Hi Panda,
Thanks so much for your help. I hope I followed your directions carefully. Here's the ComboFix Data:ComboFix 09-02-12.03 - Matthew McClendon 2009-02-13 9:33:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.525 [GMT -7:00]
Running from: c:\documents and settings\Matthew McClendon\Desktop\ComboFix.exe
AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Updated)
FW: Trend Micro PC-cillin Internet Security (Firewall) *disabled*
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\bszip.dll
.
((((((((((((((((((((((((( Files Created from 2009-01-13 to 2009-02-13 )))))))))))))))))))))))))))))))
.
2009-02-09 15:55 . 2009-02-10 22:34 <DIR> d-------- c:\documents and settings\Matthew McClendon\Application Data\KeePass
2009-02-09 15:40 . 2009-02-09 15:40 <DIR> d-------- c:\program files\KeePass Password Safe
2009-02-08 17:01 . 2009-02-08 17:01 <DIR> d--hs---- c:\documents and settings\Matthew McClendon\PrivacIE
2009-02-08 17:01 . 2009-02-08 17:01 <DIR> d--hs---- c:\documents and settings\Matthew McClendon\IECompatCache
2009-02-08 16:59 . 2009-02-08 16:59 <DIR> d--hs---- c:\documents and settings\Matthew McClendon\IETldCache
2009-02-08 16:54 . 2009-02-08 16:54 <DIR> d-------- c:\windows\ie8updates
2009-02-08 16:52 . 2009-02-08 16:54 1,355 --a------ c:\windows\imsins.BAK
2009-02-08 16:49 . 2009-02-08 16:52 <DIR> d--h-c--- c:\windows\ie8
2009-02-08 16:47 . 2009-01-10 22:00 79,360 --------- c:\windows\system32\dllcache\iecompat.dll
2009-02-08 16:24 . 2009-02-08 16:24 <DIR> d--h----- c:\documents and settings\All Users\Application Data\{6BCFCEA8-FB8F-484F-8052-4633023B857C}
2009-02-06 14:09 . 2009-02-06 14:09 <DIR> d-------- c:\documents and settings\Matthew McClendon\Application Data\WinPatrol
2009-02-05 23:02 . 2009-02-06 01:39 <DIR> d-------- c:\program files\Windows Live Safety Center
2009-02-05 19:04 . 2009-02-05 19:04 <DIR> d-------- c:\program files\BillP Studios
2009-02-05 10:00 . 2009-02-05 10:00 <DIR> d-------- c:\program files\Sunbelt Software
2009-02-05 10:00 . 2009-02-05 10:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sunbelt
2009-02-05 09:05 . 2009-02-05 09:05 <DIR> d-------- c:\program files\AskBarDis
2009-02-05 09:04 . 2009-02-05 09:04 4,212 --ah----- c:\windows\system32\zllictbl.dat
2009-02-05 09:03 . 2009-02-05 09:04 <DIR> d-------- c:\windows\system32\ZoneLabs
2009-02-05 09:03 . 2009-02-05 09:03 <DIR> d-------- c:\program files\Zone Labs
2009-02-05 09:03 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\system32\zpeng25.dll
2009-02-05 09:03 . 2009-02-12 09:00 348,371 --a------ c:\windows\system32\vsconfig.xml
2009-02-05 09:02 . 2009-02-13 09:17 <DIR> d-------- c:\windows\Internet Logs
2009-02-04 13:33 . 2009-02-11 13:35 <DIR> d-------- c:\documents and settings\Matthew McClendon\Application Data\CallingID
2009-02-04 11:27 . 2009-02-04 11:27 <DIR> d-------- c:\program files\ExPLabs.com
2009-02-04 11:27 . 2009-02-04 11:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\ExPLabs.com
2009-02-03 13:48 . 2009-02-03 15:45 <DIR> d-------- c:\documents and settings\Matthew McClendon\.housecall6.6
2009-02-03 02:23 . 2009-02-03 01:15 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-03 01:15 . 2009-02-03 01:15 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-03 01:10 . 2009-02-03 01:10 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-15 02:22 . 2009-01-15 02:22 49,152 --------- c:\windows\system32\msrating.dll.mui
2009-01-15 02:21 . 2009-01-15 02:21 2,560 --------- c:\windows\system32\mshta.exe.mui
2009-01-15 02:19 . 2009-01-15 02:19 81,920 --------- c:\windows\system32\iedkcs32.dll.mui
2009-01-15 02:19 . 2009-01-15 02:19 4,096 --------- c:\windows\system32\ie4uinit.exe.mui
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 02:19 --------- d-----w c:\program files\PowerAgent
2009-02-06 02:14 --------- d-----w c:\program files\Trend Micro
2009-02-04 20:40 --------- d-----w c:\program files\Dl_cats
2009-02-03 07:18 --------- d-----w c:\program files\Google
2009-01-15 09:17 636,264 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-01-15 09:17 392,040 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
2009-01-15 09:13 5,888,512 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-15 09:12 10,963,968 ----a-w c:\windows\system32\dllcache\ieframe.dll
2009-01-15 09:06 236,544 ----a-w c:\windows\system32\dllcache\webcheck.dll
2009-01-15 09:06 105,984 ----a-w c:\windows\system32\dllcache\url.dll
2009-01-15 09:06 1,182,720 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-01-15 09:05 911,872 ----a-w c:\windows\system32\wininet.dll
2009-01-15 09:05 911,872 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-01-15 09:05 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-01-15 09:05 43,008 ----a-w c:\windows\system32\dllcache\licmgr10.dll
2009-01-15 09:05 193,536 ----a-w c:\windows\system32\dllcache\msrating.dll
2009-01-15 09:05 109,056 ----a-w c:\windows\system32\dllcache\occache.dll
2009-01-15 09:04 755,200 ----a-w c:\windows\system32\dllcache\VGX.dll
2009-01-15 09:04 25,600 ----a-w c:\windows\system32\dllcache\jsproxy.dll
2009-01-15 09:04 18,944 ----a-w c:\windows\system32\dllcache\corpol.dll
2009-01-15 09:04 18,944 ----a-w c:\windows\system32\corpol.dll
2009-01-15 09:02 611,840 ----a-w c:\windows\system32\dllcache\mstime.dll
2009-01-15 09:02 593,920 ----a-w c:\windows\system32\dllcache\msfeeds.dll
2009-01-15 09:02 1,975,296 ----a-w c:\windows\system32\dllcache\iertutil.dll
2009-01-15 09:01 66,560 ----a-w c:\windows\system32\dllcache\mshtmled.dll
2009-01-15 09:01 59,904 ----a-w c:\windows\system32\dllcache\icardie.dll
2009-01-15 09:01 54,272 ----a-w c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-15 09:01 46,592 ----a-w c:\windows\system32\dllcache\pngfilt.dll
2009-01-15 09:01 348,160 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
2009-01-15 09:01 34,304 ----a-w c:\windows\system32\imgutil.dll
2009-01-15 09:01 34,304 ----a-w c:\windows\system32\dllcache\imgutil.dll
2009-01-15 09:01 216,064 ----a-w c:\windows\system32\dllcache\dxtrans.dll
2009-01-15 09:01 183,808 ----a-w c:\windows\system32\dllcache\iepeers.dll
2009-01-15 09:00 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-01-15 09:00 48,128 ----a-w c:\windows\system32\dllcache\mshtmler.dll
2009-01-15 09:00 45,568 ----a-w c:\windows\system32\mshta.exe
2009-01-15 09:00 45,568 ----a-w c:\windows\system32\dllcache\mshta.exe
2009-01-15 08:53 68,608 ----a-w c:\windows\system32\dllcache\hmmapi.dll
2009-01-15 08:50 156,160 ----a-w c:\windows\system32\msls31.dll
2009-01-15 08:50 156,160 ----a-w c:\windows\system32\dllcache\msls31.dll
2009-01-15 08:35 445,440 ----a-w c:\windows\system32\dllcache\ieapfltr.dll
2008-12-25 06:53 --------- d-----w c:\program files\Lavasoft
2008-12-25 06:53 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-20 23:12 --------- d-----w c:\program files\Java
2008-12-18 06:21 --------- d-----w c:\program files\Bonjour
2008-12-18 06:20 --------- d-----w c:\program files\iTunes
2008-12-18 06:20 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-18 06:19 --------- d-----w c:\program files\iPod
2008-12-18 06:16 --------- d-----w c:\program files\QuickTime
2008-12-18 06:14 --------- d-----w c:\program files\Common Files\Apple
2008-12-12 18:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-12-12 18:11 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2006-09-20 23:45 56 --sh--r c:\windows\system32\BB709C46B3.sys
2006-09-20 23:45 3,558 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-05-09 06:28 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050920080510\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 18:22 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 176201]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-12-12 312200]
"dlcqmon.exe"="c:\program files\Dell Photo AIO Printer 966\dlcqmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 966\memcard.exe" [2006-12-12 304008]
"DLCQCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll" [2006-10-15 106496]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-03 509784]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"LinkScanner Monitor"="c:\program files\ExPLabs.com\LinkScanner\LinkScannerMonitor.exe" [2008-07-02 2163992]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-01-13 24576]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 15:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dlcqcoms.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-03 64160]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2009-02-05 464264]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-08-30 205328]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-08-30 36368]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-08-30 290889]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-08-30 585792]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-08-30 262215]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2007-03-10 647242]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-02-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-03 01:15]
2009-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-WinPatrol - c:\program files\BillP Studios\WinPatrol\winpatrol.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gmail.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\program files\ExPLabs.com\LinkScanner\wrnetdrv.dll
FF - ProfilePath - c:\documents and settings\Matthew McClendon\Application Data\Mozilla\Firefox\Profiles\9zfpwc0l.default\
FF - prefs.js: browser.startup.homepage - hxxps://webmail.uscable.net/
FF - component: c:\program files\ExPLabs.com\LinkScanner\Firefox\components\SearchShield.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-02-13 09:34:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCQCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1060)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
- - - - - - - > 'lsass.exe'(1116)
c:\program files\ExPLabs.com\LinkScanner\wrnetdrv.dll
.
Completion time: 2009-02-13 9:36:31
ComboFix-quarantined-files.txt 2009-02-13 16:36:18
Pre-Run: 11,782,205,440 bytes free
Post-Run: 12,241,727,488 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
233 --- E O F --- 2009-02-11 05:48:03
I didn't save this to my desk top. so it took a little digging around to find it. I hope that this is the ComboFix data your are after. Should I be concerned about quarantined files? I also found this:2000-10-27 16:23:18 A------- 50,688 C:\Qoobox\Quarantine\C\WINDOWS\system32\BSZIP.DLL.vir
2009-02-13 09:29:06 A------- 58 C:\Qoobox\Quarantine\catchme.log
2009-02-13 09:34:06 A------- 7,572 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-02-13 09:35:23 A------- 173 C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2009-02-13 09:35:24 A------- 167 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-WinPatrol.reg.dat
2009-02-13 09:35:24 A------- 184 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-DellSupportCenter.reg.dat
Here's the GMER Log:GMER 1.0.14.14536 -
http://www.gmer.netRootkit scan 2009-02-13 09:50:21
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xF403F8D0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xF403C6E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xF4049490]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xF403FE90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xF403FF80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF403CC70]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xF4049D10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xF4049AC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xF404A230]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF404A2B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xF403CAD0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xF404A970]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xF404A3D0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xF403F4F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xF404A7C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF403CEA0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xF4049800]
---- Kernel code sections - GMER 1.0.14 ----
? srescan.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F4044410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F4044220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F4044B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F4042780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F4042780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F4044410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F4044220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F4044B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F4044410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F4042780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F4044B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F4044220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F4044B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F4044220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F4044410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F4042780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F4044410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F4044220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F4044B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F4044B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F4044220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F4042780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F4044410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F4044410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F4042780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F4044B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F4044220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Ntfs \Ntfs Tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs Tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver/Trend Micro Inc.)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver/Trend Micro Inc.)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver/Trend Micro Inc.)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver/Trend Micro Inc.)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \FileSystem\Fastfat \Fat F0061D20
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat Tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \FileSystem\Fastfat \Fat Tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)
---- EOF - GMER 1.0.14 ----
As far as changes since I last posted, I ran CCleaner on the machine to help speed it up. I ran it and removed some unecessary stuff, according to the program at least.
I added KeePass to keep my passwords safe and also installed Link Scanner to try it out in hopes of keeping me safe on-line. I also went to Microsoft to update Windows, but I don't think any were needed other than having to update IE in order to access the MS update site. I did have some problems with getting Active X to work. For some reason my IE shortcut key has the add-ons disabled.
I was trying out WinPatrol but I uninstalled it because I'm not savvy enough to work with it.
I've also ran some virus scans through AdAware, Trend and Microsoft since then - all which have come back clean except for tracking cookies. The only other changes I can think of is adding a few songs to my iTunes and backing up all of my files to an external hard-drive. THANKS AGAIN FOR ALL YOUR HELP!