:18 . 2008-10-16 19:06 208744 ----a-w- c:\winnt\system32\muweb.dll
2009-07-05 16:20 . 2009-07-06 01:19 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-05 16:19 . 2009-07-05 16:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-05 16:19 . 2009-07-05 16:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-05 16:19 . 2009-07-05 16:19 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-07-05 15:44 . 2009-07-05 15:44 -------- d-----w- c:\winnt\system32\scripting
2009-07-05 15:44 . 2009-07-05 15:44 -------- d-----w- c:\winnt\l2schemas
2009-07-05 15:43 . 2009-07-05 15:43 -------- d-----w- c:\winnt\system32\en
2009-07-03 18:23 . 2009-07-03 18:23 -------- d-----w- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 21:42 . 2003-02-18 20:58 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-06 21:42 . 2005-06-22 20:26 384 ----a-w- c:\winnt\system32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-00581102}.dat
2009-07-06 21:42 . 2005-06-22 20:26 384 ----a-w- c:\winnt\system32\DVCState-{00000002-00000000-00000001-00001102-00000004-00581102}.dat
2009-07-06 21:29 . 2008-12-31 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-06 01:06 . 2006-06-16 19:31 -------- d-----w- c:\program files\Logitech
2009-07-06 01:05 . 2003-04-20 20:22 -------- d-----w- c:\program files\Greeting Card Creator 32
2009-07-06 01:04 . 2005-09-25 13:58 -------- d-----w- c:\program files\Google
2009-07-05 23:14 . 2003-02-18 19:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-05 23:09 . 2003-02-18 20:54 -------- d-----w- c:\program files\Gateway
2009-07-05 16:18 . 2006-08-22 22:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-05 15:47 . 2002-09-03 18:33 88179 ----a-w- c:\winnt\PCHealth\HelpCtr\OfflineCache\index.dat
2009-06-24 22:59 . 2003-02-18 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-05-24 21:04 . 2009-05-24 21:04 -------- d-----w- c:\program files\Overland
2009-05-14 18:05 . 2009-03-31 22:23 530083 ----a-w- C:\HC4DecommissionScheduler.exe
2009-05-09 20:28 . 2009-05-09 20:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-05-09 20:28 . 2009-05-09 20:27 -------- d-----w- c:\program files\iTunes
2009-05-09 20:28 . 2009-05-09 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-09 20:27 . 2009-05-09 20:27 -------- d-----w- c:\program files\iPod
2009-05-09 20:27 . 2009-05-09 20:25 -------- d-----w- c:\program files\Common Files\Apple
2009-05-09 20:27 . 2009-05-09 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-09 20:26 . 2009-05-09 20:26 -------- d-----w- c:\program files\Bonjour
2009-05-09 20:26 . 2003-02-26 01:20 -------- d-----w- c:\program files\QuickTime
2009-05-09 20:25 . 2009-05-09 20:25 -------- d-----w- c:\program files\Apple Software Update
2009-05-09 20:25 . 2009-05-09 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-05-07 15:32 . 1980-01-01 06:00 345600 ----a-w- c:\winnt\system32\localspl.dll
2009-04-29 04:46 . 2006-06-23 16:33 666624 ----a-w- c:\winnt\system32\wininet.dll
2009-04-29 04:46 . 2004-08-04 07:56 81920 ------w- c:\winnt\system32\ieencode.dll
2009-04-17 12:26 . 1980-01-01 06:00 1847168 ----a-w- c:\winnt\system32\win32k.sys
2009-04-16 11:47 . 2009-04-15 18:49 29271 ----a-w- c:\winnt\hpoins03.dat
2009-04-15 19:21 . 2009-04-15 19:21 128 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat
2009-04-15 14:51 . 2004-05-20 15:26 585216 ----a-w- c:\winnt\system32\rpcrt4.dll
2008-08-12 15:13 . 2008-08-10 06:19 2732032 ----a-w- c:\program files\ventrilo-3.0.1-Windows-i386.exe
2008-01-10 20:58 . 2008-01-10 21:03 45943224 -c--a-w- c:\program files\169.21_forceware_winxp_32bit_english_whql.exe
2007-03-23 17:09 . 2007-03-23 17:09 28288 -c--a-w- c:\program files\1000-places.kml
2007-03-05 17:29 . 2007-03-05 17:29 1722 -c-ha-w- c:\program files\hpothb07.dat
2007-03-05 17:29 . 2007-03-05 17:29 18216 -c-ha-w- c:\program files\hpothb07.tif
2006-08-22 23:04 . 2006-08-22 23:04 2010624 -c--a-w- c:\program files\ventrilo-2.3.0-Windows-i386.exe
2005-11-12 07:36 . 2005-11-12 07:36 1151227 -c--a-w- c:\program files\ventrilo_2.1.3.exe
2005-09-25 13:57 . 2005-09-25 13:57 11693024 -c--a-w- c:\program files\GoogleEarthSetup.exe
2005-09-17 00:19 . 2005-09-17 00:43 5862994 -c--a-w- c:\program files\Teamspeak2.exe
2004-05-08 18:52 . 2004-05-08 18:52 2710296 -c--a-w- c:\program files\WindowsXP-KB835732-x86-ENU.EXE
2003-03-21 01:53 . 2003-03-21 02:10 9302063 -c--a-w- c:\program files\MHENDEMO.EXE
2002-03-17 01:08 . 2002-03-17 01:14 41319 -c--a-w- c:\program files\wizardry8.gif
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2007-12-05 8523776]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2004-7-21 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-1-11 805392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AloPar.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Parallel Arbitrator]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINNT\\system32\\PnkBstrA.exe"=
"c:\\WINNT\\system32\\PnkBstrB.exe"=
"c:\\WINNT\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:*isabled:Blizzard Downloader: 3724

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [06/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [06/23/2009 11:01 AM 72944]
R1 SSHDRV65;SSHDRV65;c:\winnt\system32\drivers\SSHDRV65.sys [06/11/2004 7:38 PM 120320]
R1 SSHDRV77;SSHDRV77;c:\winnt\system32\drivers\SSHDRV77.sys [06/11/2004 8:10 PM 79360]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [01/25/2008 8:47 PM 149352]
R2 RioPNP;RioPNP;c:\winnt\system32\drivers\RioPnP.sys [02/18/2003 3:58 PM 6736]
R2 SVKP;SVKP;c:\winnt\system32\SVKP.sys [01/22/2004 3:46 PM 2368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [02/28/2009 8:02 PM 101936]
S2 wscann;wscann;c:\winnt\system32\drivers\WSCANN.SYS [02/25/2003 7:40 PM 124640]
S3 COH_Mon;COH_Mon;c:\winnt\system32\drivers\COH_Mon.sys [01/12/2008 9:32 PM 23888]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [06/23/2009 11:01 AM 7408]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 Wdm1;USB Bridge Cable Driver;c:\winnt\system32\Drivers\usbbc.sys --> c:\winnt\system32\Drivers\usbbc.sys [?]
S4 AloPar;AloPar;c:\winnt\system32\drivers\AloPar.sys [03/10/2003 10:24 PM 4112]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*NewlyCreated* - NMSCFG
*NewlyCreated* - NMSSVC
.
Contents of the 'Scheduled Tasks' folder

2009-07-02 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-07-06 c:\winnt\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-31 02:42]

2009-06-23 c:\winnt\Tasks\Norton Internet Security - Run Full System Scan - Owner.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 14:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://hometab.bellsouth.net/
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: {{9239E4EC-C9A6-11D2-A844-00C04F68D538}
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 16:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(932)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2836)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\winnt\system32\NMSSvc.Exe
c:\winnt\system32\nvsvc32.exe
c:\winnt\system32\PnkBstrA.exe
c:\winnt\system32\PnkBstrB.exe
c:\program files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\winnt\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2009-07-06 16:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-06 21:48
ComboFix2.txt 2009-07-06 02:24

Pre-Run: 43,939,373,056 bytes free
Post-Run: 43,922,944,000 bytes free

210 --- E O F --- 2009-07-06 00:57