Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

is my computer a zombie/drone?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: is my computer a zombie/drone?

Unread postby John B. » January 6th, 2009, 2:03 pm

Hi,

Strange that it is not in the uninstall list. It was first. Can you please go here and check for a file called uninstall.exe or uninst.exe or something like that:
C:\Program Files\SUPERAntiSpyware
If such file is present, double-click on it and see if it will uninstall SUPERAntiSpyware.

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands
Advertisement
Register to Remove

Re: is my computer a zombie/drone?

Unread postby justime8 » January 6th, 2009, 2:44 pm

there does not seem to be an uninstall file here is a screen shot. the two files you can not see are language file and sound. My courser is still disappearing while typing it is very irritating !!! does not do it on this site but it happens even in my google search bar.

Image
justime8
Regular Member
 
Posts: 19
Joined: December 17th, 2008, 6:11 pm

Re: is my computer a zombie/drone?

Unread postby John B. » January 7th, 2009, 12:26 pm

Hi,

Sorry for the late reply, I discussed the faulty SUPERAntiSpyware problem with the rest of the crew. There are two possibilities:
  • First, check if it refers to an uninstallation by doing this:
    • Start
    • All programs
    • SUPERAntiSpyware
    If so, uninstall the program and reinstall it. If not, try the second option:
  • Install SUPERAntiSpyware of the top of this one or repair it:
    • Make sure you totally closed SUPERAntiSpyware and stopped it from running in the background.
    • Go to the website of SUPERAntiSpyware and download the installer.
    • Run the installer
      • If it says SUPERAntiSpyware is already present and does not give an option to repair, let me know.
      • If it says SUPERAntiSpyware is already present and does give an option to repair, do that, reboot and post a fresh uninstall log (instructions in my welcome speech)
      • If it does not say SUPERAntiSpyware is already present just install it and make sure it is installed here: C:\Program Files\SUPERAntiSpyware. Afterwards reboot and post a fresh uninstall log (instructions in my welcome speech).

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: is my computer a zombie/drone?

Unread postby justime8 » January 7th, 2009, 2:36 pm

well I had to shut it off and reinstall to uninstall but all is good now! want a new hjt log? no problem about the time for response, I am very happy with the help you are giving me!
justime8
Regular Member
 
Posts: 19
Joined: December 17th, 2008, 6:11 pm

Re: is my computer a zombie/drone?

Unread postby John B. » January 7th, 2009, 3:19 pm

Yes please post a new uninstall log and a new HijackThis log. Here is how to create an uninstall log:
  • Start HijackThis
  • Click on the Open The Misc Tool Section button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

A HijackThis log is the one with the date and time in the header. Please check if you really have the newest one and then post both :)
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: is my computer a zombie/drone?

Unread postby justime8 » January 7th, 2009, 3:57 pm

ok here you go

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:22 AM, on 1/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SDistTest\SDistTestSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8709801526
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SpybotSnD Distributed Testing (SDisTestService) - Safer Networking Limited - C:\Program Files\SDistTest\SDistTestSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4482 bytes


Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
AVG Free 8.0
COMODO Firewall Pro
COMODO Registry Cleaner 1.0.17.23
Driver Detective
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Intel(R) Network Connections 13.1.33.0
Java(TM) 6 Update 11
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.5)
NASA World Wind 1.4
NVIDIA Drivers
RunAlyzer
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB960714)
Shrek 2
SoundMAX
Spybot - Search & Destroy
Spybot-S&D Distributed Testing Client
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
justime8
Regular Member
 
Posts: 19
Joined: December 17th, 2008, 6:11 pm

Re: is my computer a zombie/drone?

Unread postby John B. » January 7th, 2009, 4:58 pm

Hi,

After running ComboFix for the first you said that you ran it a couple of more times. Please post those logs. They are stored here:
C:\qoobox\ComboFix<number>.txt
Please post all those logs in the order of low to high and posting only one log per post. That means you must post a couple of posts.

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: is my computer a zombie/drone?

Unread postby justime8 » January 7th, 2009, 11:08 pm

ok this is all of them

ComboFix 09-01-02.01 - j&8pHtwaqs- 2009-01-03 21:00:47.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.646 [GMT -9:00]
Running from: c:\documents and settings\j&8pHtwaqs-\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: COMODO Firewall Pro *enabled*
.

((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 )))))))))))))))))))))))))))))))
.

2009-01-03 18:35 . 2009-01-03 18:35 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-03 18:35 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-03 18:35 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-03 11:21 . 2009-01-03 11:21 <DIR> d-------- c:\program files\Trend Micro
2009-01-03 10:34 . 2009-01-03 10:39 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-03 10:34 . 2009-01-03 11:35 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\AVGTOOLBAR
2009-01-03 10:34 . 2009-01-03 10:34 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-03 10:34 . 2009-01-03 10:34 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-03 10:00 . 2009-01-03 10:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2009-01-03 09:35 . 2009-01-03 09:37 <DIR> d-------- c:\program files\New Folder
2009-01-01 19:29 . 2009-01-01 19:29 <DIR> d-------- c:\program files\Activision
2009-01-01 19:29 . 2009-01-01 19:29 <DIR> d-------- C:\help
2008-12-30 16:53 . 2008-12-30 16:53 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\Windows Search
2008-12-30 15:49 . 2008-12-30 15:49 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-12-30 15:49 . 2008-12-30 15:49 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-12-30 15:49 . 2009-01-03 19:25 <DIR> d-------- c:\program files\Windows Desktop Search
2008-12-30 15:49 . 2008-03-07 08:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2008-12-30 15:49 . 2008-03-07 08:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2008-12-30 15:49 . 2008-03-07 08:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2008-12-30 15:47 . 2008-12-30 15:47 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-30 15:47 . 2008-12-30 15:48 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-12-30 15:00 . 2008-12-30 15:00 <DIR> d-------- c:\windows\system32\URTTEMP
2008-12-23 11:01 . 2009-01-02 06:09 <DIR> d-------- c:\program files\SDistTest
2008-12-16 07:34 . 2008-12-16 07:34 <DIR> d-------- c:\program files\Safer Networking
2008-12-14 16:50 . 2008-12-30 18:37 131 --a------ c:\windows\CRC.INI
2008-12-10 10:00 . 2008-12-10 10:00 7,064 --a------ C:\screen shot safe mode task mng.png
2008-12-10 06:56 . 2008-12-10 06:56 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-09 18:24 . 2008-12-09 18:24 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\Malwarebytes
2008-12-09 18:24 . 2008-12-09 18:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-09 17:09 . 2008-12-09 17:09 <DIR> d-------- c:\documents and settings\tasha\Application Data\Comodo
2008-12-09 17:08 . 2009-01-03 10:34 <DIR> d-------- c:\documents and settings\tasha
2008-12-09 16:19 . 2008-12-09 16:19 <DIR> d-------- c:\documents and settings\justime8\Application Data\Comodo
2008-12-09 16:19 . 2009-01-03 10:34 <DIR> d-------- c:\documents and settings\justime8
2008-12-09 15:40 . 2008-12-09 15:39 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-09 15:39 . 2008-12-09 15:39 <DIR> d-------- c:\program files\Java
2008-12-09 15:12 . 2008-12-09 15:13 <DIR> d-------- c:\program files\MSECACHE
2008-12-08 11:24 . 2008-12-30 18:52 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-08 11:24 . 2009-01-03 10:58 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\SUPERAntiSpyware.com
2008-12-08 11:24 . 2008-12-08 11:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-07 20:44 . 2008-10-24 02:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-07 20:34 . 2008-09-04 08:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-12-07 20:33 . 2008-10-15 07:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-12-07 20:31 . 2008-09-08 01:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-12-07 20:30 . 2008-08-14 01:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-07 20:30 . 2008-08-14 01:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-07 20:30 . 2008-08-14 00:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-07 20:30 . 2008-08-14 00:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-07 20:27 . 2008-08-14 01:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-12-07 20:26 . 2008-09-15 03:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-12-07 19:55 . 2008-05-01 05:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-12-07 19:52 . 2008-04-11 10:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-12-07 19:50 . 2008-06-13 02:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-07 19:50 . 2008-05-08 05:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-12-07 19:33 . 2008-12-07 19:33 13,588 --a------ c:\windows\system32\wpa.bak
2008-12-07 19:33 . 2008-12-07 19:33 4,444 --a------ c:\windows\system32\pid.PNF
2008-12-07 19:19 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2008-12-07 19:19 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2008-12-07 19:19 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-12-07 19:19 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-07 19:19 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2008-12-05 13:41 . 2008-12-06 23:07 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-05 13:41 . 2008-12-06 23:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 04:31 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 04:28 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-15 01:47 --------- d-----w c:\program files\Comodo
2008-12-10 00:39 410,976 ----a-w c:\windows\system32\deploytk.dll
2008-11-18 20:05 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-18 20:04 --------- d-----w c:\program files\Common Files\Adobe
2008-11-10 18:48 --------- d-----w c:\program files\Intel
2008-11-09 22:41 15,600 ----a-w c:\windows\system32\drivers\???????
2008-11-09 08:16 --------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers Headquarters
2008-11-09 08:14 --------- d-----w c:\program files\PC Drivers HeadQuarters
2008-11-09 01:07 --------- d-----w c:\documents and settings\j&8pHtwaqs-\Application Data\Talkback
2008-11-09 00:57 --------- d-----w c:\documents and settings\j&8pHtwaqs-\Application Data\Comodo
2008-11-09 00:57 --------- d-----w c:\documents and settings\All Users\Application Data\Comodo
2008-11-09 00:18 --------- d-----w c:\program files\AVG
2008-11-09 00:08 --------- d-----w c:\program files\Analog Devices
2008-11-08 23:31 --------- d-----w c:\program files\microsoft frontpage
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 23:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 23:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 23:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 23:12 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 23:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 23:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 23:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 01:00 666,112 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-03_10.13.34.63 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-03 19:34:37 26,824 ----a-w c:\windows\system32\drivers\avgmfx86.sys
- 2008-12-31 02:21:38 76,528 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-04 04:23:48 69,474 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-31 02:21:38 440,336 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-04 04:23:48 419,292 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-30 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\CPF.exe" [2008-11-08 1115728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-03 1261336]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"Appinit_Dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-03 97928]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-11-17 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-03 231704]
R4 SDisTestService;SpybotSnD Distributed Testing;c:\program files\SDistTest\SDistTestSvc.exe [2008-12-23 907680]
S3 PORTMON;PORTMON;\??\c:\documents and settings\j&8pHtwaqs-\Desktop\PORTMSYS.SYS --> c:\documents and settings\j&8pHtwaqs-\Desktop\PORTMSYS.SYS [?]
S3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;c:\windows\system32\drivers\SMC1211.sys [2001-07-11 23153]

*Newly Created Service* - UPNPHOST
.
- - - - ORPHANS REMOVED - - - -

Notify-!SASWinLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\documents and settings\j&8pHtwaqs-\Application Data\Mozilla\Firefox\Profiles\9nc205ba.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 21:02:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(776)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2009-01-03 21:03:22
ComboFix-quarantined-files.txt 2009-01-04 06:03:20
ComboFix2.txt 2009-01-03 19:29:05
ComboFix3.txt 2009-01-03 19:21:20
ComboFix4.txt 2009-01-03 19:14:12

Pre-Run: 12,566,749,184 bytes free
Post-Run: 12,555,186,176 bytes free

179 --- E O F --- 2008-12-31 02:22:58
ComboFix 09-01-02.01 - j&8pHtwaqs- 2009-01-03 10:27:00.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.740 [GMT -9:00]
Running from: c:\documents and settings\j&8pHtwaqs-\Desktop\ComboFix.exe
FW: COMODO Firewall Pro *enabled*
.

((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 )))))))))))))))))))))))))))))))
.

2009-01-03 10:00 . 2009-01-03 10:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2009-01-03 09:35 . 2009-01-03 09:37 <DIR> d-------- c:\program files\New Folder
2009-01-01 19:29 . 2009-01-01 19:29 <DIR> d-------- c:\program files\Activision
2009-01-01 19:29 . 2009-01-01 19:29 <DIR> d-------- C:\help
2008-12-30 16:53 . 2008-12-30 16:53 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\Windows Search
2008-12-30 15:50 . 2008-12-30 15:50 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\Windows Desktop Search
2008-12-30 15:49 . 2008-12-30 15:49 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-12-30 15:49 . 2008-12-30 15:49 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-12-30 15:49 . 2008-12-30 15:50 <DIR> d-------- c:\program files\Windows Desktop Search
2008-12-30 15:49 . 2008-03-07 08:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2008-12-30 15:49 . 2008-03-07 08:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2008-12-30 15:49 . 2008-03-07 08:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2008-12-30 15:47 . 2008-12-30 15:47 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-30 15:47 . 2008-12-30 15:48 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-12-30 15:00 . 2008-12-30 15:00 <DIR> d-------- c:\windows\system32\URTTEMP
2008-12-23 11:01 . 2009-01-02 06:09 <DIR> d-------- c:\program files\SDistTest
2008-12-16 07:34 . 2008-12-16 07:34 <DIR> d-------- c:\program files\Safer Networking
2008-12-14 16:50 . 2008-12-30 18:37 131 --a------ c:\windows\CRC.INI
2008-12-10 10:00 . 2008-12-10 10:00 7,064 --a------ C:\screen shot safe mode task mng.png
2008-12-10 06:56 . 2008-12-10 06:56 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-09 18:24 . 2008-12-09 18:24 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\Malwarebytes
2008-12-09 18:24 . 2008-12-09 18:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-09 17:09 . 2008-12-09 17:09 <DIR> d-------- c:\documents and settings\tasha\Application Data\Comodo
2008-12-09 17:08 . 2009-01-03 10:00 <DIR> d-------- c:\documents and settings\tasha
2008-12-09 16:19 . 2008-12-09 16:19 <DIR> d-------- c:\documents and settings\justime8\Application Data\Comodo
2008-12-09 16:19 . 2009-01-03 10:00 <DIR> d-------- c:\documents and settings\justime8
2008-12-09 15:40 . 2008-12-09 15:39 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-09 15:39 . 2008-12-09 15:39 <DIR> d-------- c:\program files\Java
2008-12-09 15:12 . 2008-12-09 15:13 <DIR> d-------- c:\program files\MSECACHE
2008-12-08 11:24 . 2008-12-30 18:52 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-08 11:24 . 2009-01-03 10:15 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\SUPERAntiSpyware.com
2008-12-08 11:24 . 2008-12-08 11:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-07 20:44 . 2008-10-24 02:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-07 20:34 . 2008-09-04 08:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-12-07 20:33 . 2008-10-15 07:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-12-07 20:31 . 2008-09-08 01:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-12-07 20:30 . 2008-08-14 01:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-07 20:30 . 2008-08-14 01:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-07 20:30 . 2008-08-14 00:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-07 20:30 . 2008-08-14 00:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-07 20:27 . 2008-08-14 01:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-12-07 20:26 . 2008-09-15 03:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-12-07 19:55 . 2008-05-01 05:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-12-07 19:52 . 2008-04-11 10:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-12-07 19:50 . 2008-06-13 02:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-07 19:50 . 2008-05-08 05:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-12-07 19:33 . 2008-12-07 19:33 13,588 --a------ c:\windows\system32\wpa.bak
2008-12-07 19:33 . 2008-12-07 19:33 4,444 --a------ c:\windows\system32\pid.PNF
2008-12-07 19:19 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2008-12-07 19:19 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2008-12-07 19:19 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-12-07 19:19 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-07 19:19 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2008-12-05 13:41 . 2008-12-06 23:07 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-05 13:41 . 2008-12-06 23:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 04:31 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 04:28 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-15 01:47 --------- d-----w c:\program files\Comodo
2008-12-10 00:39 410,976 ----a-w c:\windows\system32\deploytk.dll
2008-11-18 20:05 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-18 20:04 --------- d-----w c:\program files\Common Files\Adobe
2008-11-10 18:48 --------- d-----w c:\program files\Intel
2008-11-09 22:41 15,600 ----a-w c:\windows\system32\drivers\???????
2008-11-09 08:16 --------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers Headquarters
2008-11-09 08:14 --------- d-----w c:\program files\PC Drivers HeadQuarters
2008-11-09 01:07 --------- d-----w c:\documents and settings\j&8pHtwaqs-\Application Data\Talkback
2008-11-09 00:57 --------- d-----w c:\documents and settings\j&8pHtwaqs-\Application Data\Comodo
2008-11-09 00:57 --------- d-----w c:\documents and settings\All Users\Application Data\Comodo
2008-11-09 00:18 --------- d-----w c:\program files\AVG
2008-11-09 00:08 --------- d-----w c:\program files\Analog Devices
2008-11-08 23:31 --------- d-----w c:\program files\microsoft frontpage
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 23:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 23:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 23:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 23:12 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 23:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 23:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 23:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 01:00 666,112 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\CPF.exe" [2008-11-08 1115728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R4 SDisTestService;SpybotSnD Distributed Testing;c:\program files\SDistTest\SDistTestSvc.exe [2008-12-23 907680]
S3 PORTMON;PORTMON;\??\c:\documents and settings\j&8pHtwaqs-\Desktop\PORTMSYS.SYS --> c:\documents and settings\j&8pHtwaqs-\Desktop\PORTMSYS.SYS [?]
S3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;c:\windows\system32\drivers\SMC1211.sys [2001-07-11 23153]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\documents and settings\j&8pHtwaqs-\Application Data\Mozilla\Firefox\Profiles\9nc205ba.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 10:28:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-03 10:29:03
ComboFix-quarantined-files.txt 2009-01-03 19:28:59
ComboFix2.txt 2009-01-03 19:21:20
ComboFix3.txt 2009-01-03 19:14:12

Pre-Run: 12,695,638,016 bytes free
Post-Run: 12,683,583,488 bytes free

146 --- E O F --- 2008-12-31 02:22:58
ComboFix 09-01-02.01 - j&8pHtwaqs- 2009-01-03 10:19:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.713 [GMT -9:00]
Running from: c:\documents and settings\j&8pHtwaqs-\Desktop\ComboFix.exe
FW: COMODO Firewall Pro *enabled*
.

((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 )))))))))))))))))))))))))))))))
.

2009-01-03 10:00 . 2009-01-03 10:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2009-01-03 09:35 . 2009-01-03 09:37 <DIR> d-------- c:\program files\New Folder
2009-01-01 19:29 . 2009-01-01 19:29 <DIR> d-------- c:\program files\Activision
2009-01-01 19:29 . 2009-01-01 19:29 <DIR> d-------- C:\help
2008-12-30 16:53 . 2008-12-30 16:53 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\Windows Search
2008-12-30 15:50 . 2008-12-30 15:50 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\Windows Desktop Search
2008-12-30 15:49 . 2008-12-30 15:49 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-12-30 15:49 . 2008-12-30 15:49 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-12-30 15:49 . 2008-12-30 15:50 <DIR> d-------- c:\program files\Windows Desktop Search
2008-12-30 15:49 . 2008-03-07 08:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2008-12-30 15:49 . 2008-03-07 08:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2008-12-30 15:49 . 2008-03-07 08:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2008-12-30 15:47 . 2008-12-30 15:47 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-30 15:47 . 2008-12-30 15:48 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-12-30 15:00 . 2008-12-30 15:00 <DIR> d-------- c:\windows\system32\URTTEMP
2008-12-23 11:01 . 2009-01-02 06:09 <DIR> d-------- c:\program files\SDistTest
2008-12-16 07:34 . 2008-12-16 07:34 <DIR> d-------- c:\program files\Safer Networking
2008-12-14 16:50 . 2008-12-30 18:37 131 --a------ c:\windows\CRC.INI
2008-12-10 10:00 . 2008-12-10 10:00 7,064 --a------ C:\screen shot safe mode task mng.png
2008-12-10 06:56 . 2008-12-10 06:56 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-09 18:24 . 2008-12-09 18:24 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\Malwarebytes
2008-12-09 18:24 . 2008-12-09 18:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-09 17:09 . 2008-12-09 17:09 <DIR> d-------- c:\documents and settings\tasha\Application Data\Comodo
2008-12-09 17:08 . 2009-01-03 10:00 <DIR> d-------- c:\documents and settings\tasha
2008-12-09 16:19 . 2008-12-09 16:19 <DIR> d-------- c:\documents and settings\justime8\Application Data\Comodo
2008-12-09 16:19 . 2009-01-03 10:00 <DIR> d-------- c:\documents and settings\justime8
2008-12-09 15:40 . 2008-12-09 15:39 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-09 15:39 . 2008-12-09 15:39 <DIR> d-------- c:\program files\Java
2008-12-09 15:12 . 2008-12-09 15:13 <DIR> d-------- c:\program files\MSECACHE
2008-12-08 11:24 . 2008-12-30 18:52 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-08 11:24 . 2009-01-03 10:15 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\SUPERAntiSpyware.com
2008-12-08 11:24 . 2008-12-08 11:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-07 20:44 . 2008-10-24 02:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-07 20:34 . 2008-09-04 08:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-12-07 20:33 . 2008-10-15 07:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-12-07 20:31 . 2008-09-08 01:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-12-07 20:30 . 2008-08-14 01:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-07 20:30 . 2008-08-14 01:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-07 20:30 . 2008-08-14 00:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-07 20:30 . 2008-08-14 00:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-07 20:27 . 2008-08-14 01:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-12-07 20:26 . 2008-09-15 03:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-12-07 19:55 . 2008-05-01 05:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-12-07 19:52 . 2008-04-11 10:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-12-07 19:50 . 2008-06-13 02:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-07 19:50 . 2008-05-08 05:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-12-07 19:33 . 2008-12-07 19:33 13,588 --a------ c:\windows\system32\wpa.bak
2008-12-07 19:33 . 2008-12-07 19:33 4,444 --a------ c:\windows\system32\pid.PNF
2008-12-07 19:19 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2008-12-07 19:19 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2008-12-07 19:19 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-12-07 19:19 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-07 19:19 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2008-12-05 13:41 . 2008-12-06 23:07 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-05 13:41 . 2008-12-06 23:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 04:31 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 04:28 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-15 01:47 --------- d-----w c:\program files\Comodo
2008-12-10 00:39 410,976 ----a-w c:\windows\system32\deploytk.dll
2008-11-18 20:05 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-18 20:04 --------- d-----w c:\program files\Common Files\Adobe
2008-11-10 18:48 --------- d-----w c:\program files\Intel
2008-11-09 22:41 15,600 ----a-w c:\windows\system32\drivers\???????
2008-11-09 08:16 --------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers Headquarters
2008-11-09 08:14 --------- d-----w c:\program files\PC Drivers HeadQuarters
2008-11-09 01:07 --------- d-----w c:\documents and settings\j&8pHtwaqs-\Application Data\Talkback
2008-11-09 00:57 --------- d-----w c:\documents and settings\j&8pHtwaqs-\Application Data\Comodo
2008-11-09 00:57 --------- d-----w c:\documents and settings\All Users\Application Data\Comodo
2008-11-09 00:18 --------- d-----w c:\program files\AVG
2008-11-09 00:08 --------- d-----w c:\program files\Analog Devices
2008-11-08 23:31 --------- d-----w c:\program files\microsoft frontpage
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 23:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 23:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 23:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 23:12 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 23:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 23:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 23:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 01:00 666,112 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\CPF.exe" [2008-11-08 1115728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R4 SDisTestService;SpybotSnD Distributed Testing;c:\program files\SDistTest\SDistTestSvc.exe [2008-12-23 907680]
S3 PORTMON;PORTMON;\??\c:\documents and settings\j&8pHtwaqs-\Desktop\PORTMSYS.SYS --> c:\documents and settings\j&8pHtwaqs-\Desktop\PORTMSYS.SYS [?]
S3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;c:\windows\system32\drivers\SMC1211.sys [2001-07-11 23153]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\documents and settings\j&8pHtwaqs-\Application Data\Mozilla\Firefox\Profiles\9nc205ba.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 10:20:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2009-01-03 10:21:18
ComboFix-quarantined-files.txt 2009-01-03 19:21:15
ComboFix2.txt 2009-01-03 19:14:12

Pre-Run: 12,694,650,880 bytes free
Post-Run: 12,685,582,336 bytes free

153 --- E O F --- 2008-12-31 02:22:58
ComboFix 09-01-02.01 - j&8pHtwaqs- 2009-01-03 10:11:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.732 [GMT -9:00]
Running from: c:\documents and settings\j&8pHtwaqs-\Desktop\ComboFix.exe
FW: COMODO Firewall Pro *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\msssc.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 )))))))))))))))))))))))))))))))
.

2009-01-03 10:00 . 2009-01-03 10:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2009-01-03 09:35 . 2009-01-03 09:37 <DIR> d-------- c:\program files\New Folder
2009-01-01 19:29 . 2009-01-01 19:29 <DIR> d-------- c:\program files\Activision
2009-01-01 19:29 . 2009-01-01 19:29 <DIR> d-------- C:\help
2008-12-30 16:53 . 2008-12-30 16:53 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\Windows Search
2008-12-30 15:50 . 2008-12-30 15:50 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\Windows Desktop Search
2008-12-30 15:49 . 2008-12-30 15:49 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-12-30 15:49 . 2008-12-30 15:49 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-12-30 15:49 . 2008-12-30 15:50 <DIR> d-------- c:\program files\Windows Desktop Search
2008-12-30 15:49 . 2008-03-07 08:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2008-12-30 15:49 . 2008-03-07 08:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2008-12-30 15:49 . 2008-03-07 08:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2008-12-30 15:47 . 2008-12-30 15:47 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-30 15:47 . 2008-12-30 15:48 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-12-30 15:00 . 2008-12-30 15:00 <DIR> d-------- c:\windows\system32\URTTEMP
2008-12-23 11:01 . 2009-01-02 06:09 <DIR> d-------- c:\program files\SDistTest
2008-12-16 07:34 . 2008-12-16 07:34 <DIR> d-------- c:\program files\Safer Networking
2008-12-14 16:50 . 2008-12-30 18:37 131 --a------ c:\windows\CRC.INI
2008-12-10 10:00 . 2008-12-10 10:00 7,064 --a------ C:\screen shot safe mode task mng.png
2008-12-10 06:56 . 2008-12-10 06:56 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-09 18:24 . 2008-12-09 18:24 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\Malwarebytes
2008-12-09 18:24 . 2008-12-09 18:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-09 17:09 . 2008-12-09 17:09 <DIR> d-------- c:\documents and settings\tasha\Application Data\Comodo
2008-12-09 17:08 . 2009-01-03 10:00 <DIR> d-------- c:\documents and settings\tasha
2008-12-09 16:19 . 2008-12-09 16:19 <DIR> d-------- c:\documents and settings\justime8\Application Data\Comodo
2008-12-09 16:19 . 2009-01-03 10:00 <DIR> d-------- c:\documents and settings\justime8
2008-12-09 15:40 . 2008-12-09 15:39 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-09 15:39 . 2008-12-09 15:39 <DIR> d-------- c:\program files\Java
2008-12-09 15:12 . 2008-12-09 15:13 <DIR> d-------- c:\program files\MSECACHE
2008-12-08 11:24 . 2008-12-30 18:52 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-08 11:24 . 2008-12-08 11:24 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\SUPERAntiSpyware.com
2008-12-08 11:24 . 2008-12-08 11:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-08 11:22 . 2008-12-08 11:22 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-07 20:44 . 2008-10-24 02:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-07 20:34 . 2008-09-04 08:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-12-07 20:33 . 2008-10-15 07:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-12-07 20:31 . 2008-09-08 01:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-12-07 20:30 . 2008-08-14 01:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-07 20:30 . 2008-08-14 01:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-07 20:30 . 2008-08-14 00:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-07 20:30 . 2008-08-14 00:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-07 20:27 . 2008-08-14 01:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-12-07 20:26 . 2008-09-15 03:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-12-07 19:55 . 2008-05-01 05:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-12-07 19:52 . 2008-04-11 10:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-12-07 19:50 . 2008-06-13 02:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-07 19:50 . 2008-05-08 05:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-12-07 19:33 . 2008-12-07 19:33 13,588 --a------ c:\windows\system32\wpa.bak
2008-12-07 19:33 . 2008-12-07 19:33 4,444 --a------ c:\windows\system32\pid.PNF
2008-12-07 19:19 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2008-12-07 19:19 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2008-12-07 19:19 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-12-07 19:19 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-07 19:19 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2008-12-05 13:41 . 2008-12-06 23:07 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-05 13:41 . 2008-12-06 23:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 04:31 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 04:28 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-15 01:47 --------- d-----w c:\program files\Comodo
2008-12-10 00:39 410,976 ----a-w c:\windows\system32\deploytk.dll
2008-11-18 20:05 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-18 20:04 --------- d-----w c:\program files\Common Files\Adobe
2008-11-10 18:48 --------- d-----w c:\program files\Intel
2008-11-09 22:41 15,600 ----a-w c:\windows\system32\drivers\???????
2008-11-09 08:16 --------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers Headquarters
2008-11-09 08:14 --------- d-----w c:\program files\PC Drivers HeadQuarters
2008-11-09 01:07 --------- d-----w c:\documents and settings\j&8pHtwaqs-\Application Data\Talkback
2008-11-09 00:57 --------- d-----w c:\documents and settings\j&8pHtwaqs-\Application Data\Comodo
2008-11-09 00:57 --------- d-----w c:\documents and settings\All Users\Application Data\Comodo
2008-11-09 00:18 --------- d-----w c:\program files\AVG
2008-11-09 00:08 --------- d-----w c:\program files\Analog Devices
2008-11-08 23:31 --------- d-----w c:\program files\microsoft frontpage
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 23:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 23:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 23:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 23:12 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 23:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 23:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 23:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 01:00 666,112 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\CPF.exe" [2008-11-08 1115728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-30 18:52 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-11-17 55024]
R4 SDisTestService;SpybotSnD Distributed Testing;c:\program files\SDistTest\SDistTestSvc.exe [2008-12-23 907680]
S3 PORTMON;PORTMON;\??\c:\documents and settings\j&8pHtwaqs-\Desktop\PORTMSYS.SYS --> c:\documents and settings\j&8pHtwaqs-\Desktop\PORTMSYS.SYS [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;c:\windows\system32\drivers\SMC1211.sys [2001-07-11 23153]

*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\documents and settings\j&8pHtwaqs-\Application Data\Mozilla\Firefox\Profiles\9nc205ba.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 10:13:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2009-01-03 10:14:11
ComboFix-quarantined-files.txt 2009-01-03 19:14:07

Pre-Run: 12,682,387,456 bytes free
Post-Run: 12,675,891,200 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

168 --- E O F --- 2008-12-31 02:22:58
justime8
Regular Member
 
Posts: 19
Joined: December 17th, 2008, 6:11 pm

Re: is my computer a zombie/drone?

Unread postby John B. » January 8th, 2009, 3:10 am

Hi,

So SUPERAntiSpyware is now uninstalled? Then you can delete this line with HijackThis (if present):
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
Reboot and install SUPERAntiSpyware again if you want to have it.

Can you tell me a little more about the disappearing cursor. Does it only happen when Java is running? The more detailed your story, the easier we can troubleshoot this.

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: is my computer a zombie/drone?

Unread postby justime8 » January 8th, 2009, 6:51 am

well it seems to only happen when java is running. but it does not just effect the active window it happens in all text bars like google or yahoo search barsor any chat bar and only if java is running. It seems to have something to do with java reloading or refreshing the page \ window every time I try to type in a bar. And it happens like half way through a sentence or any time sometimes I watch to and there is no set amount of letters that cause it that I can tell. I can say that it only effects letters.. numbers do not cause it to disappear number pad or keyboards.
justime8
Regular Member
 
Posts: 19
Joined: December 17th, 2008, 6:11 pm

Re: is my computer a zombie/drone?

Unread postby John B. » January 8th, 2009, 11:58 am

Hi,

Let's try cleaning your Java cache:
  • Press Start
  • Go to Control Panel
  • Click Java
  • Under Temporary Internet Files click Settings...
  • Now click Delete files...
  • Select both options and click OK
  • The temporary files will now be deleted.
  • When done click OK twice and close Control Panel

Also enable the console:
  • Press Start
  • Go to Control Panel
  • Click Java
  • Go to the Advanced tab
  • Expand Java console
  • Choose for Show console
  • Click Apply and then OK
  • Now when you start a Java applet the console opens. See if anything strange is logged.

Please let me know if you found anything strange and/or if clearing the cache solved it.

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: is my computer a zombie/drone?

Unread postby justime8 » January 8th, 2009, 12:07 pm

good morning john
ok in java control panel\ delete temp files the option to delete application and applets is grayed out so I am unable to check both boxes. um disregard um clicked restore defaults apply ok restarted the console and clicked both boxes now going to try. will let you konw in new post soon.
justime8
Regular Member
 
Posts: 19
Joined: December 17th, 2008, 6:11 pm

Re: is my computer a zombie/drone?

Unread postby justime8 » January 8th, 2009, 12:49 pm

It was good at first but then I hit backspace that was the first and now it's happening again but not near as often which is great! but it is still happening :( and I started the jave console it started and I saved it but I do not know where to look for it. The file I saved I mean.
justime8
Regular Member
 
Posts: 19
Joined: December 17th, 2008, 6:11 pm

Re: is my computer a zombie/drone?

Unread postby John B. » January 8th, 2009, 1:27 pm

It was good at first but then I hit backspace that was the first and now it's happening again but not near as often which is great! but it is still happening :(

When did you hit backspace? After clearing the cache or just a long time ago before the problem started? You are kind of unclear here...

And I started the jave console it started and I saved it but I do not know where to look for it. The file I saved I mean.

Please start a Java applet and make sure the Java console is opened. Now start browsing and after you had the problem of the disappearing cursor for a couple of times, go back to the Java console window and hit Copy. Then start a new post here and you can just press Ctrl + V to paste the contents of the console.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: is my computer a zombie/drone?

Unread postby justime8 » January 9th, 2009, 1:23 pm

I cleaned the java cache I then went to the pool room and started typing in the chat bar here is 3 copies I saved in a file over the last 24 hours I don't see anything unusual but maybe you do.
Java Plug-in 1.6.0_11
Using JRE version 1.6.0_11 Java HotSpot(TM) Client VM
User home directory = C:\Documents and Settings\j&8pHtwaqs-

----------------------------------------------------
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
q: hide console
r: reload policy configuration
s: dump system and deployment properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>
----------------------------------------------------

Copyright 1997-2005 Yahoo! Inc.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5;jvmvendor=Sun Microsystems Inc.;jvmversion=1.6.0_11
getting image: http://yog73.games.scd.yahoo.com/i/us/ga/sx/pl.gif
getting image: http://yog73.games.scd.yahoo.com/i/us/ga/sl_3/pl.gif
Loaded audio clip: http://yog73.games.scd.yahoo.com/yog/re ... on/beep.au
Loaded audio clip: http://yog73.games.scd.yahoo.com/yog/re ... ool/cue.au
Loaded audio clip: http://yog73.games.scd.yahoo.com/yog/re ... ol/ball.au
Loaded audio clip: http://yog73.games.scd.yahoo.com/yog/re ... ll-soft.au
Loaded audio clip: http://yog73.games.scd.yahoo.com/yog/re ... cushion.au
Loaded audio clip: http://yog73.games.scd.yahoo.com/yog/re ... /pocket.au


Java Plug-in 1.6.0_11
Using JRE version 1.6.0_11 Java HotSpot(TM) Client VM
User home directory = C:\Documents and Settings\j&8pHtwaqs-

----------------------------------------------------
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
q: hide console
r: reload policy configuration
s: dump system and deployment properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>
----------------------------------------------------

Copyright 1997-2005 Yahoo! Inc.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5;jvmvendor=Sun Microsystems Inc.;jvmversion=1.6.0_11
getting image: http://yog74.games.scd.yahoo.com/i/us/ga/sx/pl.gif
getting image: http://yog74.games.scd.yahoo.com/i/us/ga/sl_3/pl.gif
Loaded audio clip: http://yog74.games.scd.yahoo.com/yog/re ... on/beep.au
Loaded audio clip: http://yog74.games.scd.yahoo.com/yog/re ... ool/cue.au
Loaded audio clip: http://yog74.games.scd.yahoo.com/yog/re ... ol/ball.au
Loaded audio clip: http://yog74.games.scd.yahoo.com/yog/re ... ll-soft.au
Loaded audio clip: http://yog74.games.scd.yahoo.com/yog/re ... cushion.au
Loaded audio clip: http://yog74.games.scd.yahoo.com/yog/re ... /pocket.au


Java Plug-in 1.6.0_11
Using JRE version 1.6.0_11 Java HotSpot(TM) Client VM
User home directory = C:\Documents and Settings\j&8pHtwaqs-

----------------------------------------------------
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
q: hide console
r: reload policy configuration
s: dump system and deployment properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>
----------------------------------------------------

Copyright 1997-2005 Yahoo! Inc.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5;jvmvendor=Sun Microsystems Inc.;jvmversion=1.6.0_11
getting image: http://yog76.games.scd.yahoo.com/i/us/ga/sx/pl.gif
getting image: http://yog76.games.scd.yahoo.com/i/us/ga/sl_3/pl.gif
Loaded audio clip: http://yog76.games.scd.yahoo.com/yog/re ... on/beep.au
Loaded audio clip: http://yog76.games.scd.yahoo.com/yog/re ... ool/cue.au
Loaded audio clip: http://yog76.games.scd.yahoo.com/yog/re ... ol/ball.au
Loaded audio clip: http://yog76.games.scd.yahoo.com/yog/re ... ll-soft.au
Loaded audio clip: http://yog76.games.scd.yahoo.com/yog/re ... cushion.au
Loaded audio clip: http://yog76.games.scd.yahoo.com/yog/re ... /pocket.au
justime8
Regular Member
 
Posts: 19
Joined: December 17th, 2008, 6:11 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 22 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware