Combofix ran the script here is the new log
ComboFix 09-04-01.01 - Gene 2009-04-02 14:28:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.674 [GMT -7:00]
Running from: c:\documents and settings\Gene\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Gene\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090402-1] *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-03-02 to 2009-04-02 )))))))))))))))))))))))))))))))
.
2009-04-02 13:12 . 2009-04-02 13:12 <DIR> d-------- C:\_OTMoveIt
2009-04-02 12:47 . 2009-04-02 12:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-01 20:03 . 2009-04-01 20:03 <DIR> d-------- c:\program files\Alwil Software
2009-04-01 14:27 . 2009-04-01 14:27 <DIR> d-------- c:\program files\Trend Micro
2009-04-01 13:32 . 2009-04-01 14:03 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-04-01 10:47 . 2009-04-01 10:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-01 10:46 . 2009-04-01 10:46 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-04-01 10:46 . 2009-04-01 10:46 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-04-01 10:46 . 2009-04-01 10:46 <DIR> d-------- c:\documents and settings\Gene\Application Data\SUPERAntiSpyware.com
2009-04-01 10:12 . 2009-04-01 10:12 <DIR> d-------- c:\program files\CCleaner
2009-04-01 09:44 . 2009-04-01 09:44 54,156 --ah----- c:\windows\QTFont.qfn
2009-04-01 09:44 . 2009-04-01 09:44 1,409 --a------ c:\windows\QTFont.for
2009-03-31 22:35 . 2009-03-31 22:35 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-31 22:35 . 2009-03-31 22:35 <DIR> d-------- c:\documents and settings\Gene\Application Data\Malwarebytes
2009-03-31 22:35 . 2009-03-31 22:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-31 22:35 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-31 22:35 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-30 16:01 . 2006-02-28 05:00 811,064 --a------ c:\windows\system32\imjp81k.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 21:32 --------- d-----w c:\program files\DNA
2009-04-02 21:32 --------- d-----w c:\documents and settings\Gene\Application Data\DNA
2009-04-02 03:00 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-01 21:21 --------- d-----w c:\program files\Java
2009-04-01 16:48 --------- d-----w c:\program files\Starry Night Orion Special Edition
2009-03-31 19:50 --------- d-----w c:\documents and settings\Gene\Application Data\Hoyle Card Games
2009-03-31 04:11 --------- d-----w c:\program files\World of Warcraft
2009-03-28 00:50 --------- d-----w c:\program files\CompuPic
2009-03-23 23:41 --------- d-----w c:\documents and settings\Gene\Application Data\TaxCut
2009-03-23 23:41 --------- d-----w c:\documents and settings\All Users\Application Data\pdf995
2009-03-22 19:47 --------- d-----w c:\documents and settings\All Users\Application Data\TaxCut
2009-03-21 22:15 --------- d-----w c:\program files\Cool2000
2009-03-09 00:34 --------- d-----w c:\program files\Savings Bond Wizard
2009-03-03 20:10 --------- d-----w c:\documents and settings\Gene\Application Data\OpenOffice.org2
2009-02-25 00:52 --------- d-----w c:\documents and settings\Gene\Application Data\Hoyle Blackjack
2009-02-07 18:46 --------- d-----w c:\program files\Google
2009-02-02 20:21 --------- d-----w c:\documents and settings\Gene\Application Data\BitTorrent
2008-10-13 02:40 24 ----a-w c:\documents and settings\Gene\jagex_runescape_preferences.dat
2008-08-12 23:35 7,670,000 ----a-w c:\documents and settings\Gene\QuickCareSetup2.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-04-02_14.00.18.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-02 21:31:48 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_130.dat
+ 2009-04-02 21:31:38 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5ec.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-15 342848]
"SansaDispatch"="c:\documents and settings\Gene\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-01-22 79872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-05-30 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
TV883LP Remote Control.lnk - c:\program files\V-Stream Multimedia\TV883LP Utilities\C8XRCtl.exe [2006-07-09 57344]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"quickcare2.2"=c:\program files\Qwest\QuickCare\bin\sprtcmd.exe /P QuickCare2.2
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-04-01 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-04-01 20560]
R2 CX88XBAR;V-Stream TV88X Crossbar;c:\windows\system32\drivers\cx88xbar.sys [2006-07-09 9472]
S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" --> c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [?]
S2 SessionLauncher;SessionLauncher;c:\docume~1\Gene\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\Gene\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9d5faa8-bcbe-11dd-b95d-00301b3e2316}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-04-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 08:14]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.
**************************************************************************
disk not found C:\
please note that you need administrator rights to perform deep scan
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1644491937-1060284298-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ee,55,b7,97,4d,51,fb,d7,89,28,0f,f5,c0,23,b4,43,19,db,c4,9a,3f,a8,a1,
69,fa,33,0c,6d,b6,cb,5e,37,12,46,0f,2f,a3,4d,d2,04,a9,74,dc,d8,f8,5b,a9,a7,\
"??"=hex:2b,1a,85,4d,cf,ed,18,b4,75,a3,39,c7,1a,5b,5d,b6
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-02 14:34:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-02 21:34:18
ComboFix2.txt 2009-04-02 21:01:03
Pre-Run: 21,404,217,344 bytes free
Post-Run: 21,387,829,248 bytes free
147 --- E O F --- 2007-12-12 16:20:50