Broni,
Had a bit more difficulty getting COMBOFIX to run. Had to try several times before it ran all the way through.
Computer is acting a bit screwier. Specifically, I'm regularly (every 10-15 minutes) getting messages that Internet Explorer had to shut down, even though I have not been running IE.
Anyway, here is the log:
ComboFix 11-01-06.06 - s.metrau 01/07/2011 9:46.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.2911 [GMT -5:00]
Running from: c:\documents and settings\s.metrau\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
((((((((((((((((((((((((( Files Created from 2010-12-07 to 2011-01-07 )))))))))))))))))))))))))))))))
.
2011-01-03 22:35 . 2011-01-03 22:35 574 ----a-w- C:\cleanup.bat
2011-01-03 20:21 . 2011-01-03 20:21 -------- d-----w- C:\_OTL
2011-01-03 15:29 . 2011-01-03 15:29 -------- d-----w- c:\documents and settings\s.metrau\Local Settings\Application Data\Temp
2011-01-02 19:47 . 2011-01-02 19:47 -------- d-----w- c:\program files\Common Files\Java
2011-01-02 19:46 . 2010-11-12 23:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-02 19:46 . 2010-11-12 23:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-26 13:32 . 2010-12-26 13:32 -------- d-----w- c:\program files\iPod
2010-12-26 13:32 . 2010-12-26 13:34 -------- d-----w- c:\program files\iTunes
2010-12-15 20:41 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 16:43 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-07 14:35 . 2009-08-10 18:33 0 ----a-w- c:\documents and settings\s.metrau\Local Settings\Application Data\WavXMapDrive.bat
2010-12-20 23:09 . 2009-08-10 17:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2009-08-10 17:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2008-04-25 21:27 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 21:34 . 2009-06-09 00:15 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-06 00:34 . 2008-04-25 16:16 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34 . 2008-04-25 16:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34 . 2008-04-25 16:16 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34 . 2008-04-25 16:16 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-03 12:25 . 2008-04-25 16:16 389120 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-25 16:16 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2008-04-25 16:16 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:27 . 2008-04-25 16:16 1862272 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((( SnapShot@2011-01-03_03.28.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-07 14:34 . 2011-01-07 14:34 16384 c:\windows\Temp\Perflib_Perfdata_56c.dat
- 2008-04-25 16:16 . 2011-01-03 03:28 80480 c:\windows\system32\perfc009.dat
+ 2008-04-25 16:16 . 2011-01-07 14:39 80480 c:\windows\system32\perfc009.dat
+ 2010-02-20 22:04 . 2011-01-04 16:51 55304 c:\windows\system32\mlfcache.dat
+ 2011-01-03 20:29 . 2011-01-07 14:34 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-02 17:52 . 2011-01-03 02:42 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-18 19:51 . 2011-01-07 14:34 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-06-18 19:51 . 2011-01-03 02:42 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-06-18 19:51 . 2011-01-03 02:42 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-06-18 19:51 . 2011-01-07 14:34 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-25 16:16 . 2011-01-07 14:39 467430 c:\windows\system32\perfh009.dat
- 2008-04-25 16:16 . 2011-01-03 03:28 467430 c:\windows\system32\perfh009.dat
+ 2007-07-11 17:27 . 2010-11-06 00:34 380928 c:\windows\system32\ieapfltr.dll
- 2007-07-11 17:27 . 2010-09-09 13:38 380928 c:\windows\system32\ieapfltr.dll
- 2009-08-10 17:35 . 2010-09-09 13:38 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2009-08-10 17:35 . 2010-11-06 00:34 380928 c:\windows\system32\dllcache\ieapfltr.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-01-14 15:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-01-14 15:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 134656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2008-12-19 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-12-22 145408]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-01-16 656696]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-01-16 95544]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-01-19 667648]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-01-16 15360]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-06-09 2220032]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-03-01 1810432]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-21 198160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-2-6 1095456]
Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2009-8-10 869376]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-8-10 106560]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Datatel\\UI\\wIntegSM.exe"=
"c:\\Program Files\\Datatel\\UI\\datatel.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [4/19/2007 5:56 AM 133968]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [12/29/2008 11:07 AM 320800]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [1/22/2009 10:19 AM 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [1/22/2009 10:19 AM 20840]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2/6/2009 8:06 PM 443168]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [3/1/2009 6:09 PM 77824]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/8/2009 10:05 PM 112512]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [6/8/2009 10:05 PM 32808]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [6/8/2009 10:05 PM 244368]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [6/8/2009 10:05 PM 109568]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [6/8/2009 7:26 PM 232744]
S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [4/19/2007 5:28 AM 42832]
S3 Normandy;Normandy SR2; [x]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2011-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://campus.usip.edu/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: usip.edu\campus
FF - ProfilePath - c:\documents and settings\s.metrau\Application Data\Mozilla\Firefox\Profiles\fmzr22gc.default\
FF - prefs.js: browser.search.selectedEngine - Answers.com
FF - prefs.js: browser.startup.homepage - usp.edu
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter:
jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realplayer\browserrecord\firefox\ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-01-07 10:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2868)
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdo.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\windows\system32\btmmhook.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2011-01-07 10:29:28
ComboFix-quarantined-files.txt 2011-01-07 15:29
ComboFix2.txt 2011-01-05 12:43
ComboFix3.txt 2011-01-03 03:44
Pre-Run: 117,042,147,328 bytes free
Post-Run: 117,409,689,600 bytes free
- - End Of File - - 9CC3E4B61BDF550CB8779CBAF8829C74