ok this is all of them
ComboFix 09-01-02.01 - j&8pHtwaqs- 2009-01-03 21:00:47.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.646 [GMT -9:00]
Running from: c:\documents and settings\j&8pHtwaqs-\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: COMODO Firewall Pro *enabled*
.
((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 )))))))))))))))))))))))))))))))
.
2009-01-03 18:35 . 2009-01-03 18:35 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-03 18:35 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-03 18:35 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-03 11:21 . 2009-01-03 11:21 <DIR> d-------- c:\program files\Trend Micro
2009-01-03 10:34 . 2009-01-03 10:39 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-03 10:34 . 2009-01-03 11:35 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\AVGTOOLBAR
2009-01-03 10:34 . 2009-01-03 10:34 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-03 10:34 . 2009-01-03 10:34 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-03 10:00 . 2009-01-03 10:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2009-01-03 09:35 . 2009-01-03 09:37 <DIR> d-------- c:\program files\New Folder
2009-01-01 19:29 . 2009-01-01 19:29 <DIR> d-------- c:\program files\Activision
2009-01-01 19:29 . 2009-01-01 19:29 <DIR> d-------- C:\help
2008-12-30 16:53 . 2008-12-30 16:53 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\Windows Search
2008-12-30 15:49 . 2008-12-30 15:49 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-12-30 15:49 . 2008-12-30 15:49 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-12-30 15:49 . 2009-01-03 19:25 <DIR> d-------- c:\program files\Windows Desktop Search
2008-12-30 15:49 . 2008-03-07 08:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2008-12-30 15:49 . 2008-03-07 08:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2008-12-30 15:49 . 2008-03-07 08:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2008-12-30 15:47 . 2008-12-30 15:47 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-30 15:47 . 2008-12-30 15:48 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-12-30 15:00 . 2008-12-30 15:00 <DIR> d-------- c:\windows\system32\URTTEMP
2008-12-23 11:01 . 2009-01-02 06:09 <DIR> d-------- c:\program files\SDistTest
2008-12-16 07:34 . 2008-12-16 07:34 <DIR> d-------- c:\program files\Safer Networking
2008-12-14 16:50 . 2008-12-30 18:37 131 --a------ c:\windows\CRC.INI
2008-12-10 10:00 . 2008-12-10 10:00 7,064 --a------ C:\screen shot safe mode task mng.png
2008-12-10 06:56 . 2008-12-10 06:56 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-09 18:24 . 2008-12-09 18:24 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\Malwarebytes
2008-12-09 18:24 . 2008-12-09 18:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-09 17:09 . 2008-12-09 17:09 <DIR> d-------- c:\documents and settings\tasha\Application Data\Comodo
2008-12-09 17:08 . 2009-01-03 10:34 <DIR> d-------- c:\documents and settings\tasha
2008-12-09 16:19 . 2008-12-09 16:19 <DIR> d-------- c:\documents and settings\justime8\Application Data\Comodo
2008-12-09 16:19 . 2009-01-03 10:34 <DIR> d-------- c:\documents and settings\justime8
2008-12-09 15:40 . 2008-12-09 15:39 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-09 15:39 . 2008-12-09 15:39 <DIR> d-------- c:\program files\Java
2008-12-09 15:12 . 2008-12-09 15:13 <DIR> d-------- c:\program files\MSECACHE
2008-12-08 11:24 . 2008-12-30 18:52 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-08 11:24 . 2009-01-03 10:58 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\SUPERAntiSpyware.com
2008-12-08 11:24 . 2008-12-08 11:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-07 20:44 . 2008-10-24 02:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-07 20:34 . 2008-09-04 08:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-12-07 20:33 . 2008-10-15 07:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-12-07 20:31 . 2008-09-08 01:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-12-07 20:30 . 2008-08-14 01:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-07 20:30 . 2008-08-14 01:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-07 20:30 . 2008-08-14 00:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-07 20:30 . 2008-08-14 00:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-07 20:27 . 2008-08-14 01:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-12-07 20:26 . 2008-09-15 03:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-12-07 19:55 . 2008-05-01 05:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-12-07 19:52 . 2008-04-11 10:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-12-07 19:50 . 2008-06-13 02:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-07 19:50 . 2008-05-08 05:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-12-07 19:33 . 2008-12-07 19:33 13,588 --a------ c:\windows\system32\wpa.bak
2008-12-07 19:33 . 2008-12-07 19:33 4,444 --a------ c:\windows\system32\pid.PNF
2008-12-07 19:19 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2008-12-07 19:19 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2008-12-07 19:19 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-12-07 19:19 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-07 19:19 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2008-12-05 13:41 . 2008-12-06 23:07 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-05 13:41 . 2008-12-06 23:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 04:31 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 04:28 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-15 01:47 --------- d-----w c:\program files\Comodo
2008-12-10 00:39 410,976 ----a-w c:\windows\system32\deploytk.dll
2008-11-18 20:05 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-18 20:04 --------- d-----w c:\program files\Common Files\Adobe
2008-11-10 18:48 --------- d-----w c:\program files\Intel
2008-11-09 22:41 15,600 ----a-w c:\windows\system32\drivers\???????
2008-11-09 08:16 --------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers Headquarters
2008-11-09 08:14 --------- d-----w c:\program files\PC Drivers HeadQuarters
2008-11-09 01:07 --------- d-----w c:\documents and settings\j&8pHtwaqs-\Application Data\Talkback
2008-11-09 00:57 --------- d-----w c:\documents and settings\j&8pHtwaqs-\Application Data\Comodo
2008-11-09 00:57 --------- d-----w c:\documents and settings\All Users\Application Data\Comodo
2008-11-09 00:18 --------- d-----w c:\program files\AVG
2008-11-09 00:08 --------- d-----w c:\program files\Analog Devices
2008-11-08 23:31 --------- d-----w c:\program files\microsoft frontpage
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 23:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 23:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 23:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 23:12 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 23:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 23:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 23:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 01:00 666,112 ----a-w c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((( snapshot@2009-01-03_10.13.34.63 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-03 19:34:37 26,824 ----a-w c:\windows\system32\drivers\avgmfx86.sys
- 2008-12-31 02:21:38 76,528 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-04 04:23:48 69,474 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-31 02:21:38 440,336 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-04 04:23:48 419,292 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-30 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\CPF.exe" [2008-11-08 1115728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-03 1261336]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"Appinit_Dlls"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-03 97928]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-11-17 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-03 231704]
R4 SDisTestService;SpybotSnD Distributed Testing;c:\program files\SDistTest\SDistTestSvc.exe [2008-12-23 907680]
S3 PORTMON;PORTMON;\??\c:\documents and settings\j&8pHtwaqs-\Desktop\PORTMSYS.SYS --> c:\documents and settings\j&8pHtwaqs-\Desktop\PORTMSYS.SYS [?]
S3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;c:\windows\system32\drivers\SMC1211.sys [2001-07-11 23153]
*Newly Created Service* - UPNPHOST
.
- - - - ORPHANS REMOVED - - - -
Notify-!SASWinLogon - (no file)
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\documents and settings\j&8pHtwaqs-\Application Data\Mozilla\Firefox\Profiles\9nc205ba.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-03 21:02:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\avgrsstx.dll
- - - - - - - > 'lsass.exe'(776)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2009-01-03 21:03:22
ComboFix-quarantined-files.txt 2009-01-04 06:03:20
ComboFix2.txt 2009-01-03 19:29:05
ComboFix3.txt 2009-01-03 19:21:20
ComboFix4.txt 2009-01-03 19:14:12
Pre-Run: 12,566,749,184 bytes free
Post-Run: 12,555,186,176 bytes free
179 --- E O F --- 2008-12-31 02:22:58
ComboFix 09-01-02.01 - j&8pHtwaqs- 2009-01-03 10:27:00.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.740 [GMT -9:00]
Running from: c:\documents and settings\j&8pHtwaqs-\Desktop\ComboFix.exe
FW: COMODO Firewall Pro *enabled*
.
((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 )))))))))))))))))))))))))))))))
.
2009-01-03 10:00 . 2009-01-03 10:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2009-01-03 09:35 . 2009-01-03 09:37 <DIR> d-------- c:\program files\New Folder
2009-01-01 19:29 . 2009-01-01 19:29 <DIR> d-------- c:\program files\Activision
2009-01-01 19:29 . 2009-01-01 19:29 <DIR> d-------- C:\help
2008-12-30 16:53 . 2008-12-30 16:53 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\Windows Search
2008-12-30 15:50 . 2008-12-30 15:50 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\Windows Desktop Search
2008-12-30 15:49 . 2008-12-30 15:49 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-12-30 15:49 . 2008-12-30 15:49 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-12-30 15:49 . 2008-12-30 15:50 <DIR> d-------- c:\program files\Windows Desktop Search
2008-12-30 15:49 . 2008-03-07 08:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2008-12-30 15:49 . 2008-03-07 08:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2008-12-30 15:49 . 2008-03-07 08:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2008-12-30 15:47 . 2008-12-30 15:47 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-30 15:47 . 2008-12-30 15:48 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-12-30 15:00 . 2008-12-30 15:00 <DIR> d-------- c:\windows\system32\URTTEMP
2008-12-23 11:01 . 2009-01-02 06:09 <DIR> d-------- c:\program files\SDistTest
2008-12-16 07:34 . 2008-12-16 07:34 <DIR> d-------- c:\program files\Safer Networking
2008-12-14 16:50 . 2008-12-30 18:37 131 --a------ c:\windows\CRC.INI
2008-12-10 10:00 . 2008-12-10 10:00 7,064 --a------ C:\screen shot safe mode task mng.png
2008-12-10 06:56 . 2008-12-10 06:56 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-09 18:24 . 2008-12-09 18:24 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\Malwarebytes
2008-12-09 18:24 . 2008-12-09 18:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-09 17:09 . 2008-12-09 17:09 <DIR> d-------- c:\documents and settings\tasha\Application Data\Comodo
2008-12-09 17:08 . 2009-01-03 10:00 <DIR> d-------- c:\documents and settings\tasha
2008-12-09 16:19 . 2008-12-09 16:19 <DIR> d-------- c:\documents and settings\justime8\Application Data\Comodo
2008-12-09 16:19 . 2009-01-03 10:00 <DIR> d-------- c:\documents and settings\justime8
2008-12-09 15:40 . 2008-12-09 15:39 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-09 15:39 . 2008-12-09 15:39 <DIR> d-------- c:\program files\Java
2008-12-09 15:12 . 2008-12-09 15:13 <DIR> d-------- c:\program files\MSECACHE
2008-12-08 11:24 . 2008-12-30 18:52 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-08 11:24 . 2009-01-03 10:15 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\SUPERAntiSpyware.com
2008-12-08 11:24 . 2008-12-08 11:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-07 20:44 . 2008-10-24 02:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-07 20:34 . 2008-09-04 08:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-12-07 20:33 . 2008-10-15 07:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-12-07 20:31 . 2008-09-08 01:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-12-07 20:30 . 2008-08-14 01:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-07 20:30 . 2008-08-14 01:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-07 20:30 . 2008-08-14 00:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-07 20:30 . 2008-08-14 00:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-07 20:27 . 2008-08-14 01:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-12-07 20:26 . 2008-09-15 03:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-12-07 19:55 . 2008-05-01 05:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-12-07 19:52 . 2008-04-11 10:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-12-07 19:50 . 2008-06-13 02:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-07 19:50 . 2008-05-08 05:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-12-07 19:33 . 2008-12-07 19:33 13,588 --a------ c:\windows\system32\wpa.bak
2008-12-07 19:33 . 2008-12-07 19:33 4,444 --a------ c:\windows\system32\pid.PNF
2008-12-07 19:19 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2008-12-07 19:19 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2008-12-07 19:19 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-12-07 19:19 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-07 19:19 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2008-12-05 13:41 . 2008-12-06 23:07 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-05 13:41 . 2008-12-06 23:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 04:31 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 04:28 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-15 01:47 --------- d-----w c:\program files\Comodo
2008-12-10 00:39 410,976 ----a-w c:\windows\system32\deploytk.dll
2008-11-18 20:05 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-18 20:04 --------- d-----w c:\program files\Common Files\Adobe
2008-11-10 18:48 --------- d-----w c:\program files\Intel
2008-11-09 22:41 15,600 ----a-w c:\windows\system32\drivers\???????
2008-11-09 08:16 --------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers Headquarters
2008-11-09 08:14 --------- d-----w c:\program files\PC Drivers HeadQuarters
2008-11-09 01:07 --------- d-----w c:\documents and settings\j&8pHtwaqs-\Application Data\Talkback
2008-11-09 00:57 --------- d-----w c:\documents and settings\j&8pHtwaqs-\Application Data\Comodo
2008-11-09 00:57 --------- d-----w c:\documents and settings\All Users\Application Data\Comodo
2008-11-09 00:18 --------- d-----w c:\program files\AVG
2008-11-09 00:08 --------- d-----w c:\program files\Analog Devices
2008-11-08 23:31 --------- d-----w c:\program files\microsoft frontpage
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 23:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 23:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 23:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 23:12 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 23:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 23:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 23:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 01:00 666,112 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\CPF.exe" [2008-11-08 1115728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R4 SDisTestService;SpybotSnD Distributed Testing;c:\program files\SDistTest\SDistTestSvc.exe [2008-12-23 907680]
S3 PORTMON;PORTMON;\??\c:\documents and settings\j&8pHtwaqs-\Desktop\PORTMSYS.SYS --> c:\documents and settings\j&8pHtwaqs-\Desktop\PORTMSYS.SYS [?]
S3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;c:\windows\system32\drivers\SMC1211.sys [2001-07-11 23153]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\documents and settings\j&8pHtwaqs-\Application Data\Mozilla\Firefox\Profiles\9nc205ba.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-03 10:28:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-01-03 10:29:03
ComboFix-quarantined-files.txt 2009-01-03 19:28:59
ComboFix2.txt 2009-01-03 19:21:20
ComboFix3.txt 2009-01-03 19:14:12
Pre-Run: 12,695,638,016 bytes free
Post-Run: 12,683,583,488 bytes free
146 --- E O F --- 2008-12-31 02:22:58
ComboFix 09-01-02.01 - j&8pHtwaqs- 2009-01-03 10:19:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.713 [GMT -9:00]
Running from: c:\documents and settings\j&8pHtwaqs-\Desktop\ComboFix.exe
FW: COMODO Firewall Pro *enabled*
.
((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 )))))))))))))))))))))))))))))))
.
2009-01-03 10:00 . 2009-01-03 10:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2009-01-03 09:35 . 2009-01-03 09:37 <DIR> d-------- c:\program files\New Folder
2009-01-01 19:29 . 2009-01-01 19:29 <DIR> d-------- c:\program files\Activision
2009-01-01 19:29 . 2009-01-01 19:29 <DIR> d-------- C:\help
2008-12-30 16:53 . 2008-12-30 16:53 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\Windows Search
2008-12-30 15:50 . 2008-12-30 15:50 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\Windows Desktop Search
2008-12-30 15:49 . 2008-12-30 15:49 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-12-30 15:49 . 2008-12-30 15:49 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-12-30 15:49 . 2008-12-30 15:50 <DIR> d-------- c:\program files\Windows Desktop Search
2008-12-30 15:49 . 2008-03-07 08:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2008-12-30 15:49 . 2008-03-07 08:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2008-12-30 15:49 . 2008-03-07 08:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2008-12-30 15:47 . 2008-12-30 15:47 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-30 15:47 . 2008-12-30 15:48 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-12-30 15:00 . 2008-12-30 15:00 <DIR> d-------- c:\windows\system32\URTTEMP
2008-12-23 11:01 . 2009-01-02 06:09 <DIR> d-------- c:\program files\SDistTest
2008-12-16 07:34 . 2008-12-16 07:34 <DIR> d-------- c:\program files\Safer Networking
2008-12-14 16:50 . 2008-12-30 18:37 131 --a------ c:\windows\CRC.INI
2008-12-10 10:00 . 2008-12-10 10:00 7,064 --a------ C:\screen shot safe mode task mng.png
2008-12-10 06:56 . 2008-12-10 06:56 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-09 18:24 . 2008-12-09 18:24 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\Malwarebytes
2008-12-09 18:24 . 2008-12-09 18:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-09 17:09 . 2008-12-09 17:09 <DIR> d-------- c:\documents and settings\tasha\Application Data\Comodo
2008-12-09 17:08 . 2009-01-03 10:00 <DIR> d-------- c:\documents and settings\tasha
2008-12-09 16:19 . 2008-12-09 16:19 <DIR> d-------- c:\documents and settings\justime8\Application Data\Comodo
2008-12-09 16:19 . 2009-01-03 10:00 <DIR> d-------- c:\documents and settings\justime8
2008-12-09 15:40 . 2008-12-09 15:39 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-09 15:39 . 2008-12-09 15:39 <DIR> d-------- c:\program files\Java
2008-12-09 15:12 . 2008-12-09 15:13 <DIR> d-------- c:\program files\MSECACHE
2008-12-08 11:24 . 2008-12-30 18:52 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-08 11:24 . 2009-01-03 10:15 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\SUPERAntiSpyware.com
2008-12-08 11:24 . 2008-12-08 11:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-07 20:44 . 2008-10-24 02:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-07 20:34 . 2008-09-04 08:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-12-07 20:33 . 2008-10-15 07:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-12-07 20:31 . 2008-09-08 01:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-12-07 20:30 . 2008-08-14 01:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-07 20:30 . 2008-08-14 01:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-07 20:30 . 2008-08-14 00:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-07 20:30 . 2008-08-14 00:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-07 20:27 . 2008-08-14 01:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-12-07 20:26 . 2008-09-15 03:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-12-07 19:55 . 2008-05-01 05:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-12-07 19:52 . 2008-04-11 10:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-12-07 19:50 . 2008-06-13 02:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-07 19:50 . 2008-05-08 05:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-12-07 19:33 . 2008-12-07 19:33 13,588 --a------ c:\windows\system32\wpa.bak
2008-12-07 19:33 . 2008-12-07 19:33 4,444 --a------ c:\windows\system32\pid.PNF
2008-12-07 19:19 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2008-12-07 19:19 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2008-12-07 19:19 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-12-07 19:19 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-07 19:19 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2008-12-05 13:41 . 2008-12-06 23:07 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-05 13:41 . 2008-12-06 23:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 04:31 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 04:28 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-15 01:47 --------- d-----w c:\program files\Comodo
2008-12-10 00:39 410,976 ----a-w c:\windows\system32\deploytk.dll
2008-11-18 20:05 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-18 20:04 --------- d-----w c:\program files\Common Files\Adobe
2008-11-10 18:48 --------- d-----w c:\program files\Intel
2008-11-09 22:41 15,600 ----a-w c:\windows\system32\drivers\???????
2008-11-09 08:16 --------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers Headquarters
2008-11-09 08:14 --------- d-----w c:\program files\PC Drivers HeadQuarters
2008-11-09 01:07 --------- d-----w c:\documents and settings\j&8pHtwaqs-\Application Data\Talkback
2008-11-09 00:57 --------- d-----w c:\documents and settings\j&8pHtwaqs-\Application Data\Comodo
2008-11-09 00:57 --------- d-----w c:\documents and settings\All Users\Application Data\Comodo
2008-11-09 00:18 --------- d-----w c:\program files\AVG
2008-11-09 00:08 --------- d-----w c:\program files\Analog Devices
2008-11-08 23:31 --------- d-----w c:\program files\microsoft frontpage
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 23:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 23:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 23:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 23:12 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 23:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 23:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 23:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 01:00 666,112 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\CPF.exe" [2008-11-08 1115728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R4 SDisTestService;SpybotSnD Distributed Testing;c:\program files\SDistTest\SDistTestSvc.exe [2008-12-23 907680]
S3 PORTMON;PORTMON;\??\c:\documents and settings\j&8pHtwaqs-\Desktop\PORTMSYS.SYS --> c:\documents and settings\j&8pHtwaqs-\Desktop\PORTMSYS.SYS [?]
S3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;c:\windows\system32\drivers\SMC1211.sys [2001-07-11 23153]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\documents and settings\j&8pHtwaqs-\Application Data\Mozilla\Firefox\Profiles\9nc205ba.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-03 10:20:32
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(668)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2009-01-03 10:21:18
ComboFix-quarantined-files.txt 2009-01-03 19:21:15
ComboFix2.txt 2009-01-03 19:14:12
Pre-Run: 12,694,650,880 bytes free
Post-Run: 12,685,582,336 bytes free
153 --- E O F --- 2008-12-31 02:22:58
ComboFix 09-01-02.01 - j&8pHtwaqs- 2009-01-03 10:11:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.732 [GMT -9:00]
Running from: c:\documents and settings\j&8pHtwaqs-\Desktop\ComboFix.exe
FW: COMODO Firewall Pro *enabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\msssc.dll
.
((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 )))))))))))))))))))))))))))))))
.
2009-01-03 10:00 . 2009-01-03 10:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2009-01-03 09:35 . 2009-01-03 09:37 <DIR> d-------- c:\program files\New Folder
2009-01-01 19:29 . 2009-01-01 19:29 <DIR> d-------- c:\program files\Activision
2009-01-01 19:29 . 2009-01-01 19:29 <DIR> d-------- C:\help
2008-12-30 16:53 . 2008-12-30 16:53 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\Windows Search
2008-12-30 15:50 . 2008-12-30 15:50 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\Windows Desktop Search
2008-12-30 15:49 . 2008-12-30 15:49 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-12-30 15:49 . 2008-12-30 15:49 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-12-30 15:49 . 2008-12-30 15:50 <DIR> d-------- c:\program files\Windows Desktop Search
2008-12-30 15:49 . 2008-03-07 08:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2008-12-30 15:49 . 2008-03-07 08:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2008-12-30 15:49 . 2008-03-07 08:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2008-12-30 15:47 . 2008-12-30 15:47 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-30 15:47 . 2008-12-30 15:48 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-12-30 15:00 . 2008-12-30 15:00 <DIR> d-------- c:\windows\system32\URTTEMP
2008-12-23 11:01 . 2009-01-02 06:09 <DIR> d-------- c:\program files\SDistTest
2008-12-16 07:34 . 2008-12-16 07:34 <DIR> d-------- c:\program files\Safer Networking
2008-12-14 16:50 . 2008-12-30 18:37 131 --a------ c:\windows\CRC.INI
2008-12-10 10:00 . 2008-12-10 10:00 7,064 --a------ C:\screen shot safe mode task mng.png
2008-12-10 06:56 . 2008-12-10 06:56 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-09 18:24 . 2008-12-09 18:24 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\Malwarebytes
2008-12-09 18:24 . 2008-12-09 18:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-09 17:09 . 2008-12-09 17:09 <DIR> d-------- c:\documents and settings\tasha\Application Data\Comodo
2008-12-09 17:08 . 2009-01-03 10:00 <DIR> d-------- c:\documents and settings\tasha
2008-12-09 16:19 . 2008-12-09 16:19 <DIR> d-------- c:\documents and settings\justime8\Application Data\Comodo
2008-12-09 16:19 . 2009-01-03 10:00 <DIR> d-------- c:\documents and settings\justime8
2008-12-09 15:40 . 2008-12-09 15:39 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-09 15:39 . 2008-12-09 15:39 <DIR> d-------- c:\program files\Java
2008-12-09 15:12 . 2008-12-09 15:13 <DIR> d-------- c:\program files\MSECACHE
2008-12-08 11:24 . 2008-12-30 18:52 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-08 11:24 . 2008-12-08 11:24 <DIR> d-------- c:\documents and settings\j&8pHtwaqs-\Application Data\SUPERAntiSpyware.com
2008-12-08 11:24 . 2008-12-08 11:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-08 11:22 . 2008-12-08 11:22 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-07 20:44 . 2008-10-24 02:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-07 20:34 . 2008-09-04 08:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-12-07 20:33 . 2008-10-15 07:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-12-07 20:31 . 2008-09-08 01:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-12-07 20:30 . 2008-08-14 01:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-07 20:30 . 2008-08-14 01:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-07 20:30 . 2008-08-14 00:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-07 20:30 . 2008-08-14 00:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-07 20:27 . 2008-08-14 01:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-12-07 20:26 . 2008-09-15 03:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-12-07 19:55 . 2008-05-01 05:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-12-07 19:52 . 2008-04-11 10:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-12-07 19:50 . 2008-06-13 02:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-07 19:50 . 2008-05-08 05:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-12-07 19:33 . 2008-12-07 19:33 13,588 --a------ c:\windows\system32\wpa.bak
2008-12-07 19:33 . 2008-12-07 19:33 4,444 --a------ c:\windows\system32\pid.PNF
2008-12-07 19:19 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2008-12-07 19:19 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2008-12-07 19:19 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-12-07 19:19 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-07 19:19 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2008-12-05 13:41 . 2008-12-06 23:07 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-05 13:41 . 2008-12-06 23:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 04:31 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 04:28 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-15 01:47 --------- d-----w c:\program files\Comodo
2008-12-10 00:39 410,976 ----a-w c:\windows\system32\deploytk.dll
2008-11-18 20:05 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-18 20:04 --------- d-----w c:\program files\Common Files\Adobe
2008-11-10 18:48 --------- d-----w c:\program files\Intel
2008-11-09 22:41 15,600 ----a-w c:\windows\system32\drivers\???????
2008-11-09 08:16 --------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers Headquarters
2008-11-09 08:14 --------- d-----w c:\program files\PC Drivers HeadQuarters
2008-11-09 01:07 --------- d-----w c:\documents and settings\j&8pHtwaqs-\Application Data\Talkback
2008-11-09 00:57 --------- d-----w c:\documents and settings\j&8pHtwaqs-\Application Data\Comodo
2008-11-09 00:57 --------- d-----w c:\documents and settings\All Users\Application Data\Comodo
2008-11-09 00:18 --------- d-----w c:\program files\AVG
2008-11-09 00:08 --------- d-----w c:\program files\Analog Devices
2008-11-08 23:31 --------- d-----w c:\program files\microsoft frontpage
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 23:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 23:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 23:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 23:12 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 23:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 23:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 23:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 01:00 666,112 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\CPF.exe" [2008-11-08 1115728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-30 18:52 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-11-17 55024]
R4 SDisTestService;SpybotSnD Distributed Testing;c:\program files\SDistTest\SDistTestSvc.exe [2008-12-23 907680]
S3 PORTMON;PORTMON;\??\c:\documents and settings\j&8pHtwaqs-\Desktop\PORTMSYS.SYS --> c:\documents and settings\j&8pHtwaqs-\Desktop\PORTMSYS.SYS [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;c:\windows\system32\drivers\SMC1211.sys [2001-07-11 23153]
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\documents and settings\j&8pHtwaqs-\Application Data\Mozilla\Firefox\Profiles\9nc205ba.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-03 10:13:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(668)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2009-01-03 10:14:11
ComboFix-quarantined-files.txt 2009-01-03 19:14:07
Pre-Run: 12,682,387,456 bytes free
Post-Run: 12,675,891,200 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
168 --- E O F --- 2008-12-31 02:22:58