Done. Combofix ran and the computer rebooted. A few error messages and then Superantispyware picked up an attempt to change the home page to go.microsoft.com.fwlink/?linkId=69157
Here's the log:
ComboFix 09-12-18.01 - BryanC 19/12/2009 17:38:17.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3572.2729 [GMT 11:00]
Running from: c:\documents and settings\bryanc\Desktop\commy.exe
Command switches used :: c:\documents and settings\bryanc\Desktop\CFScript.txt.txt
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FILE ::
"c:\windows\system32\GPhotos.scr"
"c:\windows\system32\oleacc.dll"
"c:\windows\system32\oleaccrc.dll"
"c:\windows\system32\pwrshplugin.dll"
"c:\windows\system32\uiautomationcore.dll"
"c:\windows\system32\wevtfwd.dll"
"c:\windows\system32\winrmprov.dll"
"c:\windows\system32\winrs.exe"
"c:\windows\system32\winrscmd.dll"
"c:\windows\system32\winrshost.exe"
"c:\windows\system32\winrsmgr.dll"
"c:\windows\system32\winrssrv.dll"
"c:\windows\system32\wsmanhttpconfig.exe"
"c:\windows\system32\WsmAuto.dll"
"c:\windows\system32\wsmplpxy.dll"
"c:\windows\system32\wsmprovhost.exe"
"c:\windows\system32\WsmRes.dll"
"c:\windows\system32\WsmSvc.dll"
"c:\windows\system32\WsmWmiPl.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\GPhotos.scr
c:\windows\system32\pwrshplugin.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\wevtfwd.dll
c:\windows\system32\winrmprov.dll
c:\windows\system32\winrs.exe
c:\windows\system32\winrscmd.dll
c:\windows\system32\winrshost.exe
c:\windows\system32\winrsmgr.dll
c:\windows\system32\winrssrv.dll
c:\windows\system32\wsmanhttpconfig.exe
c:\windows\system32\WsmAuto.dll
c:\windows\system32\wsmplpxy.dll
c:\windows\system32\wsmprovhost.exe
c:\windows\system32\WsmRes.dll
c:\windows\system32\WsmSvc.dll
c:\windows\system32\WsmWmiPl.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_WinRM
((((((((((((((((((((((((( Files Created from 2009-11-19 to 2009-12-19 )))))))))))))))))))))))))))))))
.
2009-12-19 00:04 . 2009-12-19 00:12 -------- d-----w- C:\commy
2009-12-16 09:54 . 2009-12-16 09:54 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-12-10 00:23 . 2009-10-21 05:38 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2009-12-10 00:23 . 2009-10-21 05:38 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2009-12-10 00:23 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-12-10 00:23 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-10 00:23 . 2009-10-12 13:38 149504 -c----w- c:\windows\system32\dllcache\rastls.dll
2009-12-10 00:23 . 2009-10-12 13:38 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2009-12-10 00:23 . 2009-10-13 10:30 270336 -c----w- c:\windows\system32\dllcache\oakley.dll
2009-12-04 19:27 . 2009-12-04 19:27 -------- d-----w- c:\program files\Trend Micro
2009-12-04 14:56 . 2009-12-04 14:56 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2009-12-04 09:50 . 2009-12-04 09:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-04 09:49 . 2009-12-04 09:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-03 10:29 . 2009-12-03 10:29 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-02 20:18 . 2009-12-03 05:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-02 20:18 . 2009-12-03 05:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-02 12:00 . 2009-12-02 12:00 -------- d-----w- c:\documents and settings\bryanc\Application Data\Malwarebytes
2009-12-02 12:00 . 2009-12-15 11:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-02 12:00 . 2009-12-02 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-02 08:59 . 2009-12-04 20:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-02 08:59 . 2009-12-02 08:59 -------- d-----w- c:\documents and settings\bryanc\Application Data\SUPERAntiSpyware.com
2009-11-27 19:28 . 2009-11-27 19:28 -------- d-----w- c:\program files\Common Files\DivX Shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-19 06:53 . 2009-09-02 23:31 0 ----a-w- c:\documents and settings\bryanc\Local Settings\Application Data\WavXMapDrive.bat
2009-12-19 06:37 . 2009-09-05 23:41 -------- d-----w- c:\documents and settings\bryanc\Application Data\Skype
2009-12-19 05:01 . 2009-09-05 23:44 -------- d-----w- c:\documents and settings\bryanc\Application Data\skypePM
2009-12-19 00:31 . 2009-09-04 11:15 -------- d-----w- c:\documents and settings\bryanc\Application Data\uTorrent
2009-12-19 00:03 . 2009-09-07 10:03 -------- d-----w- c:\documents and settings\bryanc\Application Data\U3
2009-12-18 06:36 . 2009-10-07 07:48 708928 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-18 05:57 . 2009-09-03 02:30 -------- d-----w- c:\program files\Paint Shop Pro 5
2009-12-16 21:40 . 2009-08-26 09:53 42206 ----a-w- c:\windows\system32\nvModes.dat
2009-12-10 07:06 . 2009-08-26 10:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-10 01:47 . 2009-08-26 10:38 -------- d-----w- c:\program files\Microsoft SQL Server
2009-12-10 01:42 . 2009-08-26 10:33 -------- d-----w- c:\program files\Microsoft.NET
2009-12-10 01:40 . 2009-08-26 10:40 -------- d-----w- c:\program files\Microsoft Small Business
2009-12-04 20:36 . 2009-12-04 09:50 117760 ----a-w- c:\documents and settings\bryanc\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-04 14:56 . 2009-09-03 07:40 -------- d-----w- c:\program files\Google
2009-12-02 20:19 . 2009-12-02 20:19 4045527 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-29 04:41 . 2009-09-03 12:37 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-11-29 04:41 . 2009-08-26 10:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-27 19:29 . 2009-11-26 22:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-27 19:29 . 2009-11-26 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-27 19:29 . 2009-11-20 11:39 -------- d-----w- c:\documents and settings\bryanc\Application Data\DivX
2009-11-27 19:29 . 2009-11-23 12:28 -------- d-----w- c:\program files\Optus Wireless Broadband
2009-11-27 19:28 . 2009-11-20 11:37 -------- d-----w- c:\program files\DivX
2009-11-23 20:13 . 2009-11-23 20:13 4150 ----a-r- c:\documents and settings\bryanc\Application Data\Microsoft\Installer\{1F9ED934-AD0F-4879-BDFB-ED02BA2BB14F}\ARPPRODUCTICON.exe
2009-11-23 20:12 . 2009-11-23 20:12 -------- d-----w- c:\program files\Microsoft Voice Command
2009-11-21 15:51 . 2008-04-25 16:16 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 12:28 . 2009-09-04 09:18 -------- d-----w- c:\program files\Photomatix
2009-11-14 02:07 . 2009-11-14 02:06 -------- d-----w- c:\program files\iTunes
2009-11-14 02:06 . 2009-11-14 02:06 -------- d-----w- c:\program files\iPod
2009-11-14 02:06 . 2009-09-03 06:39 -------- d-----w- c:\program files\Common Files\Apple
2009-11-14 01:58 . 2009-11-14 01:58 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-13 22:57 . 2009-11-13 22:57 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-11-13 22:57 . 2009-11-13 22:57 426496 ------w- c:\windows\system32\imapi2.dll
2009-10-29 07:45 . 2008-04-25 16:16 916480 ------w- c:\windows\system32\wininet.dll
2009-10-27 07:04 . 2009-09-03 04:24 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-21 05:38 . 2008-04-25 16:16 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-25 16:16 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 00:23 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-19 02:06 . 2009-10-19 02:06 223232 ------w- c:\windows\system32\wksprt.exe
2009-10-19 02:06 . 2009-10-19 02:06 46080 ------w- c:\windows\system32\TSWbPrxy.exe
2009-10-19 02:06 . 2009-10-19 02:06 12800 ------w- c:\windows\system32\wksprtPS.dll
2009-10-19 02:06 . 2008-04-25 21:26 36864 ----a-w- c:\windows\system32\tsgQec.dll
2009-10-19 02:06 . 2008-04-25 21:26 1033728 ----a-w- c:\windows\system32\mstsc.exe
2009-10-19 02:06 . 2008-04-25 21:26 2689024 ----a-w- c:\windows\system32\mstscax.dll
2009-10-19 02:06 . 2009-10-19 02:06 44544 ------w- c:\windows\system32\MsRdpWebAccess.dll
2009-10-19 02:06 . 2008-04-25 21:26 130560 ----a-w- c:\windows\system32\aaclient.dll
2009-10-18 21:32 . 2009-10-18 21:32 152576 ----a-w- c:\documents and settings\bryanc\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-10-15 21:53 . 2009-09-02 23:40 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-15 21:53 . 2009-09-02 23:40 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-13 10:30 . 2008-04-25 16:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-25 16:16 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-25 16:16 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-08 03:57 . 2008-04-25 16:16 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 03:56 . 2008-04-25 16:16 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-01 22:36 . 2009-10-01 22:36 45056 ----a-r- c:\documents and settings\bryanc\Application Data\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2009-10-01 22:36 . 2009-10-01 22:36 10134 ----a-r- c:\documents and settings\bryanc\Application Data\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\ARPPRODUCTICON.exe
.
((((((((((((((((((((((((((((( SnapShot_2009-12-14_11.38.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-25 16:16 . 2009-12-19 06:54 84372 c:\windows\system32\perfc009.dat
- 2008-04-25 16:16 . 2009-12-14 11:30 84372 c:\windows\system32\perfc009.dat
- 2009-09-01 07:29 . 2009-12-13 23:09 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-09-01 07:29 . 2009-12-19 00:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-25 16:16 . 2009-12-19 06:54 474570 c:\windows\system32\perfh009.dat
- 2008-04-25 16:16 . 2009-12-14 11:30 474570 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-04-22 02:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-04-22 02:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-03-25 3261688]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-10 289584]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-04 2001648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-28 13537280]
"nwiz"="nwiz.exe" [2008-08-28 1630208]
"NVHotkey"="nvHotkey.dll" [2008-08-28 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-28 86016]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-02-26 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-12-22 145408]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-04-22 656696]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-04-22 95544]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-04 128232]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-09-11 115560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]
"Ext2 Volume Manager"="c:\program files\Ext2Fsd\Ext2Mgr.exe" [2009-07-30 1216648]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-04-22 15360]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-03-19 667648]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-02 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-02 640376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-4-9 1106720]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-10-2 50688]
Telstra Turbo Modem Manager.lnk - c:\program files\Telstra\Telstra Turbo Modem Manager\Service\MdmMgr.exe [2009-9-23 454656]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-12-04 20:36 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
R1 Ext2Fsd;Linux ext2 file system driver;c:\windows\system32\drivers\ext2fsd.sys [10/10/2009 12:10 PM 651264]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [14/05/2009 2:22 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [14/05/2009 2:22 PM 74480]
R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [19/04/2007 8:56 AM 133968]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [29/12/2008 2:07 PM 320800]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [22/01/2009 1:19 PM 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [22/01/2009 1:19 PM 20840]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [9/04/2009 5:02 PM 447264]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [27/08/2009 12:42 PM 112512]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [27/08/2009 12:43 PM 32808]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [27/08/2009 12:42 PM 244368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/12/2009 6:56 AM 102448]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [14/05/2009 2:22 PM 7408]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [26/08/2009 9:31 PM 232744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/10/2009 5:43 PM 133104]
S3 cmusbnet;WAN Driver @ 3GPP (6280);c:\windows\system32\drivers\cmusbnet.sys [23/09/2009 6:57 AM 81152]
S3 cmusbser;%CMUSBSER%;c:\windows\system32\drivers\cmusbser.sys [23/09/2009 6:57 AM 87040]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://nexus.northrop.com.au/Canberra/default.aspxuDefault_Search_URL =
hxxp://www.google.com/ieuSearchURL,(Default) =
hxxp://www.google.com/search?q=%sIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-12-19 17:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(916)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\NetProvCredMan.dll
- - - - - - - > 'lsass.exe'(972)
c:\windows\system32\wvauth.dll
- - - - - - - > 'explorer.exe'(2864)
c:\windows\system32\WININET.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\btmmhook.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\drivers\audio\r213367\stacsv.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\rundll32.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\msiexec.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2009-12-19 17:58:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-19 06:58
ComboFix2.txt 2009-12-19 00:12
ComboFix3.txt 2009-12-14 11:41
ComboFix4.txt 2009-12-04 19:47
Pre-Run: 2,556,612,608 bytes free
Post-Run: 2,444,931,072 bytes free
- - End Of File - - 30DF3AEE82F1AA0434B498716E6C3C62
see ya