Thanks for that one. Nothing there, not that I expected it after you had uninstalled Firefox.

I take it the GMER Rootkit Revealer is on the way.

GMER114 is not running properly on my system. Anything I can do?

Lets try this then.

Please download ComboFix from one of these locations:

NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable. If you run ComboFix on your own initiative, you are downright silly.

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

I got it to work Just scan in two parts. Here is the log. File scan was clean. By the way, IE reinstall had no effect. Thanks.

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-06 16:56:08
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT 86F67658 ZwAlertResumeThread
SSDT 86F1B150 ZwAlertThread
SSDT 86F6F228 ZwAllocateVirtualMemory
SSDT 8701A5C8 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAA6D0EB0]
SSDT 86FAA950 ZwCreateMutant
SSDT 86F2E7C8 ZwCreateThread
SSDT 86FD5650 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAA6D1130]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAA6D1690]
SSDT 86FACAC0 ZwFreeVirtualMemory
SSDT 87050A80 ZwImpersonateAnonymousToken
SSDT 87050B40 ZwImpersonateThread
SSDT 86FC5E58 ZwMapViewOfSection
SSDT 87014558 ZwOpenEvent
SSDT 87006668 ZwOpenProcessToken
SSDT 86FD56D0 ZwOpenSection
SSDT 86F5DD98 ZwOpenThreadToken
SSDT 86F5D418 ZwResumeThread
SSDT 86FBAC38 ZwSetContextThread
SSDT 86F5DE28 ZwSetInformationProcess
SSDT 86FD5B50 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAA6D18E0]
SSDT 87014498 ZwSuspendProcess
SSDT 86F0A418 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAA56AF20]
SSDT 86FFAD30 ZwTerminateThread
SSDT 8706E720 ZwUnmapViewOfSection
SSDT 86FACB50 ZwWriteVirtualMemory

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A8DA4D20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.14 ----

Well no rootkit there.

Try the CombFix one, it might pick up something.

After that we will reassess things.

There are a couple of possibilities that we can have a look at.

Emeraldnzl,

Here is the combofix log:


ComboFix 09-01-05.05 - Daniel 2009-01-06 18:01:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.594 [GMT -7:00]
Running from: c:\documents and settings\Daniel\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\wdmaud.sys
c:\windows\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 )))))))))))))))))))))))))))))))
.

2009-01-06 15:42 . 2009-01-06 16:51 250 --a------ c:\windows\gmer.ini
2009-01-06 12:56 . 2008-04-13 18:12 116,224 --a------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-01-06 12:55 . 2001-08-17 22:37 99,865 --a------ c:\windows\system32\dllcache\xlog.exe
2009-01-06 12:55 . 2004-08-04 04:00 28,288 --a------ c:\windows\system32\dllcache\xjis.nls
2009-01-06 12:55 . 2001-08-17 22:37 27,648 --a------ c:\windows\system32\dllcache\xrxftplt.exe
2009-01-06 12:55 . 2001-08-17 22:36 23,040 --a------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-01-06 12:55 . 2004-08-03 22:29 19,455 --a------ c:\windows\system32\dllcache\wvchntxx.sys
2009-01-06 12:55 . 2008-04-13 18:12 18,944 --a------ c:\windows\system32\dllcache\xrxscnui.dll
2009-01-06 12:55 . 2001-08-17 12:11 16,970 --a------ c:\windows\system32\dllcache\xem336n5.sys
2009-01-06 12:55 . 2004-08-03 22:29 12,063 --a------ c:\windows\system32\dllcache\wsiintxx.sys
2009-01-06 12:55 . 2008-04-13 18:12 8,192 --a------ c:\windows\system32\dllcache\wshirda.dll
2009-01-06 12:55 . 2001-08-17 22:37 4,608 --a------ c:\windows\system32\dllcache\xrxflnch.exe
2009-01-06 12:54 . 2001-08-17 13:28 771,581 --a------ c:\windows\system32\dllcache\winacisa.sys
2009-01-06 12:54 . 2001-08-17 13:28 701,386 --a------ c:\windows\system32\dllcache\wdhaalba.sys
2009-01-06 12:54 . 2004-08-03 22:31 154,624 --a------ c:\windows\system32\dllcache\wlluc48.sys
2009-01-06 12:54 . 2001-08-17 22:36 87,040 --a------ c:\windows\system32\dllcache\wiafbdrv.dll
2009-01-06 12:54 . 2001-08-17 22:36 53,760 --a------ c:\windows\system32\dllcache\wiamsmud.dll
2009-01-06 12:54 . 2004-08-04 04:00 41,600 --a------ c:\windows\system32\dllcache\weitekp9.dll
2009-01-06 12:54 . 2001-08-17 12:12 34,890 --a------ c:\windows\system32\dllcache\wlandrv2.sys
2009-01-06 12:54 . 2004-08-04 04:00 31,232 --a------ c:\windows\system32\dllcache\weitekp9.sys
2009-01-06 12:54 . 2004-08-03 22:29 23,615 --a------ c:\windows\system32\dllcache\wch7xxnt.sys
2009-01-06 12:54 . 2008-04-13 12:36 8,832 --a------ c:\windows\system32\dllcache\wmiacpi.sys
2009-01-06 12:52 . 2001-08-17 13:28 794,654 --a------ c:\windows\system32\dllcache\usr1801.sys
2009-01-06 12:52 . 2001-08-17 13:28 794,399 --a------ c:\windows\system32\dllcache\usr1806v.sys
2009-01-06 12:52 . 2001-08-17 13:28 793,598 --a------ c:\windows\system32\dllcache\usr1806.sys
2009-01-06 12:52 . 2001-08-17 13:28 765,884 --a------ c:\windows\system32\dllcache\usrti.sys
2009-01-06 12:52 . 2001-08-17 13:28 687,999 --a------ c:\windows\system32\dllcache\usrwdxjs.sys
2009-01-06 12:52 . 2001-08-17 13:28 224,802 --a------ c:\windows\system32\dllcache\usr1807a.sys
2009-01-06 12:52 . 2001-08-17 13:28 113,762 --a------ c:\windows\system32\dllcache\usrpda.sys
2009-01-06 12:52 . 2001-08-17 22:36 94,720 --a------ c:\windows\system32\dllcache\umaxud32.dll
2009-01-06 12:52 . 2004-08-03 22:31 32,384 --a------ c:\windows\system32\dllcache\usb101et.sys
2009-01-06 12:52 . 2001-08-17 22:36 28,160 --a------ c:\windows\system32\dllcache\umaxu40.dll
2009-01-06 12:52 . 2008-04-13 12:45 26,112 --a------ c:\windows\system32\dllcache\usbser.sys
2009-01-06 12:52 . 2008-04-13 12:45 17,152 --a------ c:\windows\system32\dllcache\usbohci.sys
2009-01-06 12:52 . 2001-08-17 13:28 7,556 --a------ c:\windows\system32\dllcache\usroslba.sys
2009-01-06 12:50 . 2001-08-17 14:56 440,576 --a------ c:\windows\system32\dllcache\tridkb.dll
2009-01-06 12:49 . 2001-08-17 14:56 172,768 --a------ c:\windows\system32\dllcache\t2r4disp.dll
2009-01-06 12:48 . 2001-08-17 12:18 285,760 --a------ c:\windows\system32\dllcache\stlnata.sys
2009-01-06 12:48 . 2001-08-17 22:36 155,648 --a------ c:\windows\system32\dllcache\stlnprop.dll
2009-01-06 12:48 . 2001-08-17 22:36 106,584 --a------ c:\windows\system32\dllcache\spdports.dll
2009-01-06 12:48 . 2004-08-04 04:00 101,376 --a------ c:\windows\system32\dllcache\srusbusd.dll
2009-01-06 12:48 . 2001-08-17 22:36 99,328 --a------ c:\windows\system32\dllcache\srusd.dll
2009-01-06 12:48 . 2001-08-17 13:51 61,824 --a------ c:\windows\system32\dllcache\speed.sys
2009-01-06 12:48 . 2001-08-17 22:36 53,248 --a------ c:\windows\system32\dllcache\stlncoin.dll
2009-01-06 12:48 . 2001-08-17 12:11 48,736 --a------ c:\windows\system32\dllcache\srwlnd5.sys
2009-01-06 12:48 . 2001-08-17 22:36 41,472 --a------ c:\windows\system32\dllcache\sw_effct.dll
2009-01-06 12:48 . 2001-08-17 22:36 24,660 --a------ c:\windows\system32\dllcache\spxupchk.dll
2009-01-06 12:48 . 2001-08-17 13:51 16,896 --a------ c:\windows\system32\dllcache\stcusb.sys
2009-01-06 12:48 . 2004-08-04 04:00 16,896 --a------ c:\windows\system32\dllcache\status.dll
2009-01-06 12:48 . 2001-08-17 13:56 7,552 --a------ c:\windows\system32\dllcache\sonypvu1.sys
2009-01-06 12:46 . 2001-08-17 14:56 252,032 --a------ c:\windows\system32\dllcache\sis300iv.dll
2009-01-06 12:45 . 2004-08-04 04:00 2,178,131 --a------ c:\windows\system32\dllcache\shvlres.dll
2009-01-06 12:44 . 2001-08-17 22:36 495,616 --a------ c:\windows\system32\dllcache\sblfx.dll
2009-01-06 12:43 . 2004-08-04 04:00 753,236 --a------ c:\windows\system32\dllcache\rvseres.dll
2009-01-06 12:42 . 2001-08-17 13:28 899,146 --a------ c:\windows\system32\dllcache\r2mdkxga.sys
2009-01-06 12:41 . 2008-04-13 18:10 259,328 --a------ c:\windows\system32\dllcache\perm3dd.dll
2009-01-06 12:40 . 2001-08-17 14:05 351,616 --a------ c:\windows\system32\dllcache\ovcodek2.sys
2009-01-06 12:39 . 2001-08-17 12:50 198,144 --a------ c:\windows\system32\dllcache\nv3.sys
2009-01-06 12:39 . 2001-08-17 22:36 123,776 --a------ c:\windows\system32\dllcache\nv3.dll
2009-01-06 12:39 . 2001-08-17 12:20 87,040 --a------ c:\windows\system32\dllcache\nm6wdm.sys
2009-01-06 12:39 . 2001-08-17 12:20 54,528 --a------ c:\windows\system32\dllcache\opl3sax.sys
2009-01-06 12:39 . 2001-08-17 13:28 54,186 --a------ c:\windows\system32\dllcache\otcsercb.sys
2009-01-06 12:39 . 2001-08-17 12:49 51,552 --a------ c:\windows\system32\dllcache\ntgrip.sys
2009-01-06 12:39 . 2001-08-17 12:12 43,689 --a------ c:\windows\system32\dllcache\otceth5.sys
2009-01-06 12:39 . 2001-08-17 22:36 38,912 --a------ c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-01-06 12:39 . 2008-04-13 12:54 28,672 --a------ c:\windows\system32\dllcache\nscirda.sys
2009-01-06 12:39 . 2001-08-17 12:12 27,209 --a------ c:\windows\system32\dllcache\otc06x5.sys
2009-01-06 12:39 . 2001-08-17 14:05 25,088 --a------ c:\windows\system32\dllcache\ovca.sys
2009-01-06 12:39 . 2001-08-17 13:47 9,344 --a------ c:\windows\system32\dllcache\ntapm.sys
2009-01-06 12:39 . 2001-08-17 13:53 7,552 --a------ c:\windows\system32\dllcache\nsmmc.sys
2009-01-06 12:37 . 2004-08-04 04:00 1,875,968 --a------ c:\windows\system32\dllcache\msir3jp.lex
2009-01-06 12:36 . 2001-08-17 12:50 320,384 --a------ c:\windows\system32\dllcache\mgaum.sys
2009-01-06 12:35 . 2001-08-17 13:28 802,683 --a------ c:\windows\system32\dllcache\ltsm.sys
2009-01-06 12:34 . 2004-08-04 04:00 1,158,818 --a------ c:\windows\system32\dllcache\korwbrkr.lex
2009-01-06 12:33 . 2004-08-04 04:00 471,102 --a------ c:\windows\system32\dllcache\imskdic.dll
2009-01-06 12:32 . 2004-08-04 04:00 10,129,408 --a------ c:\windows\system32\dllcache\hwxkor.dll
2009-01-06 12:31 . 2004-08-04 04:00 1,175,635 --a------ c:\windows\system32\dllcache\hrtzres.dll
2009-01-06 12:30 . 2001-08-17 14:56 1,733,120 --a------ c:\windows\system32\dllcache\g400d.dll
2009-01-06 12:29 . 2001-08-17 12:15 455,680 --a------ c:\windows\system32\dllcache\fus2base.sys
2009-01-06 12:28 . 2001-08-17 12:17 629,952 --a------ c:\windows\system32\dllcache\eqn.sys
2009-01-06 12:27 . 2001-08-17 12:14 952,007 --a------ c:\windows\system32\dllcache\diwan.sys
2009-01-06 12:26 . 2001-08-17 22:36 419,357 --a------ c:\windows\system32\dllcache\dgconfig.dll
2009-01-06 12:25 . 2001-08-17 12:13 980,034 --a------ c:\windows\system32\dllcache\cicap.sys
2009-01-06 12:24 . 2004-08-04 04:00 1,677,824 --a------ c:\windows\system32\dllcache\chsbrkr.dll
2009-01-06 12:23 . 2004-08-04 04:00 1,817,687 --a------ c:\windows\system32\dllcache\bckgres.dll
2009-01-06 12:22 . 2001-08-17 13:28 762,780 --a------ c:\windows\system32\dllcache\3cwmcru.sys
2009-01-06 12:21 . 2004-08-04 04:00 169,984 --a------ c:\windows\system32\dllcache\iisui.dll
2009-01-06 12:21 . 2004-08-04 04:00 94,720 --a------ c:\windows\system32\dllcache\certmap.ocx
2009-01-06 12:21 . 2001-08-17 14:56 66,048 --a------ c:\windows\system32\dllcache\s3legacy.dll
2009-01-06 12:21 . 2004-08-04 04:00 19,968 --a------ c:\windows\system32\dllcache\inetsloc.dll
2009-01-06 12:21 . 2004-08-04 04:00 14,336 --a------ c:\windows\system32\dllcache\iisreset.exe
2009-01-06 12:21 . 2004-08-04 04:00 7,680 --a------ c:\windows\system32\dllcache\inetmgr.exe
2009-01-06 12:21 . 2004-08-04 04:00 7,168 --a------ c:\windows\system32\dllcache\wamregps.dll
2009-01-06 12:21 . 2004-08-04 04:00 6,144 --a------ c:\windows\system32\dllcache\ftpsapi2.dll
2009-01-06 12:21 . 2004-08-04 04:00 5,632 --a------ c:\windows\system32\dllcache\iisrstap.dll
2009-01-05 22:04 . 2009-01-05 22:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-05 22:03 . 2009-01-05 22:03 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-05 22:03 . 2009-01-05 22:03 <DIR> d-------- c:\documents and settings\Daniel\Application Data\SUPERAntiSpyware.com
2009-01-05 10:13 . 2009-01-05 10:14 <DIR> d-------- C:\rsit
2009-01-03 12:28 . 2009-01-03 12:28 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-03 12:27 . 2009-01-03 12:27 <DIR> d-------- c:\program files\Common Files\Java
2009-01-02 10:59 . 2009-01-02 10:59 <DIR> d-------- c:\program files\ERUNT
2009-01-01 21:30 . 2009-01-05 09:24 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-01 21:30 . 2009-01-01 21:30 <DIR> d-------- c:\documents and settings\Daniel\Application Data\Malwarebytes
2009-01-01 21:30 . 2009-01-01 21:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-01 21:30 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-01 21:30 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-01 21:17 . 2009-01-01 21:17 58,340 --ah----- c:\windows\system32\mlfcache.dat
2009-01-01 21:06 . 2009-01-01 21:06 <DIR> d-------- c:\program files\Safari
2009-01-01 20:03 . 2009-01-03 12:28 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-01 17:43 . 2009-01-01 17:43 <DIR> d-------- c:\program files\Trend Micro
2008-12-27 10:12 . 2008-12-27 10:12 <DIR> d-------- c:\program files\iTunes
2008-12-27 10:12 . 2008-12-27 10:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-12 16:18 . 2008-12-12 16:18 <DIR> d-------- C:\pics
2008-12-12 16:13 . 2008-12-12 16:14 <DIR> d-------- c:\documents and settings\Suzanne\Application Data\Canon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 01:07 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-06 05:03 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-03 19:28 --------- d-----w c:\program files\Java
2009-01-02 04:07 --------- d-----w c:\documents and settings\Daniel\Application Data\Apple Computer
2009-01-01 22:49 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-01 22:01 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-27 17:12 --------- d-----w c:\program files\iPod
2008-12-27 17:12 --------- d-----w c:\program files\Common Files\Apple
2008-12-27 17:10 --------- d-----w c:\program files\QuickTime
2008-12-26 22:16 --------- d-----w c:\program files\Apple Software Update
2008-12-18 23:49 --------- d-----w c:\documents and settings\Daniel\Application Data\Canon
2008-12-12 17:01 3,067,904 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-11-27 05:15 --------- d-----w c:\program files\Quicken
2008-11-07 21:23 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 21:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 21:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 21:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 21:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 21:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 21:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 21:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 01:00 666,112 ----a-w c:\windows\system32\wininet.dll
2008-10-16 01:00 666,112 ----a-w c:\windows\system32\dllcache\wininet.dll
2008-10-16 01:00 619,520 ----a-w c:\windows\system32\dllcache\urlmon.dll
2008-10-16 01:00 1,499,136 ----a-w c:\windows\system32\dllcache\shdocvw.dll
2008-10-15 16:34 337,408 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-09-03 20:03 60,968 ------w c:\documents and settings\Suzanne\GoToAssistDownloadHelper.exe
2005-05-03 02:27 4,245 -c----w c:\program files\Quicken.QIF
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2008-02-06 718704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-03 136600]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE]

c:\documents and settings\Daniel\Start Menu\Programs\Startup\
BounceBack Launcher.lnk - c:\program files\CMS Products\BounceBack Express\BBLauncher.exe [2008-09-16 93888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2005-03-12 82026]
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-12 110592]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-12 110592]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-03-02 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 15:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2005-07-29 08:25 24638 c:\windows\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"= wdmaud.sys

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--------- 2005-06-06 23:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
-----c--- 2004-10-12 15:54 57344 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
-----c--- 2004-10-18 14:48 393216 c:\progra~1\Bluewin\QUICKH~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
-----c--- 2002-06-03 11:38 49152 c:\program files\ScanSoft\OmniPageSE\opware32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
-----c--- 2004-04-11 19:15 290816 c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--------- 2006-12-18 17:32 25365032 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--------- 2004-01-07 00:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-02 99376]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-01-25 149352]
S3 BCDCLINK;Belkin USB Direct Connect;c:\windows\system32\drivers\BCDCLINK.SYS [2000-08-08 14279]
S4 BCDCNDIS;Belkin Direct Connect Network Adapter;c:\windows\system32\drivers\BCDCNDIS.SYS [2000-08-08 14054]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - Scion
.
Contents of the 'Scheduled Tasks' folder

2008-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-16 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Daniel.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 07:05]

2009-01-07 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDetect.exe []
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-LogitechVideoRepair - c:\program files\Logitech\Video\ISStart.exe
MSConfigStartUp-CamWizard - c:\program files\Common Files\Labtec\QCDRV\BIN\CamWizrd.exe
MSConfigStartUp-HP Component Manager - c:\program files\HP\hpcoretech\hpcmpmgr.exe
MSConfigStartUp-HP Software Update - c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ucalgary.ca/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 18:07:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1448)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2009-01-06 18:09:41
ComboFix-quarantined-files.txt 2009-01-07 01:09:23

Pre-Run: 14,939,557,888 bytes free
Post-Run: 15,027,793,920 bytes free

306 --- E O F --- 2008-12-17 20:14:27

Hello toomuchtime,

That is a turn up for the books.

It was the one I suspected at the beginning but so hidden that Kaspersky didn't pick it up and neither did we when we carried out a search for it.

Now

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:



Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Also please tell me if there has been a change in your computers performance.

Emeraldnzl,

The problem is resolved. Thanks a million.

The second combofix log is below.

Dan


ComboFix 09-01-05.05 - Daniel 2009-01-06 23:24:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.591 [GMT -7:00]
Running from: c:\documents and settings\Daniel\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Daniel\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *enabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 )))))))))))))))))))))))))))))))
.

2009-01-06 15:42 . 2009-01-06 16:51 250 --a------ c:\windows\gmer.ini
2009-01-06 12:56 . 2008-04-13 18:12 116,224 --a------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-01-06 12:55 . 2001-08-17 22:37 99,865 --a------ c:\windows\system32\dllcache\xlog.exe
2009-01-06 12:55 . 2004-08-04 04:00 28,288 --a------ c:\windows\system32\dllcache\xjis.nls
2009-01-06 12:55 . 2001-08-17 22:37 27,648 --a------ c:\windows\system32\dllcache\xrxftplt.exe
2009-01-06 12:55 . 2001-08-17 22:36 23,040 --a------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-01-06 12:55 . 2004-08-03 22:29 19,455 --a------ c:\windows\system32\dllcache\wvchntxx.sys
2009-01-06 12:55 . 2008-04-13 18:12 18,944 --a------ c:\windows\system32\dllcache\xrxscnui.dll
2009-01-06 12:55 . 2001-08-17 12:11 16,970 --a------ c:\windows\system32\dllcache\xem336n5.sys
2009-01-06 12:55 . 2004-08-03 22:29 12,063 --a------ c:\windows\system32\dllcache\wsiintxx.sys
2009-01-06 12:55 . 2008-04-13 18:12 8,192 --a------ c:\windows\system32\dllcache\wshirda.dll
2009-01-06 12:55 . 2001-08-17 22:37 4,608 --a------ c:\windows\system32\dllcache\xrxflnch.exe
2009-01-06 12:54 . 2001-08-17 13:28 771,581 --a------ c:\windows\system32\dllcache\winacisa.sys
2009-01-06 12:54 . 2001-08-17 13:28 701,386 --a------ c:\windows\system32\dllcache\wdhaalba.sys
2009-01-06 12:54 . 2004-08-03 22:31 154,624 --a------ c:\windows\system32\dllcache\wlluc48.sys
2009-01-06 12:54 . 2001-08-17 22:36 87,040 --a------ c:\windows\system32\dllcache\wiafbdrv.dll
2009-01-06 12:54 . 2001-08-17 22:36 53,760 --a------ c:\windows\system32\dllcache\wiamsmud.dll
2009-01-06 12:54 . 2004-08-04 04:00 41,600 --a------ c:\windows\system32\dllcache\weitekp9.dll
2009-01-06 12:54 . 2001-08-17 12:12 34,890 --a------ c:\windows\system32\dllcache\wlandrv2.sys
2009-01-06 12:54 . 2004-08-04 04:00 31,232 --a------ c:\windows\system32\dllcache\weitekp9.sys
2009-01-06 12:54 . 2004-08-03 22:29 23,615 --a------ c:\windows\system32\dllcache\wch7xxnt.sys
2009-01-06 12:54 . 2008-04-13 12:36 8,832 --a------ c:\windows\system32\dllcache\wmiacpi.sys
2009-01-06 12:52 . 2001-08-17 13:28 794,654 --a------ c:\windows\system32\dllcache\usr1801.sys
2009-01-06 12:52 . 2001-08-17 13:28 794,399 --a------ c:\windows\system32\dllcache\usr1806v.sys
2009-01-06 12:52 . 2001-08-17 13:28 793,598 --a------ c:\windows\system32\dllcache\usr1806.sys
2009-01-06 12:52 . 2001-08-17 13:28 765,884 --a------ c:\windows\system32\dllcache\usrti.sys
2009-01-06 12:52 . 2001-08-17 13:28 687,999 --a------ c:\windows\system32\dllcache\usrwdxjs.sys
2009-01-06 12:52 . 2001-08-17 13:28 224,802 --a------ c:\windows\system32\dllcache\usr1807a.sys
2009-01-06 12:52 . 2001-08-17 13:28 113,762 --a------ c:\windows\system32\dllcache\usrpda.sys
2009-01-06 12:52 . 2001-08-17 22:36 94,720 --a------ c:\windows\system32\dllcache\umaxud32.dll
2009-01-06 12:52 . 2004-08-03 22:31 32,384 --a------ c:\windows\system32\dllcache\usb101et.sys
2009-01-06 12:52 . 2001-08-17 22:36 28,160 --a------ c:\windows\system32\dllcache\umaxu40.dll
2009-01-06 12:52 . 2008-04-13 12:45 26,112 --a------ c:\windows\system32\dllcache\usbser.sys
2009-01-06 12:52 . 2008-04-13 12:45 17,152 --a------ c:\windows\system32\dllcache\usbohci.sys
2009-01-06 12:52 . 2001-08-17 13:28 7,556 --a------ c:\windows\system32\dllcache\usroslba.sys
2009-01-06 12:50 . 2001-08-17 14:56 440,576 --a------ c:\windows\system32\dllcache\tridkb.dll
2009-01-06 12:49 . 2001-08-17 14:56 172,768 --a------ c:\windows\system32\dllcache\t2r4disp.dll
2009-01-06 12:48 . 2001-08-17 12:18 285,760 --a------ c:\windows\system32\dllcache\stlnata.sys
2009-01-06 12:48 . 2001-08-17 22:36 155,648 --a------ c:\windows\system32\dllcache\stlnprop.dll
2009-01-06 12:48 . 2001-08-17 22:36 106,584 --a------ c:\windows\system32\dllcache\spdports.dll
2009-01-06 12:48 . 2004-08-04 04:00 101,376 --a------ c:\windows\system32\dllcache\srusbusd.dll
2009-01-06 12:48 . 2001-08-17 22:36 99,328 --a------ c:\windows\system32\dllcache\srusd.dll
2009-01-06 12:48 . 2001-08-17 13:51 61,824 --a------ c:\windows\system32\dllcache\speed.sys
2009-01-06 12:48 . 2001-08-17 22:36 53,248 --a------ c:\windows\system32\dllcache\stlncoin.dll
2009-01-06 12:48 . 2001-08-17 12:11 48,736 --a------ c:\windows\system32\dllcache\srwlnd5.sys
2009-01-06 12:48 . 2001-08-17 22:36 41,472 --a------ c:\windows\system32\dllcache\sw_effct.dll
2009-01-06 12:48 . 2001-08-17 22:36 24,660 --a------ c:\windows\system32\dllcache\spxupchk.dll
2009-01-06 12:48 . 2001-08-17 13:51 16,896 --a------ c:\windows\system32\dllcache\stcusb.sys
2009-01-06 12:48 . 2004-08-04 04:00 16,896 --a------ c:\windows\system32\dllcache\status.dll
2009-01-06 12:48 . 2001-08-17 13:56 7,552 --a------ c:\windows\system32\dllcache\sonypvu1.sys
2009-01-06 12:46 . 2001-08-17 14:56 252,032 --a------ c:\windows\system32\dllcache\sis300iv.dll
2009-01-06 12:45 . 2004-08-04 04:00 2,178,131 --a------ c:\windows\system32\dllcache\shvlres.dll
2009-01-06 12:44 . 2001-08-17 22:36 495,616 --a------ c:\windows\system32\dllcache\sblfx.dll
2009-01-06 12:43 . 2004-08-04 04:00 753,236 --a------ c:\windows\system32\dllcache\rvseres.dll
2009-01-06 12:42 . 2001-08-17 13:28 899,146 --a------ c:\windows\system32\dllcache\r2mdkxga.sys
2009-01-06 12:41 . 2008-04-13 18:10 259,328 --a------ c:\windows\system32\dllcache\perm3dd.dll
2009-01-06 12:40 . 2001-08-17 14:05 351,616 --a------ c:\windows\system32\dllcache\ovcodek2.sys
2009-01-06 12:39 . 2001-08-17 12:50 198,144 --a------ c:\windows\system32\dllcache\nv3.sys
2009-01-06 12:39 . 2001-08-17 22:36 123,776 --a------ c:\windows\system32\dllcache\nv3.dll
2009-01-06 12:39 . 2001-08-17 12:20 87,040 --a------ c:\windows\system32\dllcache\nm6wdm.sys
2009-01-06 12:39 . 2001-08-17 12:20 54,528 --a------ c:\windows\system32\dllcache\opl3sax.sys
2009-01-06 12:39 . 2001-08-17 13:28 54,186 --a------ c:\windows\system32\dllcache\otcsercb.sys
2009-01-06 12:39 . 2001-08-17 12:49 51,552 --a------ c:\windows\system32\dllcache\ntgrip.sys
2009-01-06 12:39 . 2001-08-17 12:12 43,689 --a------ c:\windows\system32\dllcache\otceth5.sys
2009-01-06 12:39 . 2001-08-17 22:36 38,912 --a------ c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-01-06 12:39 . 2008-04-13 12:54 28,672 --a------ c:\windows\system32\dllcache\nscirda.sys
2009-01-06 12:39 . 2001-08-17 12:12 27,209 --a------ c:\windows\system32\dllcache\otc06x5.sys
2009-01-06 12:39 . 2001-08-17 14:05 25,088 --a------ c:\windows\system32\dllcache\ovca.sys
2009-01-06 12:39 . 2001-08-17 13:47 9,344 --a------ c:\windows\system32\dllcache\ntapm.sys
2009-01-06 12:39 . 2001-08-17 13:53 7,552 --a------ c:\windows\system32\dllcache\nsmmc.sys
2009-01-06 12:37 . 2004-08-04 04:00 1,875,968 --a------ c:\windows\system32\dllcache\msir3jp.lex
2009-01-06 12:36 . 2001-08-17 12:50 320,384 --a------ c:\windows\system32\dllcache\mgaum.sys
2009-01-06 12:35 . 2001-08-17 13:28 802,683 --a------ c:\windows\system32\dllcache\ltsm.sys
2009-01-06 12:34 . 2004-08-04 04:00 1,158,818 --a------ c:\windows\system32\dllcache\korwbrkr.lex
2009-01-06 12:33 . 2004-08-04 04:00 471,102 --a------ c:\windows\system32\dllcache\imskdic.dll
2009-01-06 12:32 . 2004-08-04 04:00 10,129,408 --a------ c:\windows\system32\dllcache\hwxkor.dll
2009-01-06 12:31 . 2004-08-04 04:00 1,175,635 --a------ c:\windows\system32\dllcache\hrtzres.dll
2009-01-06 12:30 . 2001-08-17 14:56 1,733,120 --a------ c:\windows\system32\dllcache\g400d.dll
2009-01-06 12:29 . 2001-08-17 12:15 455,680 --a------ c:\windows\system32\dllcache\fus2base.sys
2009-01-06 12:28 . 2001-08-17 12:17 629,952 --a------ c:\windows\system32\dllcache\eqn.sys
2009-01-06 12:27 . 2001-08-17 12:14 952,007 --a------ c:\windows\system32\dllcache\diwan.sys
2009-01-06 12:26 . 2001-08-17 22:36 419,357 --a------ c:\windows\system32\dllcache\dgconfig.dll
2009-01-06 12:25 . 2001-08-17 12:13 980,034 --a------ c:\windows\system32\dllcache\cicap.sys
2009-01-06 12:24 . 2004-08-04 04:00 1,677,824 --a------ c:\windows\system32\dllcache\chsbrkr.dll
2009-01-06 12:23 . 2004-08-04 04:00 1,817,687 --a------ c:\windows\system32\dllcache\bckgres.dll
2009-01-06 12:22 . 2001-08-17 13:28 762,780 --a------ c:\windows\system32\dllcache\3cwmcru.sys
2009-01-06 12:21 . 2004-08-04 04:00 169,984 --a------ c:\windows\system32\dllcache\iisui.dll
2009-01-06 12:21 . 2004-08-04 04:00 94,720 --a------ c:\windows\system32\dllcache\certmap.ocx
2009-01-06 12:21 . 2001-08-17 14:56 66,048 --a------ c:\windows\system32\dllcache\s3legacy.dll
2009-01-06 12:21 . 2004-08-04 04:00 19,968 --a------ c:\windows\system32\dllcache\inetsloc.dll
2009-01-06 12:21 . 2004-08-04 04:00 14,336 --a------ c:\windows\system32\dllcache\iisreset.exe
2009-01-06 12:21 . 2004-08-04 04:00 7,680 --a------ c:\windows\system32\dllcache\inetmgr.exe
2009-01-06 12:21 . 2004-08-04 04:00 7,168 --a------ c:\windows\system32\dllcache\wamregps.dll
2009-01-06 12:21 . 2004-08-04 04:00 6,144 --a------ c:\windows\system32\dllcache\ftpsapi2.dll
2009-01-06 12:21 . 2004-08-04 04:00 5,632 --a------ c:\windows\system32\dllcache\iisrstap.dll
2009-01-05 22:04 . 2009-01-05 22:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-05 22:03 . 2009-01-05 22:03 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-05 22:03 . 2009-01-05 22:03 <DIR> d-------- c:\documents and settings\Daniel\Application Data\SUPERAntiSpyware.com
2009-01-05 10:13 . 2009-01-05 10:14 <DIR> d-------- C:\rsit
2009-01-03 12:28 . 2009-01-03 12:28 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-03 12:27 . 2009-01-03 12:27 <DIR> d-------- c:\program files\Common Files\Java
2009-01-02 10:59 . 2009-01-02 10:59 <DIR> d-------- c:\program files\ERUNT
2009-01-01 21:30 . 2009-01-05 09:24 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-01 21:30 . 2009-01-01 21:30 <DIR> d-------- c:\documents and settings\Daniel\Application Data\Malwarebytes
2009-01-01 21:30 . 2009-01-01 21:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-01 21:30 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-01 21:30 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-01 21:17 . 2009-01-01 21:17 58,340 --ah----- c:\windows\system32\mlfcache.dat
2009-01-01 21:06 . 2009-01-01 21:06 <DIR> d-------- c:\program files\Safari
2009-01-01 20:03 . 2009-01-03 12:28 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-01 17:43 . 2009-01-01 17:43 <DIR> d-------- c:\program files\Trend Micro
2008-12-27 10:12 . 2008-12-27 10:12 <DIR> d-------- c:\program files\iTunes
2008-12-27 10:12 . 2008-12-27 10:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-12 16:18 . 2008-12-12 16:18 <DIR> d-------- C:\pics
2008-12-12 16:13 . 2008-12-12 16:14 <DIR> d-------- c:\documents and settings\Suzanne\Application Data\Canon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 01:11 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-06 05:03 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-03 19:28 --------- d-----w c:\program files\Java
2009-01-02 04:07 --------- d-----w c:\documents and settings\Daniel\Application Data\Apple Computer
2009-01-01 22:49 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-01 22:01 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-27 17:12 --------- d-----w c:\program files\iPod
2008-12-27 17:12 --------- d-----w c:\program files\Common Files\Apple
2008-12-27 17:10 --------- d-----w c:\program files\QuickTime
2008-12-26 22:16 --------- d-----w c:\program files\Apple Software Update
2008-12-18 23:49 --------- d-----w c:\documents and settings\Daniel\Application Data\Canon
2008-11-27 05:15 --------- d-----w c:\program files\Quicken
2008-11-07 21:23 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-09-03 20:03 60,968 ------w c:\documents and settings\Suzanne\GoToAssistDownloadHelper.exe
2005-05-03 02:27 4,245 -c----w c:\program files\Quicken.QIF
.

((((((((((((((((((((((((((((( snapshot@2009-01-06_18.07.49.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-07 06:31:17 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_264.dat
+ 2009-01-07 06:31:20 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_40c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2008-02-06 718704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-03 136600]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE]

c:\documents and settings\Daniel\Start Menu\Programs\Startup\
BounceBack Launcher.lnk - c:\program files\CMS Products\BounceBack Express\BBLauncher.exe [2008-09-16 93888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2005-03-12 82026]
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-12 110592]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-12 110592]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-03-02 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 15:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2005-07-29 08:25 24638 c:\windows\system32\PCANotify.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--------- 2005-06-06 23:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
-----c--- 2004-10-12 15:54 57344 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
-----c--- 2004-10-18 14:48 393216 c:\progra~1\Bluewin\QUICKH~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
-----c--- 2002-06-03 11:38 49152 c:\program files\ScanSoft\OmniPageSE\opware32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
-----c--- 2004-04-11 19:15 290816 c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--------- 2006-12-18 17:32 25365032 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--------- 2004-01-07 00:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-02 99376]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-01-25 149352]
S3 BCDCLINK;Belkin USB Direct Connect;c:\windows\system32\drivers\BCDCLINK.SYS [2000-08-08 14279]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888]
S4 BCDCNDIS;Belkin Direct Connect Network Adapter;c:\windows\system32\drivers\BCDCNDIS.SYS [2000-08-08 14054]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - Scion
.
Contents of the 'Scheduled Tasks' folder

2008-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-16 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Daniel.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 07:05]

2009-01-07 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDetect.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ucalgary.ca/
uSearch Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 23:32:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1452)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
.
**************************************************************************
.
Completion time: 2009-01-06 23:38:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-07 06:38:46
ComboFix2.txt 2009-01-07 01:09:43

Pre-Run: 18,206,945,280 bytes free
Post-Run: 18,193,195,008 bytes free

296 --- E O F --- 2008-12-17 20:14:27

Hello toomuchtime,

Great news.

We have a couple of last steps to perform and then you're all set.

Follow these steps to uninstall Combofix and tools used in the removal of malware

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

MBAM and SuperAntiSpyware can be uninstalled via control panel add/remove but they may be a useful tools to keep.

-------------------------------------------------------------------------------------------------------------------

A reminder now: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

-------------------------------------------------------------------------------------------------------------------

Now that you are clean here are some things I think are worth having a look at:

---------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week. For ease of use, you might consider the following free program:

• ATF Cleaner

--------------------------------------------------------------------------------------------------------------------

A great way to check that your Microsoft and Java have the latest updates is to go to Software Inspector at Secunia.

I do this weekly. Not only do they tell you which programs need updating but they give you the link to follow.

To bolster your security go to Secunia.com to ensure essential programs are up to date.

---------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure

• Click Start > Run
• Type Inetcpl.cpl & click OK
• Click on the Security tab
• Click Reset all zones to default level
• Make sure the Internet Zone is selected & Click Custom level
• In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
• Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Consider using an alternate browser. Mozilla's Firefox browser is excellant; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (Note: this as an added benefit!) that I have seen. Firefox is my default browser but I retain Internet Explorer as well so that I can access the very few sites that require it.

Firefox may be downloaded from Here

-----------------------------------------------------------------------------------------------------------------------

Startuplite is a tool to help you stop some programs not needed when you start your computer from loading. They will begin automatically only when needed.

-----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:

If your Microsoft Update is not working automatically. Keep your operating system up to date by visiting

• Microsoft Windows Update
  
  monthly. And to keep your system clean run these free malware scanners
  
• AdAware SE Personal
  
• Spybot Search & Destroy
  
  weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Have a safe and happy computing day!

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.