Hijacked home page

At last, that took some doing......

here is gmer.txt

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-19 07:22:48
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\bryanc\LOCALS~1\Temp\kgrorpog.sys


---- System - GMER 1.0.15 ----

SSDT 8A67DA80 ZwAlertResumeThread
SSDT 8A681EC0 ZwAlertThread
SSDT 8A483EE8 ZwAllocateVirtualMemory
SSDT 8A42A170 ZwConnectPort
SSDT 8A439D20 ZwCreateMutant
SSDT 8A432918 ZwCreateThread
SSDT 8A5A6EC0 ZwFreeVirtualMemory
SSDT 8A42FEA8 ZwImpersonateAnonymousToken
SSDT 8A67F5F0 ZwImpersonateThread
SSDT 8A6283C8 ZwMapViewOfSection
SSDT 8A42A940 ZwOpenEvent
SSDT 8A5672E8 ZwOpenProcessToken
SSDT 8A403420 ZwOpenThreadToken
SSDT 87C1C4E0 ZwResumeThread
SSDT 8B00D678 ZwSetContextThread
SSDT 8A3F6378 ZwSetInformationProcess
SSDT 87B31910 ZwSetInformationThread
SSDT 8A445BC8 ZwSuspendProcess
SSDT 8B013388 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB204F0B0]
SSDT 8A67C450 ZwTerminateThread
SSDT 8A67D9A0 ZwUnmapViewOfSection
SSDT 8A48CEE8 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C08 805044A4 4 Bytes CALL 14DA8CE7
.text ntkrnlpa.exe!ZwCallbackReturn + 2DB0 8050464C 4 Bytes CALL 14DA9CC3
.text ntkrnlpa.exe!ZwCallbackReturn + 3018 805048B4 4 Bytes CALL 68DA9187
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB827E380, 0x381B8D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[1704] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Ext2Fsd.SYS (Ext2 File System Driver for Windows/www.ext2fsd.com)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Please download ComboFix from BleepingComputer.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

I'm doing this now. While it happens, one quick question please. Is the vbs.runauto that Symantic picks up everytime I plug in the thumb drives anything to worry about?

see ya

Combo fix log follows


ComboFix 09-12-18.01 - BryanC 19/12/2009 11:05:29.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3572.2580 [GMT 11:00]
Running from: c:\documents and settings\bryanc\desktop\commy.exe
Command switches used :: /stepdel
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\st326159.dll

----- BITS: Possible infected sites -----

hxxp://hp-server:8530
.
((((((((((((((((((((((((( Files Created from 2009-11-19 to 2009-12-19 )))))))))))))))))))))))))))))))
.

2009-12-16 09:54 . 2009-12-16 09:54 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-10 00:23 . 2009-10-21 05:38 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2009-12-10 00:23 . 2009-10-21 05:38 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2009-12-10 00:23 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-12-10 00:23 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-10 00:23 . 2009-10-12 13:38 149504 -c----w- c:\windows\system32\dllcache\rastls.dll
2009-12-10 00:23 . 2009-10-12 13:38 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2009-12-10 00:23 . 2009-10-13 10:30 270336 -c----w- c:\windows\system32\dllcache\oakley.dll
2009-12-04 19:27 . 2009-12-04 19:27 -------- d-----w- c:\program files\Trend Micro
2009-12-04 14:56 . 2009-12-04 14:56 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2009-12-04 09:50 . 2009-12-04 20:36 117760 ----a-w- c:\documents and settings\bryanc\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-04 09:50 . 2009-12-04 09:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-04 09:49 . 2009-12-04 09:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-03 10:29 . 2009-12-03 10:29 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-02 20:19 . 2009-12-02 20:19 4045527 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-02 20:18 . 2009-12-03 05:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-02 20:18 . 2009-12-03 05:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-02 12:00 . 2009-12-02 12:00 -------- d-----w- c:\documents and settings\bryanc\Application Data\Malwarebytes
2009-12-02 12:00 . 2009-12-15 11:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-02 12:00 . 2009-12-02 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-02 08:59 . 2009-12-04 20:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-02 08:59 . 2009-12-02 08:59 -------- d-----w- c:\documents and settings\bryanc\Application Data\SUPERAntiSpyware.com
2009-11-27 19:28 . 2009-11-27 19:28 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-27 19:28 . 2009-11-27 19:28 -------- d-----w- c:\windows\system32\winrm
2009-11-26 22:27 . 2009-11-27 19:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-26 22:27 . 2009-11-27 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-23 20:13 . 2009-11-23 20:13 4150 ----a-r- c:\documents and settings\bryanc\Application Data\Microsoft\Installer\{1F9ED934-AD0F-4879-BDFB-ED02BA2BB14F}\ARPPRODUCTICON.exe
2009-11-23 20:12 . 2009-11-23 20:12 -------- d-----w- c:\program files\Microsoft Voice Command
2009-11-23 12:28 . 2008-10-16 22:30 621056 ----a-r- c:\windows\system32\drivers\mod7700.sys
2009-11-23 12:28 . 2008-10-16 22:30 113664 ----a-r- c:\windows\system32\drivers\ewusbnet.sys
2009-11-23 12:28 . 2008-10-16 22:30 101376 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys
2009-11-23 12:28 . 2008-10-16 22:30 24448 ----a-r- c:\windows\system32\drivers\ewdcsc.sys
2009-11-23 12:28 . 2009-11-27 19:29 -------- d-----w- c:\program files\Optus Wireless Broadband
2009-11-20 11:39 . 2009-11-27 19:29 -------- d-----w- c:\documents and settings\bryanc\Application Data\DivX
2009-11-20 11:37 . 2009-11-27 19:28 -------- d-----w- c:\program files\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-19 00:03 . 2009-09-07 10:03 -------- d-----w- c:\documents and settings\bryanc\Application Data\U3
2009-12-18 23:49 . 2009-09-05 23:41 -------- d-----w- c:\documents and settings\bryanc\Application Data\Skype
2009-12-18 21:01 . 2009-09-05 23:44 -------- d-----w- c:\documents and settings\bryanc\Application Data\skypePM
2009-12-18 20:41 . 2009-09-04 11:15 -------- d-----w- c:\documents and settings\bryanc\Application Data\uTorrent
2009-12-18 20:40 . 2009-09-02 23:31 0 ----a-w- c:\documents and settings\bryanc\Local Settings\Application Data\WavXMapDrive.bat
2009-12-18 06:36 . 2009-10-07 07:48 708928 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-18 05:57 . 2009-09-03 02:30 -------- d-----w- c:\program files\Paint Shop Pro 5
2009-12-16 21:40 . 2009-08-26 09:53 42206 ----a-w- c:\windows\system32\nvModes.dat
2009-12-10 07:06 . 2009-08-26 10:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-10 01:47 . 2009-08-26 10:38 -------- d-----w- c:\program files\Microsoft SQL Server
2009-12-10 01:42 . 2009-08-26 10:33 -------- d-----w- c:\program files\Microsoft.NET
2009-12-10 01:40 . 2009-08-26 10:40 -------- d-----w- c:\program files\Microsoft Small Business
2009-12-04 14:56 . 2009-09-03 07:40 -------- d-----w- c:\program files\Google
2009-11-29 04:41 . 2009-09-03 12:37 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-11-29 04:41 . 2009-08-26 10:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-21 15:51 . 2008-04-25 16:16 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 12:28 . 2009-09-04 09:18 -------- d-----w- c:\program files\Photomatix
2009-11-14 02:07 . 2009-11-14 02:06 -------- d-----w- c:\program files\iTunes
2009-11-14 02:06 . 2009-11-14 02:06 -------- d-----w- c:\program files\iPod
2009-11-14 02:06 . 2009-09-03 06:39 -------- d-----w- c:\program files\Common Files\Apple
2009-11-14 01:58 . 2009-11-14 01:58 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-13 22:57 . 2009-11-13 22:57 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-11-13 22:57 . 2009-11-13 22:57 426496 ------w- c:\windows\system32\imapi2.dll
2009-10-29 07:45 . 2008-04-25 16:16 916480 ------w- c:\windows\system32\wininet.dll
2009-10-27 07:04 . 2009-09-03 04:24 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-21 05:38 . 2008-04-25 16:16 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-25 16:16 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 00:23 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-19 02:06 . 2009-10-19 02:06 223232 ------w- c:\windows\system32\wksprt.exe
2009-10-19 02:06 . 2009-10-19 02:06 46080 ------w- c:\windows\system32\TSWbPrxy.exe
2009-10-19 02:06 . 2009-10-19 02:06 12800 ------w- c:\windows\system32\wksprtPS.dll
2009-10-19 02:06 . 2008-04-25 21:26 36864 ----a-w- c:\windows\system32\tsgQec.dll
2009-10-19 02:06 . 2008-04-25 21:26 1033728 ----a-w- c:\windows\system32\mstsc.exe
2009-10-19 02:06 . 2008-04-25 21:26 2689024 ----a-w- c:\windows\system32\mstscax.dll
2009-10-19 02:06 . 2009-10-19 02:06 44544 ------w- c:\windows\system32\MsRdpWebAccess.dll
2009-10-19 02:06 . 2008-04-25 21:26 130560 ----a-w- c:\windows\system32\aaclient.dll
2009-10-18 21:32 . 2009-10-18 21:32 152576 ----a-w- c:\documents and settings\bryanc\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-10-15 21:53 . 2009-09-02 23:40 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-15 21:53 . 2009-09-02 23:40 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-13 10:30 . 2008-04-25 16:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-25 16:16 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-25 16:16 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-09 05:23 . 2009-10-09 05:23 1107456 ------w- c:\windows\system32\WsmSvc.dll
2009-10-09 05:23 . 2009-10-09 05:23 178176 ------w- c:\windows\system32\wevtfwd.dll
2009-10-09 05:22 . 2009-10-09 05:22 368640 ------w- c:\windows\system32\WsmRes.dll
2009-10-09 05:22 . 2009-10-09 05:22 69632 ------w- c:\windows\system32\winrs.exe
2009-10-09 05:22 . 2009-10-09 05:22 42496 ------w- c:\windows\system32\pwrshplugin.dll
2009-10-09 03:56 . 2009-10-09 03:56 209408 ------w- c:\windows\system32\WsmWmiPl.dll
2009-10-09 03:56 . 2009-10-09 03:56 14848 ------w- c:\windows\system32\wsmprovhost.exe
2009-10-09 03:56 . 2009-10-09 03:56 22528 ------w- c:\windows\system32\winrshost.exe
2009-10-09 03:56 . 2009-10-09 03:56 25088 ------w- c:\windows\system32\winrmprov.dll
2009-10-09 03:56 . 2009-10-09 03:56 12288 ------w- c:\windows\system32\wsmplpxy.dll
2009-10-09 03:56 . 2009-10-09 03:56 2048 ------w- c:\windows\system32\winrsmgr.dll
2009-10-09 03:56 . 2009-10-09 03:56 233984 ------w- c:\windows\system32\winrscmd.dll
2009-10-09 03:56 . 2009-10-09 03:56 225280 ------w- c:\windows\system32\wsmanhttpconfig.exe
2009-10-09 03:56 . 2009-10-09 03:56 12288 ------w- c:\windows\system32\winrssrv.dll
2009-10-09 03:56 . 2009-10-09 03:56 139776 ------w- c:\windows\system32\WsmAuto.dll
2009-10-08 03:57 . 2007-10-09 05:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 03:57 . 2008-04-25 16:16 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 03:56 . 2008-04-25 16:16 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-01 22:36 . 2009-10-01 22:36 45056 ----a-r- c:\documents and settings\bryanc\Application Data\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2009-10-01 22:36 . 2009-10-01 22:36 10134 ----a-r- c:\documents and settings\bryanc\Application Data\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\ARPPRODUCTICON.exe
.

((((((((((((((((((((((((((((( SnapShot_2009-12-14_11.38.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-18 21:53 . 2009-12-18 21:53 16384 c:\windows\temp\Perflib_Perfdata_490.dat
+ 2008-04-25 16:16 . 2009-12-18 20:43 84372 c:\windows\system32\perfc009.dat
- 2008-04-25 16:16 . 2009-12-14 11:30 84372 c:\windows\system32\perfc009.dat
+ 2009-09-01 07:29 . 2009-12-19 00:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-09-01 07:29 . 2009-12-13 23:09 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-12-15 08:40 . 2009-12-19 00:02 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-12-06 23:02 . 2009-12-13 23:09 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-25 16:16 . 2009-12-18 20:43 474570 c:\windows\system32\perfh009.dat
- 2008-04-25 16:16 . 2009-12-14 11:30 474570 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-04-22 02:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-04-22 02:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-03-25 3261688]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-10 289584]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-04 2001648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-28 13537280]
"nwiz"="nwiz.exe" [2008-08-28 1630208]
"NVHotkey"="nvHotkey.dll" [2008-08-28 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-28 86016]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-02-26 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-12-22 145408]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-04-22 656696]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-04-22 95544]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-04 128232]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-09-11 115560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]
"Ext2 Volume Manager"="c:\program files\Ext2Fsd\Ext2Mgr.exe" [2009-07-30 1216648]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-04-22 15360]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-03-19 667648]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-02 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-02 640376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-4-9 1106720]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-10-2 50688]
Telstra Turbo Modem Manager.lnk - c:\program files\Telstra\Telstra Turbo Modem Manager\Service\MdmMgr.exe [2009-9-23 454656]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-12-04 20:36 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R1 Ext2Fsd;Linux ext2 file system driver;c:\windows\system32\drivers\ext2fsd.sys [10/10/2009 12:10 PM 651264]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [14/05/2009 2:22 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [14/05/2009 2:22 PM 74480]
R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [19/04/2007 8:56 AM 133968]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [29/12/2008 2:07 PM 320800]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [22/01/2009 1:19 PM 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [22/01/2009 1:19 PM 20840]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [9/04/2009 5:02 PM 447264]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [27/08/2009 12:42 PM 112512]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [27/08/2009 12:43 PM 32808]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [27/08/2009 12:42 PM 244368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/12/2009 6:56 AM 102448]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [14/05/2009 2:22 PM 7408]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [26/08/2009 9:31 PM 232744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/10/2009 5:43 PM 133104]
S3 cmusbnet;WAN Driver @ 3GPP (6280);c:\windows\system32\drivers\cmusbnet.sys [23/09/2009 6:57 AM 81152]
S3 cmusbser;%CMUSBSER%;c:\windows\system32\drivers\cmusbser.sys [23/09/2009 6:57 AM 87040]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]
S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe --> c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [26/04/2008 3:16 AM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
------- Supplementary Scan -------
.
uStart Page = hxxp://nexus.northrop.com.au/Canberra/default.aspx
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = 10.10.10.254:3128
uInternet Settings,ProxyOverride = nexus.*;nexus;
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.

**************************************************************************
scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\NetProvCredMan.dll

- - - - - - - > 'lsass.exe'(968)
c:\windows\system32\wvauth.dll
.
Completion time: 2009-12-19 11:12:22
ComboFix-quarantined-files.txt 2009-12-19 00:12
ComboFix2.txt 2009-12-14 11:41
ComboFix3.txt 2009-12-04 19:47

Pre-Run: 2,608,992,256 bytes free
Post-Run: 2,597,015,552 bytes free

- - End Of File - - F63B8E7DFAABE61C512D9A8180791607

Re-running ComboFix to remove infections:

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   File::
   c:\windows\system32\GPhotos.scr
   c:\windows\system32\WsmSvc.dll
   c:\windows\system32\wevtfwd.dll
   c:\windows\system32\WsmRes.dll
   c:\windows\system32\winrs.exe
   c:\windows\system32\pwrshplugin.dll
   c:\windows\system32\WsmWmiPl.dll
   c:\windows\system32\wsmprovhost.exe
   c:\windows\system32\winrshost.exe
   c:\windows\system32\winrmprov.dll
   c:\windows\system32\wsmplpxy.dll
   c:\windows\system32\winrsmgr.dll
   c:\windows\system32\winrscmd.dll
   c:\windows\system32\wsmanhttpconfig.exe
   c:\windows\system32\winrssrv.dll
   c:\windows\system32\WsmAuto.dll
   c:\windows\system32\uiautomationcore.dll
   c:\windows\system32\oleacc.dll
   c:\windows\system32\oleaccrc.dll
   
   DDS::
   uStart Page = hxxp://nexus.northrop.com.au/Canberra/default.aspx
   uInternet Settings,ProxyServer = 10.10.10.254:3128
   uInternet Settings,ProxyOverride = nexus.*;nexus;
   
   

4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.

Done. Combofix ran and the computer rebooted. A few error messages and then Superantispyware picked up an attempt to change the home page to go.microsoft.com.fwlink/?linkId=69157

Here's the log:

ComboFix 09-12-18.01 - BryanC 19/12/2009 17:38:17.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3572.2729 [GMT 11:00]
Running from: c:\documents and settings\bryanc\Desktop\commy.exe
Command switches used :: c:\documents and settings\bryanc\Desktop\CFScript.txt.txt
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FILE ::
"c:\windows\system32\GPhotos.scr"
"c:\windows\system32\oleacc.dll"
"c:\windows\system32\oleaccrc.dll"
"c:\windows\system32\pwrshplugin.dll"
"c:\windows\system32\uiautomationcore.dll"
"c:\windows\system32\wevtfwd.dll"
"c:\windows\system32\winrmprov.dll"
"c:\windows\system32\winrs.exe"
"c:\windows\system32\winrscmd.dll"
"c:\windows\system32\winrshost.exe"
"c:\windows\system32\winrsmgr.dll"
"c:\windows\system32\winrssrv.dll"
"c:\windows\system32\wsmanhttpconfig.exe"
"c:\windows\system32\WsmAuto.dll"
"c:\windows\system32\wsmplpxy.dll"
"c:\windows\system32\wsmprovhost.exe"
"c:\windows\system32\WsmRes.dll"
"c:\windows\system32\WsmSvc.dll"
"c:\windows\system32\WsmWmiPl.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\GPhotos.scr
c:\windows\system32\pwrshplugin.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\wevtfwd.dll
c:\windows\system32\winrmprov.dll
c:\windows\system32\winrs.exe
c:\windows\system32\winrscmd.dll
c:\windows\system32\winrshost.exe
c:\windows\system32\winrsmgr.dll
c:\windows\system32\winrssrv.dll
c:\windows\system32\wsmanhttpconfig.exe
c:\windows\system32\WsmAuto.dll
c:\windows\system32\wsmplpxy.dll
c:\windows\system32\wsmprovhost.exe
c:\windows\system32\WsmRes.dll
c:\windows\system32\WsmSvc.dll
c:\windows\system32\WsmWmiPl.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_WinRM


((((((((((((((((((((((((( Files Created from 2009-11-19 to 2009-12-19 )))))))))))))))))))))))))))))))
.

2009-12-19 00:04 . 2009-12-19 00:12 -------- d-----w- C:\commy
2009-12-16 09:54 . 2009-12-16 09:54 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-12-10 00:23 . 2009-10-21 05:38 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2009-12-10 00:23 . 2009-10-21 05:38 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2009-12-10 00:23 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-12-10 00:23 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-10 00:23 . 2009-10-12 13:38 149504 -c----w- c:\windows\system32\dllcache\rastls.dll
2009-12-10 00:23 . 2009-10-12 13:38 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2009-12-10 00:23 . 2009-10-13 10:30 270336 -c----w- c:\windows\system32\dllcache\oakley.dll
2009-12-04 19:27 . 2009-12-04 19:27 -------- d-----w- c:\program files\Trend Micro
2009-12-04 14:56 . 2009-12-04 14:56 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2009-12-04 09:50 . 2009-12-04 09:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-04 09:49 . 2009-12-04 09:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-03 10:29 . 2009-12-03 10:29 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-02 20:18 . 2009-12-03 05:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-02 20:18 . 2009-12-03 05:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-02 12:00 . 2009-12-02 12:00 -------- d-----w- c:\documents and settings\bryanc\Application Data\Malwarebytes
2009-12-02 12:00 . 2009-12-15 11:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-02 12:00 . 2009-12-02 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-02 08:59 . 2009-12-04 20:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-02 08:59 . 2009-12-02 08:59 -------- d-----w- c:\documents and settings\bryanc\Application Data\SUPERAntiSpyware.com
2009-11-27 19:28 . 2009-11-27 19:28 -------- d-----w- c:\program files\Common Files\DivX Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-19 06:53 . 2009-09-02 23:31 0 ----a-w- c:\documents and settings\bryanc\Local Settings\Application Data\WavXMapDrive.bat
2009-12-19 06:37 . 2009-09-05 23:41 -------- d-----w- c:\documents and settings\bryanc\Application Data\Skype
2009-12-19 05:01 . 2009-09-05 23:44 -------- d-----w- c:\documents and settings\bryanc\Application Data\skypePM
2009-12-19 00:31 . 2009-09-04 11:15 -------- d-----w- c:\documents and settings\bryanc\Application Data\uTorrent
2009-12-19 00:03 . 2009-09-07 10:03 -------- d-----w- c:\documents and settings\bryanc\Application Data\U3
2009-12-18 06:36 . 2009-10-07 07:48 708928 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-18 05:57 . 2009-09-03 02:30 -------- d-----w- c:\program files\Paint Shop Pro 5
2009-12-16 21:40 . 2009-08-26 09:53 42206 ----a-w- c:\windows\system32\nvModes.dat
2009-12-10 07:06 . 2009-08-26 10:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-10 01:47 . 2009-08-26 10:38 -------- d-----w- c:\program files\Microsoft SQL Server
2009-12-10 01:42 . 2009-08-26 10:33 -------- d-----w- c:\program files\Microsoft.NET
2009-12-10 01:40 . 2009-08-26 10:40 -------- d-----w- c:\program files\Microsoft Small Business
2009-12-04 20:36 . 2009-12-04 09:50 117760 ----a-w- c:\documents and settings\bryanc\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-04 14:56 . 2009-09-03 07:40 -------- d-----w- c:\program files\Google
2009-12-02 20:19 . 2009-12-02 20:19 4045527 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-29 04:41 . 2009-09-03 12:37 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-11-29 04:41 . 2009-08-26 10:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-27 19:29 . 2009-11-26 22:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-27 19:29 . 2009-11-26 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-27 19:29 . 2009-11-20 11:39 -------- d-----w- c:\documents and settings\bryanc\Application Data\DivX
2009-11-27 19:29 . 2009-11-23 12:28 -------- d-----w- c:\program files\Optus Wireless Broadband
2009-11-27 19:28 . 2009-11-20 11:37 -------- d-----w- c:\program files\DivX
2009-11-23 20:13 . 2009-11-23 20:13 4150 ----a-r- c:\documents and settings\bryanc\Application Data\Microsoft\Installer\{1F9ED934-AD0F-4879-BDFB-ED02BA2BB14F}\ARPPRODUCTICON.exe
2009-11-23 20:12 . 2009-11-23 20:12 -------- d-----w- c:\program files\Microsoft Voice Command
2009-11-21 15:51 . 2008-04-25 16:16 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 12:28 . 2009-09-04 09:18 -------- d-----w- c:\program files\Photomatix
2009-11-14 02:07 . 2009-11-14 02:06 -------- d-----w- c:\program files\iTunes
2009-11-14 02:06 . 2009-11-14 02:06 -------- d-----w- c:\program files\iPod
2009-11-14 02:06 . 2009-09-03 06:39 -------- d-----w- c:\program files\Common Files\Apple
2009-11-14 01:58 . 2009-11-14 01:58 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-13 22:57 . 2009-11-13 22:57 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-11-13 22:57 . 2009-11-13 22:57 426496 ------w- c:\windows\system32\imapi2.dll
2009-10-29 07:45 . 2008-04-25 16:16 916480 ------w- c:\windows\system32\wininet.dll
2009-10-27 07:04 . 2009-09-03 04:24 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-21 05:38 . 2008-04-25 16:16 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-25 16:16 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 00:23 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-19 02:06 . 2009-10-19 02:06 223232 ------w- c:\windows\system32\wksprt.exe
2009-10-19 02:06 . 2009-10-19 02:06 46080 ------w- c:\windows\system32\TSWbPrxy.exe
2009-10-19 02:06 . 2009-10-19 02:06 12800 ------w- c:\windows\system32\wksprtPS.dll
2009-10-19 02:06 . 2008-04-25 21:26 36864 ----a-w- c:\windows\system32\tsgQec.dll
2009-10-19 02:06 . 2008-04-25 21:26 1033728 ----a-w- c:\windows\system32\mstsc.exe
2009-10-19 02:06 . 2008-04-25 21:26 2689024 ----a-w- c:\windows\system32\mstscax.dll
2009-10-19 02:06 . 2009-10-19 02:06 44544 ------w- c:\windows\system32\MsRdpWebAccess.dll
2009-10-19 02:06 . 2008-04-25 21:26 130560 ----a-w- c:\windows\system32\aaclient.dll
2009-10-18 21:32 . 2009-10-18 21:32 152576 ----a-w- c:\documents and settings\bryanc\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-10-15 21:53 . 2009-09-02 23:40 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-15 21:53 . 2009-09-02 23:40 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-13 10:30 . 2008-04-25 16:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-25 16:16 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-25 16:16 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-08 03:57 . 2008-04-25 16:16 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 03:56 . 2008-04-25 16:16 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-01 22:36 . 2009-10-01 22:36 45056 ----a-r- c:\documents and settings\bryanc\Application Data\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2009-10-01 22:36 . 2009-10-01 22:36 10134 ----a-r- c:\documents and settings\bryanc\Application Data\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\ARPPRODUCTICON.exe
.

((((((((((((((((((((((((((((( SnapShot_2009-12-14_11.38.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-25 16:16 . 2009-12-19 06:54 84372 c:\windows\system32\perfc009.dat
- 2008-04-25 16:16 . 2009-12-14 11:30 84372 c:\windows\system32\perfc009.dat
- 2009-09-01 07:29 . 2009-12-13 23:09 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-09-01 07:29 . 2009-12-19 00:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-25 16:16 . 2009-12-19 06:54 474570 c:\windows\system32\perfh009.dat
- 2008-04-25 16:16 . 2009-12-14 11:30 474570 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-04-22 02:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-04-22 02:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-03-25 3261688]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-10 289584]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-04 2001648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-28 13537280]
"nwiz"="nwiz.exe" [2008-08-28 1630208]
"NVHotkey"="nvHotkey.dll" [2008-08-28 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-28 86016]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-02-26 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-12-22 145408]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-04-22 656696]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-04-22 95544]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-04 128232]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-09-11 115560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]
"Ext2 Volume Manager"="c:\program files\Ext2Fsd\Ext2Mgr.exe" [2009-07-30 1216648]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-04-22 15360]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-03-19 667648]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-02 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-02 640376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-4-9 1106720]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-10-2 50688]
Telstra Turbo Modem Manager.lnk - c:\program files\Telstra\Telstra Turbo Modem Manager\Service\MdmMgr.exe [2009-9-23 454656]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-12-04 20:36 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R1 Ext2Fsd;Linux ext2 file system driver;c:\windows\system32\drivers\ext2fsd.sys [10/10/2009 12:10 PM 651264]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [14/05/2009 2:22 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [14/05/2009 2:22 PM 74480]
R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [19/04/2007 8:56 AM 133968]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [29/12/2008 2:07 PM 320800]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [22/01/2009 1:19 PM 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [22/01/2009 1:19 PM 20840]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [9/04/2009 5:02 PM 447264]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [27/08/2009 12:42 PM 112512]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [27/08/2009 12:43 PM 32808]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [27/08/2009 12:42 PM 244368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/12/2009 6:56 AM 102448]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [14/05/2009 2:22 PM 7408]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [26/08/2009 9:31 PM 232744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/10/2009 5:43 PM 133104]
S3 cmusbnet;WAN Driver @ 3GPP (6280);c:\windows\system32\drivers\cmusbnet.sys [23/09/2009 6:57 AM 81152]
S3 cmusbser;%CMUSBSER%;c:\windows\system32\drivers\cmusbser.sys [23/09/2009 6:57 AM 87040]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
------- Supplementary Scan -------
.
uStart Page = hxxp://nexus.northrop.com.au/Canberra/default.aspx
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-19 17:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\NetProvCredMan.dll

- - - - - - - > 'lsass.exe'(972)
c:\windows\system32\wvauth.dll

- - - - - - - > 'explorer.exe'(2864)
c:\windows\system32\WININET.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\btmmhook.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\drivers\audio\r213367\stacsv.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\rundll32.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\msiexec.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2009-12-19 17:58:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-19 06:58
ComboFix2.txt 2009-12-19 00:12
ComboFix3.txt 2009-12-14 11:41
ComboFix4.txt 2009-12-04 19:47

Pre-Run: 2,556,612,608 bytes free
Post-Run: 2,444,931,072 bytes free

- - End Of File - - 30DF3AEE82F1AA0434B498716E6C3C62


see ya

Now time to clean up.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

this is the security check log

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Symantec Endpoint Protection
Antivirus up to date! (On Access scanning disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check:
SUPERAntiSpyware Free Edition
HijackThis 2.0.2
Adobe Flash Player 10
Adobe Reader 9.2
``````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
SRS Labs SRS Premium Sound SRSPremiumSoundBig_Small.exe
``````````````````````````````
DNS Vulnerability Check:
Unknown. This method cannot test your vulnerability to DNS cache poisoning.

`````````End of Log```````````

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

Thankyou, explorer is working on my laptop again.
However on bootup I get a lot of error messages. About 6 of them.
Also superantispyware picked up an attemp to change the homepage again.

I can give you more details if you wish.

see ya

Download WhoCrashed from here
This program checks for any drivers which may have been causing your computer to crash....

Click on the file you just downloaded and run it.
Put a tick in Accept then click on Next
Put a tick in the Don't create a start menu folder then click Next
Put a tick in Create a Desktop Icon then click on Install and make sure there is a tick in Launch Whocrashed before clicking Finish
Click Analyze
It will want to download the Debugger and install it Say Yes

WhoCrashed will create report but you have to scroll down to see it
Copy and paste it into your next reply

here's the report. It didn't ask to download debugger.

see ya


--------------------------------------------------------------------------------
Welcome to WhoCrashed Home Edition 2.00
--------------------------------------------------------------------------------

This program checks for drivers which have been crashing your computer.

Whenever a computer suddenly reboots without displaying any notice or blue screen of death, the first thing that is often though about is a hardware failure. In reality, on Windows most crashes are caused by malfunctioning device drivers and kernel modules. In case of a kernel error, most computers do not show a blue screen unless they are configured to do so. Instead these systems suddenly reboot without any notice.

This program does post-mortem crash dump analysis with the single click of a button.


To obtain technical support visit www.resplendence.com/support

To check if a newer version of this program is available, click here.

Just click the Analyze button for a comprehensible report ...



--------------------------------------------------------------------------------
Home Edition notice
--------------------------------------------------------------------------------

This version of WhoCrashed is free for use at home only. If you would like to use this software at work or in a commercial environment you should get the professional edition. The professional edition of WhoCrashed also allows analysis of crashdumps on remote drives and computers on the network and offers more detailed analysis.


--------------------------------------------------------------------------------
Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.


No valid crash dumps have been found on your computer


--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

Crash dumps are enabled and no valid crash dumps have been found on your computer. In case your computer does experience sudden reboots it is likely these are caused by malfunctioning hardware, power failure or a thermal issue. To troubleshoot a thermal issue, check the temperature using your BIOS setup program, check for dust in CPU and motherboard fans and if your computer is portable make sure it's located on a hard surface. Otherwise it's suggested you contact the support department of the manufacturer of your system or test your system with a memory test utility for further investigation.

Just had an attempt to change the home page to the microsoft site I mentioned back a bit.
go.microsoft.com.fwlink/?linkId=69157

any clues

see ya

This program wont run. Error message is:

"The application failed to initialize properly (0xc000007b). Click on OK to terminate the application."

I get this same error message on other programes such as Skype.

see ya