Next ComboFix log:
ComboFix 09-02-27.02 - Kevin 2009-02-27 23:30:44.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2488 [GMT -6:00]
Running from: c:\documents and settings\Kevin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kevin\Desktop\CFScript.txt
AV: Norton Security Online *On-access scanning disabled* (Updated)
FW: Norton Security Online *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\~VMA4.tmp
C:\~VMA5.tmp
C:\~VMA6.tmp
C:\~VMA7.tmp
C:\~VMA8.tmp
C:\~VMA9.tmp
C:\~VMAA.tmp
C:\~VMAB.tmp
C:\~VMAC.tmp
c:\windows\Sysvxd.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\~VMA4.tmp
C:\~VMA5.tmp
C:\~VMA6.tmp
C:\~VMA7.tmp
C:\~VMA8.tmp
C:\~VMA9.tmp
C:\~VMAA.tmp
C:\~VMAB.tmp
C:\~VMAC.tmp
c:\program files\Viewpoint
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Viewpoint\Common\VistaBoot.sdll
c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr.dll
c:\program files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\ExtremeShot.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SWFViewHost.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VETScriptInterpreter.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\WaveletReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
c:\program files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt
c:\program files\Viewpoint\Viewpoint Media Player\VMPUpdateCount.ini
c:\windows\Sysvxd.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_VIEWPOINT_SERVICE
-------\Service_Viewpoint Service
((((((((((((((((((((((((( Files Created from 2009-01-28 to 2009-02-28 )))))))))))))))))))))))))))))))
.
2009-02-26 20:31 . 2009-02-26 20:31 <DIR> d-------- c:\program files\Trend Micro
2009-02-26 00:22 . 2009-02-27 21:12 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-26 00:22 . 2009-02-26 00:22 <DIR> d-------- c:\documents and settings\Kevin\Application Data\Malwarebytes
2009-02-26 00:22 . 2009-02-26 00:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-26 00:22 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-26 00:22 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-25 23:10 . 2009-02-25 23:10 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-25 23:10 . 2009-02-25 23:10 <DIR> d-------- c:\documents and settings\Kevin\Application Data\SUPERAntiSpyware.com
2009-02-25 23:10 . 2009-02-25 23:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-25 23:09 . 2009-02-25 23:09 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-24 21:24 . 2009-02-24 21:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\PCPitstop
2009-02-15 10:25 . 2009-02-15 10:25 <DIR> d--hs---- c:\documents and settings\Kevin\IECompatCache
2009-02-01 14:48 . 2009-02-01 14:48 <DIR> d--hs---- c:\documents and settings\Kevin\IETldCache
2009-01-29 21:40 . 2009-01-29 21:42 <DIR> d--h-c--- c:\windows\ie8
2009-01-29 21:38 . 2009-01-10 23:00 79,360 -----c--- c:\windows\system32\dllcache\iecompat.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-28 05:34 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-26 05:00 --------- d-----w c:\program files\NRatings
2009-02-26 04:12 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-25 03:43 --------- d-----w c:\program files\Common Files\AOL
2009-02-25 03:42 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2009-02-25 03:41 --------- d-----w c:\program files\N4um
2009-02-25 03:33 --------- d-----w c:\program files\CCleaner
2009-02-23 01:42 --------- d-----w c:\documents and settings\Kevin\Application Data\teamspeak2
2009-02-12 02:28 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-08 04:33 --------- d-----w c:\program files\NETGEAR HDX101 Configuration Utility
2009-02-06 05:35 --------- d-----w c:\documents and settings\All Users\Application Data\yahoo!
2009-01-20 05:50 --------- d-----w c:\program files\Creative
2009-01-18 22:03 --------- d-----w c:\program files\Teamspeak2_RC2
2009-01-18 06:38 --------- d-----w c:\documents and settings\Kevin\Application Data\Yahoo!
2009-01-12 18:15 --------- d-----w c:\program files\Java
2009-01-08 03:01 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-08 03:01 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-08 03:01 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-08 03:01 --------- d-----w c:\program files\Symantec
2009-01-01 07:32 --------- d-----w c:\program files\XML Notepad 2007
2008-12-29 01:12 --------- d-----w c:\program files\SystemRequirementsLab
2008-12-28 01:39 --------- d-----w c:\program files\eMule
2008-07-10 13:30 92,064 ----a-w c:\documents and settings\Kevin\mqdmmdm.sys
2008-07-10 13:30 9,232 ----a-w c:\documents and settings\Kevin\mqdmmdfl.sys
2008-07-10 13:30 79,328 ----a-w c:\documents and settings\Kevin\mqdmserd.sys
2008-07-10 13:30 66,656 ----a-w c:\documents and settings\Kevin\mqdmbus.sys
2008-07-10 13:30 6,208 ----a-w c:\documents and settings\Kevin\mqdmcmnt.sys
2008-07-10 13:30 5,936 ----a-w c:\documents and settings\Kevin\mqdmwhnt.sys
2008-07-10 13:30 4,048 ----a-w c:\documents and settings\Kevin\mqdmcr.sys
2008-07-10 13:30 25,600 ----a-w c:\documents and settings\Kevin\usbsermptxp.sys
2008-07-10 13:30 22,768 ----a-w c:\documents and settings\Kevin\usbsermpt.sys
2008-05-26 01:36 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052520080526\index.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-02-27_23.02.26.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 02:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-02-28 05:34:29 16,384 ----atw c:\windows\temp\Perflib_Perfdata_1c4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2008-11-20 4347120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-24 188416]
"HPHmon04"="c:\windows\System32\hphmon04.exe" [2002-06-20 339968]
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-05-24 49152]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2007-10-26 509224]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"osCheck"="c:\progra~1\Symantec\osCheck.exe" [2007-01-14 771704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-12 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-09 185872]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"nwiz"="nwiz.exe" [2008-12-26 c:\windows\system32\nwiz.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2008-03-02 217088]
Event Planner Reminder.lnk - c:\program files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe [2005-08-30 25896]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 Kithara-RBsoft;RBsoft Customer Driver;c:\windows\system32\RBsoft.sys [2008-05-06 184864]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\ImHidUsb.sys [2001-12-12 30772]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-02-26 38496]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-02-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2008-12-26 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2008-06-10 12:56]
2008-03-29 c:\windows\Tasks\Norton Security Online - Run Full System Scan - Kevin.job
- c:\progra~1\Symantec\Norton AntiVirus\Navw32.exe [2007-01-14 03:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-02-27 23:34:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(872)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\windows\system32\hphipm11.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Yahoo!\YOP\SSDK02.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\SBC Self Support Tool\bin\mpbtn.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-02-27 23:38:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-28 05:38:08
ComboFix2.txt 2009-02-28 05:03:30
Pre-Run: 110,083,506,176 bytes free
Post-Run: 109,977,575,424 bytes free
256 --- E O F --- 2009-02-26 02:41:05