ComboFix 10-05-08.03 - Mark 05/09/2010 19:58:48.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1484 [GMT -4:00] Running from: c:\documents and settings\Mark\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Mark\Desktop\CFScript.txt AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Mark\Local Settings\Application Data\vtgqboqtw c:\documents and settings\NetworkService\Local Settings\Application Data\onivqhytu . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_cerc6 ((((((((((((((((((((((((( Files Created from 2010-04-10 to 2010-05-10 ))))))))))))))))))))))))))))))) . 2010-05-09 05:33 . 2010-05-09 05:33 63488 ----a-w- c:\documents and settings\Mark\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-05-09 05:33 . 2010-05-09 05:33 52224 ----a-w- c:\documents and settings\Mark\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-05-09 05:33 . 2010-05-09 05:33 117760 ----a-w- c:\documents and settings\Mark\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-05-09 05:32 . 2010-05-09 05:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-05-09 05:32 . 2010-05-09 05:32 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-05-09 05:32 . 2010-05-09 05:32 -------- d-----w- c:\documents and settings\Mark\Application Data\SUPERAntiSpyware.com 2010-05-09 05:32 . 2010-05-09 05:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-05-09 04:21 . 2010-05-09 04:21 -------- d-----w- c:\program files\Common Files\Java 2010-05-09 04:18 . 2010-05-09 04:18 -------- d-----w- c:\program files\Sun 2010-05-09 04:18 . 2010-05-09 04:17 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-05-09 01:02 . 2010-05-09 01:02 388096 ----a-r- c:\documents and settings\Mark\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-05-08 15:05 . 2010-05-09 05:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-05-08 15:05 . 2010-05-08 15:09 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-05-08 03:06 . 2010-05-08 03:05 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-05-08 03:02 . 2010-05-09 23:37 -------- d-----w- c:\program files\Lavasoft 2010-05-08 03:02 . 2010-05-09 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-05-08 02:49 . 2010-05-08 02:49 -------- d-----w- c:\program files\Trend Micro 2010-05-08 00:48 . 2010-05-08 00:48 -------- d-----w- c:\program files\AVG 2010-05-07 22:30 . 2010-05-07 22:30 36896 ----a-w- c:\documents and settings\Mark\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-06 03:52 . 2010-05-06 03:52 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-04-27 03:34 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll 2010-04-27 03:18 . 2010-04-27 03:18 -------- d-----w- c:\program files\YouTube Downloader 2010-04-27 03:09 . 2010-05-09 01:52 -------- d-----w- C:\music 2010-04-24 03:07 . 2010-04-24 03:07 -------- d-----w- c:\windows\Sun 2010-04-24 03:06 . 2010-04-24 03:06 503808 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3a1d1ed5-n\msvcp71.dll 2010-04-24 03:06 . 2010-04-24 03:06 499712 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3a1d1ed5-n\jmc.dll 2010-04-24 03:06 . 2010-04-24 03:06 348160 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3a1d1ed5-n\msvcr71.dll 2010-04-24 03:06 . 2010-04-24 03:06 61440 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-429a1f77-n\decora-sse.dll 2010-04-24 03:06 . 2010-04-24 03:06 12800 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-429a1f77-n\decora-d3d.dll 2010-04-24 03:06 . 2010-05-09 04:17 -------- d-----w- c:\program files\Java 2010-04-22 22:16 . 2008-04-14 04:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2010-04-22 12:36 . 2010-04-22 12:36 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2010-04-21 02:52 . 2010-04-21 02:52 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe 2010-04-21 02:50 . 2010-02-01 01:45 38784 ----a-w- c:\documents and settings\Mark\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-04-21 02:50 . 2010-04-21 02:50 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-04-21 02:49 . 2010-04-21 02:49 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe 2010-04-21 02:49 . 2010-04-21 11:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-04-21 02:48 . 2010-05-05 03:38 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\Adobe 2010-04-21 02:48 . 2010-04-21 02:48 -------- d-----w- c:\program files\Common Files\Adobe 2010-04-20 20:09 . 2010-04-20 20:09 -------- d-----w- c:\program files\CCleaner 2010-04-20 18:35 . 2010-04-20 18:35 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\Identities 2010-04-20 17:31 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-04-20 17:31 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll 2010-04-20 17:29 . 2008-11-10 15:41 32656 ----a-w- c:\windows\system32\msonpmon.dll 2010-04-20 17:29 . 2006-10-26 23:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll 2010-04-20 17:29 . 2010-04-22 12:34 -------- d-----w- c:\program files\Microsoft Works 2010-04-20 17:28 . 2010-04-20 17:28 -------- d-----w- c:\program files\Microsoft.NET 2010-04-20 17:25 . 2010-04-20 17:25 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\Microsoft Help 2010-04-20 17:25 . 2010-04-23 11:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-04-20 17:25 . 2010-04-20 17:25 -------- d-----r- C:\MSOCache 2010-04-20 16:00 . 2010-04-20 16:00 -------- d-----w- c:\windows\system32\XPSViewer 2010-04-20 15:59 . 2010-04-20 15:59 -------- d-----w- c:\program files\MSBuild 2010-04-20 15:59 . 2010-04-20 15:59 -------- d-----w- c:\program files\Reference Assemblies 2010-04-20 15:59 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-04-20 15:59 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-04-20 15:59 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-04-20 15:59 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-04-20 15:59 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2010-04-20 15:59 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-04-20 15:59 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2010-04-20 15:59 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-04-20 15:59 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-04-20 15:59 . 2010-04-20 15:59 -------- d-----w- C:\f75ac42679d5b18408d4b2049642eb4a 2010-04-20 13:48 . 2010-04-20 13:48 -------- d-----w- c:\program files\MSXML 4.0 2010-04-20 13:47 . 2010-04-20 13:47 -------- d-----w- c:\documents and settings\Mark\Application Data\Malwarebytes 2010-04-20 13:47 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-20 13:47 . 2010-05-06 04:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-20 13:47 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-20 13:47 . 2010-04-20 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-04-20 13:45 . 2010-04-20 13:45 -------- d-sh--w- c:\documents and settings\Mark\IECompatCache 2010-04-20 13:44 . 2010-04-20 13:44 -------- d-sh--w- c:\documents and settings\Mark\PrivacIE 2010-04-19 19:27 . 2010-04-19 19:27 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\Symantec 2010-04-19 19:26 . 2006-09-18 21:55 48816 ----a-w- c:\windows\system32\S32EVNT1.DLL 2010-04-19 19:26 . 2006-09-18 21:55 109744 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-04-19 19:26 . 2010-04-19 19:27 -------- d-----w- c:\program files\Symantec 2010-04-19 19:26 . 2010-05-10 00:04 -------- d-----w- c:\program files\Symantec AntiVirus 2010-04-19 19:26 . 2010-04-19 19:27 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-04-19 19:26 . 2010-04-19 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2010-04-19 18:41 . 2010-04-19 19:00 -------- d-----w- C:\Symantec Endpoint Protection 11 2010-04-19 17:45 . 2010-04-19 17:47 -------- d-----w- c:\documents and settings\Mark\Application Data\Corel 2010-04-19 17:45 . 2010-04-19 17:47 952 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2010-04-19 17:45 . 2008-02-26 18:43 655136 ----a-w- c:\documents and settings\Mark\Application Data\Corel\WordPerfect Office X4\User Config\InitLBar.exe 2010-04-19 17:32 . 2010-04-19 17:32 -------- d-----w- c:\program files\Common Files\Protexis 2010-04-19 17:32 . 2010-04-20 17:26 -------- d-----w- c:\windows\ShellNew 2010-04-19 17:32 . 2010-04-19 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel 2010-04-19 17:32 . 2010-04-19 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Borland 2010-04-19 17:32 . 2010-04-19 17:32 -------- d-----w- c:\program files\Common Files\Borland Shared 2010-04-19 17:31 . 2010-04-19 17:48 -------- d-----w- c:\program files\Common Files\Corel 2010-04-19 17:28 . 2010-04-19 17:33 -------- d-----w- c:\program files\Corel 2010-04-19 17:26 . 2010-04-19 17:26 -------- d-----w- c:\documents and settings\Mark\Application Data\CyberLink 2010-04-19 17:20 . 2010-04-19 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell 2010-04-19 17:20 . 2010-04-19 17:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PowerDVD DX 2010-04-19 17:19 . 2010-04-19 17:19 -------- d-----w- c:\program files\CyberLink 2010-04-19 17:19 . 2008-05-23 18:06 89088 ----a-w- c:\windows\system32\atl71.dll 2010-04-19 17:19 . 2008-05-23 18:06 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-04-19 17:19 . 2008-05-23 18:06 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-04-19 17:19 . 2008-05-23 18:06 1060864 ----a-w- c:\windows\system32\MFC71.dll 2010-04-19 17:19 . 2008-05-23 18:06 1047552 ----a-w- c:\windows\system32\MFC71u.dll 2010-04-19 17:15 . 2010-04-19 17:15 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache 2010-04-19 17:11 . 2010-04-19 17:11 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2010-04-19 17:07 . 2010-04-19 17:07 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2010-04-19 17:01 . 2010-02-25 15:54 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll 2010-04-19 17:01 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-04-19 17:01 . 2010-02-25 06:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-04-19 17:01 . 2010-02-25 06:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-04-19 17:01 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-04-19 17:01 . 2010-02-25 06:24 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-04-19 17:01 . 2010-04-19 17:01 -------- d-----w- c:\windows\ie8updates 2010-04-19 17:01 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-04-19 17:00 . 2010-04-19 17:01 -------- dc-h--w- c:\windows\ie8 2010-04-19 15:03 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2010-04-19 15:03 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys 2010-04-19 15:02 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2010-04-19 15:01 . 2010-02-17 13:10 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2010-04-19 15:01 . 2010-02-16 14:08 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-04-19 15:01 . 2010-02-16 13:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-06 04:23 . 2010-05-06 04:23 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-04-20 16:24 . 2010-04-19 14:33 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-04-19 17:19 . 2010-04-19 14:47 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-19 14:54 . 2010-04-19 14:42 -------- d-----w- c:\program files\Dell 2010-04-19 14:52 . 2010-04-19 14:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf 2010-04-19 14:52 . 2010-04-19 14:52 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2010-04-19 14:52 . 2010-04-19 14:52 -------- d-----w- c:\program files\DellTPad 2010-04-19 14:51 . 2010-04-19 14:51 -------- d-----w- c:\program files\SigmaTel 2010-04-19 14:51 . 2010-04-19 14:51 -------- d-----w- c:\program files\Common Files\InstallShield 2010-04-19 14:50 . 2010-04-19 14:50 -------- d-----w- c:\program files\CONEXANT 2010-04-19 14:49 . 2010-04-19 14:49 -------- d-----w- c:\program files\Broadcom 2010-04-19 14:47 . 2010-04-19 14:47 -------- d-----w- c:\program files\O2Micro OZ776 SCR Driver 2010-04-19 14:42 . 2010-04-19 14:42 5 ----a-w- c:\windows\system32\drivers\DELL_LAT_D630.MRK 2010-04-19 14:42 . 2010-04-19 14:42 5 ----a-w- c:\windows\system32\drivers\1028_DELL_LAT_D630.MRK 2010-04-19 14:42 . 2010-04-19 14:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield 2010-04-19 14:40 . 2010-04-19 14:40 -------- d-----w- c:\program files\Intel 2010-04-19 14:34 . 2010-04-19 14:34 -------- d-----w- c:\program files\microsoft frontpage 2010-04-19 14:31 . 2010-04-19 14:31 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2010-03-10 06:15 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:24 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 14:08 . 2008-04-14 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2008-04-14 00:01 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:33 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys . ((((((((((((((((((((((((((((( SnapShot@2010-05-09_22.43.46 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-10 00:03 . 2010-05-10 00:03 16384 c:\windows\Temp\Perflib_Perfdata_ac.dat + 2008-04-14 12:00 . 2010-05-09 23:43 67714 c:\windows\system32\perfc009.dat - 2008-04-14 12:00 . 2010-05-09 22:41 67714 c:\windows\system32\perfc009.dat + 2008-04-14 12:00 . 2010-05-09 23:43 432924 c:\windows\system32\perfh009.dat - 2008-04-14 12:00 . 2010-05-09 22:41 432924 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-06 2017280] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "IgfxTray"=c:\windows\system32\igfxtray.exe "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" "Persistence"=c:\windows\system32\igfxpers.exe "QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE" "SigmatelSysTrayApp"=%ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "vptray"=c:\progra~1\SYMANT~1\VPTray.exe "HotKeysCmds"=c:\windows\system32\hkcmd.exe "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" "Broadcom Wireless Manager UI"=c:\windows\system32\WLTRAY.exe "AVG9_TRAY"=c:\progra~1\AVG\AVG9\avgtray.exe "Apoint"=c:\program files\DellTPad\Apoint.exe "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" /min "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 68168] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/19/2010 3:36 PM 102448] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464] . Contents of the 'Scheduled Tasks' folder 2010-05-09 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" uInternet Settings,ProxyOverride = . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-09 20:04 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(876) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(2792) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\windows\System32\SCardSvr.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe c:\program files\Symantec AntiVirus\Rtvscan.exe . ************************************************************************** . Completion time: 2010-05-09 20:07:14 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-10 00:07 ComboFix2.txt 2010-05-09 22:45 Pre-Run: 66,910,748,672 bytes free Post-Run: 66,826,375,168 bytes free - - End Of File - - DD98032DAD7A4685F1B023003E29D348