This is the report from both SDFix and ComboFix.



SDFix: Version 1.240
Run by HP_Owner on Tue 06/23/2009 at 12:54 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Documents and Settings\HP_Owner\Desktop\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\ORUN32.EXE - Deleted
C:\WINDOWS\REGSVR.EXE - Deleted
C:\WINDOWS\system32\regsvr.exe - Deleted
C:\WINDOWS\system32\setting.ini - Deleted



Folder C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-23 13:01:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:89,00,f9,2d,4e,68,65,e2,6a,c3,48,4f,11,b6,e9,bc,d7,1b,1f,bc,54,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:89,00,f9,2d,4e,68,65,e2,6a,c3,48,4f,11,b6,e9,bc,d7,1b,1f,bc,54,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:89,00,f9,2d,4e,68,65,e2,6a,c3,48,4f,11,b6,e9,bc,d7,1b,1f,bc,54,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000144

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"K:\\Veoh\\VeohClient.exe"="K:\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :


File Backups: - C:\DOCUME~1\HP_Owner\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 11 Dec 2007 196 A.SHR --- "C:\BOOT.BAK"
Sat 12 Apr 2008 24 ..SH. --- "C:\WINDOWS\SFEE6DEAF.tmp"
Mon 13 Oct 2008 744,449 A.SHR --- "C:\WINDOWS\system32\svchost .exe"
Sun 23 Nov 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 11 Jan 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!



ComboFix 09-06-22.08 - HP_Owner 06/23/2009 18:16.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.1012 [GMT 8:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Personal Firewall *disabled* {825036E0-9F94-4752-8789-8B92454AF49B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\_desktop.ini
c:\hp\_desktop.ini
c:\hp\patches\_desktop.ini
c:\hp\patches\44WW1WHQ\_desktop.ini
c:\hp\patches\44WW4PCA\_desktop.ini
c:\windows\I386\_desktop.ini
c:\windows\I386\ASMS\_desktop.ini
c:\windows\I386\ASMS\1\_desktop.ini
c:\windows\I386\ASMS\1\DEFAULT\_desktop.ini
c:\windows\I386\ASMS\10\_desktop.ini
c:\windows\I386\ASMS\10\MSFT\_desktop.ini
c:\windows\I386\ASMS\10\POLICY\_desktop.ini
c:\windows\I386\ASMS\10\POLICY\MSFT\_desktop.ini
c:\windows\I386\ASMS\1000\_desktop.ini
c:\windows\I386\ASMS\1000\MSFT\_desktop.ini
c:\windows\I386\ASMS\2\_desktop.ini
c:\windows\I386\ASMS\2\DEFAULT\_desktop.ini
c:\windows\I386\ASMS\5100\_desktop.ini
c:\windows\I386\ASMS\5100\MSFT\_desktop.ini
c:\windows\I386\ASMS\52\_desktop.ini
c:\windows\I386\ASMS\52\MSFT\_desktop.ini
c:\windows\I386\ASMS\52\POLICY\_desktop.ini
c:\windows\I386\ASMS\52\POLICY\MSFT\_desktop.ini
c:\windows\I386\ASMS\60\_desktop.ini
c:\windows\I386\ASMS\60\MSFT\_desktop.ini
c:\windows\I386\ASMS\60\POLICY\_desktop.ini
c:\windows\I386\ASMS\60\POLICY\60\_desktop.ini
c:\windows\I386\ASMS\60\POLICY\60\COMCTL\_desktop.ini
c:\windows\I386\ASMS\6000\_desktop.ini
c:\windows\I386\ASMS\6000\MSFT\_desktop.ini
c:\windows\I386\ASMS\6000\MSFT\VCRTL\_desktop.ini
c:\windows\I386\ASMS\70\_desktop.ini
c:\windows\I386\ASMS\70\MSFT\_desktop.ini
c:\windows\I386\ASMS\70\POLICY\_desktop.ini
c:\windows\I386\ASMS\70\POLICY\MSFT\_desktop.ini
c:\windows\I386\ASMS\70\POLICY\MSFT\MSWINCRT\_desktop.ini
c:\windows\I386\ASMS\7000\_desktop.ini
c:\windows\I386\ASMS\7000\MSFT\_desktop.ini
c:\windows\I386\COMPDATA\_desktop.ini
c:\windows\I386\DRW\_desktop.ini
c:\windows\I386\DRW\1033\_desktop.ini
c:\windows\I386\LANG\_desktop.ini
c:\windows\I386\WINNTUPG\_desktop.ini
c:\windows\I386\WINNTUPG\ENTINF\_desktop.ini
c:\windows\I386\WINNTUPG\MS\_desktop.ini
c:\windows\I386\WINNTUPG\MS\MODEMSHR\_desktop.ini
c:\windows\I386\WINNTUPG\MS\SNA\_desktop.ini
c:\windows\I386\WINNTUPG\OEM\_desktop.ini
c:\windows\I386\WINNTUPG\OEM\DIGI\_desktop.ini
c:\windows\I386\WINNTUPG\OEM\DIGI\ASYNC\_desktop.ini
c:\windows\I386\WINNTUPG\OEM\DIGI\ISDN\_desktop.ini
c:\windows\I386\WINNTUPG\OEM\DIGI\ISDN\BRI\_desktop.ini
c:\windows\I386\WINNTUPG\OEM\DIGI\ISDN\PRI\_desktop.ini
c:\windows\I386\WINNTUPG\OEM\DIGI\REALPORT\_desktop.ini
c:\windows\I386\WINNTUPG\OEM\EICON\_desktop.ini
c:\windows\I386\WINNTUPG\OEM\EQN\_desktop.ini
c:\windows\I386\WINNTUPG\OEM\SPX\_desktop.ini
c:\windows\I386\WINNTUPG\OEM\SPX\MPS\_desktop.ini
c:\windows\I386\WINNTUPG\OEM\TIGERJET\_desktop.ini
c:\windows\I386\WINNTUPG\PERINF\_desktop.ini
c:\windows\I386\WINNTUPG\SRVINF\_desktop.ini
c:\windows\SMINST\Apps\dta\_desktop.ini
c:\windows\SMINST\drv\dta\_desktop.ini
.
---- Previous Run -------
.
c:\windows\system32\28463
c:\windows\system32\28463\svchost.001
c:\windows\system32\28463\svchost.exe
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\setup.ini
c:\windows\system32\svchost .exe
D:\Desktop.ini

.
((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-06-23 )))))))))))))))))))))))))))))))
.

2009-06-23 04:53 . 2009-06-23 04:53 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-06-23 04:50 . 2009-06-23 04:51 -------- d-----w- c:\windows\ERUNT
2009-06-19 17:55 . 2009-06-19 17:55 -------- d-----w- c:\windows\system32\Adobe
2009-06-17 14:42 . 2009-06-17 14:43 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-15 11:20 . 2009-06-15 11:20 -------- d-----w- c:\program files\Trend Micro
2009-06-15 10:57 . 2008-11-05 02:14 1048576 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\esxph3lk.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
2009-06-15 10:57 . 2008-07-30 11:32 43008 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\esxph3lk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
2009-06-15 10:57 . 2008-07-30 11:32 43008 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\esxph3lk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-06-15 10:57 . 2008-07-30 11:32 245248 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\esxph3lk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll
2009-06-15 10:57 . 2008-07-30 11:32 243200 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\esxph3lk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll
2009-06-15 10:57 . 2008-07-30 11:32 239616 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\esxph3lk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-06-15 10:57 . 2008-07-30 11:32 233984 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\esxph3lk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-06-15 10:54 . 2009-06-15 10:54 -------- d-sh--w- c:\documents and settings\HP_Owner\IECompatCache
2009-06-13 11:29 . 2009-06-13 11:29 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\HP
2009-06-10 20:20 . 2009-06-10 20:20 -------- d-sh--w- c:\documents and settings\HP_Owner\PrivacIE
2009-06-10 20:13 . 2009-06-10 20:13 -------- d-sh--w- c:\documents and settings\HP_Owner\IETldCache
2009-06-10 20:04 . 2009-04-29 04:55 78336 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2009-06-10 20:04 . 2009-04-29 04:55 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-09 17:40 . 2009-06-09 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\MotiveSysIDs
2009-06-09 15:12 . 2009-06-09 15:12 -------- d-----w- c:\windows\Motive
2009-06-09 15:11 . 2009-06-09 15:11 -------- d-----w- c:\program files\Motive
2009-06-09 15:11 . 2009-06-09 15:15 -------- d-----w- c:\program files\SmartFix
2009-06-09 13:24 . 2003-02-28 10:26 46352 ----a-w- c:\windows\setdebug.exe
2009-06-09 13:24 . 2003-02-28 10:26 171280 ----a-w- c:\windows\system32\jit.dll
2009-06-09 13:24 . 2003-02-28 10:26 139536 ----a-w- c:\windows\system32\javaee.dll
2009-06-09 13:24 . 2003-02-28 08:35 6550 ----a-w- c:\windows\jautoexp.dat
2009-06-09 13:24 . 2003-02-28 08:34 313856 ----a-w- c:\windows\system32\dx3j.dll
2009-05-31 04:11 . 2008-03-21 05:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-05-31 04:01 . 2009-03-19 05:48 136704 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2009-05-31 04:01 . 2009-03-19 05:48 8320 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2009-05-31 04:00 . 2009-02-08 23:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-05-31 04:00 . 2009-02-08 23:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-05-31 04:00 . 2009-02-08 23:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-05-31 04:00 . 2009-02-08 23:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-05-31 04:00 . 2009-02-08 23:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-05-31 04:00 . 2009-02-08 23:32 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-05-31 03:59 . 2009-05-31 03:58 24376008 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_1.6.13EN.exe
2009-05-31 03:59 . 2009-05-31 03:59 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep.exe
2009-05-31 03:59 . 2009-05-31 03:59 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6Exec.exe
2009-05-31 03:59 . 2009-05-31 03:59 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredistExec.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 09:14 . 2007-12-19 16:43 -------- d-----w- c:\program files\BitComet
2009-06-23 04:29 . 2008-05-30 15:16 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-19 17:55 . 2004-08-27 12:09 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-17 14:44 . 2007-12-23 17:09 -------- d-----w- c:\program files\DivX
2009-06-14 06:50 . 2004-08-27 12:09 -------- d-----w- c:\program files\Norton AntiVirus
2009-06-13 11:29 . 2007-12-10 18:32 131 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\fusioncache.dat
2009-06-09 15:15 . 2004-08-26 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-06-09 15:11 . 2009-06-09 13:23 -------- d-----w- c:\program files\Common Files\Motive
2009-06-09 13:24 . 2009-06-09 13:24 2232 ----a-w- c:\windows\java\Packages\Data\NFTJ1ZNT.DAT
2009-06-09 13:24 . 2009-06-09 13:24 155995 ----a-w- c:\windows\java\Packages\82MZFV17.ZIP
2009-06-09 13:24 . 2009-06-09 13:24 2678 ----a-w- c:\windows\java\Packages\Data\GPJ93FHV.DAT
2009-06-09 13:24 . 2009-06-09 13:24 2678 ----a-w- c:\windows\java\Packages\Data\NV3V9NLZ.DAT
2009-06-09 13:24 . 2009-06-09 13:24 2678 ----a-w- c:\windows\java\Packages\Data\R7PVPJ9F.DAT
2009-06-09 13:24 . 2009-06-09 13:24 2678 ----a-w- c:\windows\java\Packages\Data\OTZZ9N1J.DAT
2009-06-09 13:24 . 2009-06-09 13:24 2678 ----a-w- c:\windows\java\Packages\Data\ILZ9RVNJ.DAT
2009-05-31 17:02 . 2009-05-11 15:56 368224 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-31 04:27 . 2009-05-11 15:58 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Autodesk
2009-05-31 04:27 . 2009-05-11 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-05-31 04:11 . 2009-05-31 04:11 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-05-31 04:11 . 2009-05-31 04:11 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-05-31 04:01 . 2007-12-11 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-05-31 04:00 . 2007-12-11 13:42 -------- d-----w- c:\program files\Nokia
2009-05-31 03:59 . 2008-02-05 16:14 -------- d-----w- c:\program files\Common Files\Nokia
2009-05-11 16:19 . 2009-05-11 16:19 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\codeblocks
2009-05-11 16:19 . 2009-05-11 16:19 -------- d-----w- c:\program files\CodeBlocks
2009-05-11 16:02 . 2007-12-10 18:44 90992 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-11 16:00 . 2009-05-11 15:58 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-05-11 16:00 . 2009-05-11 15:58 -------- d-----w- c:\program files\AutoCAD 2009
2009-05-11 15:56 . 2009-05-11 15:56 -------- d-----w- c:\program files\MSBuild
2009-05-11 15:52 . 2009-05-11 15:52 -------- d-----w- c:\program files\Reference Assemblies
2009-05-07 15:32 . 2004-09-13 22:11 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-29 04:56 . 2004-09-13 22:13 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-17 12:26 . 2004-09-13 22:13 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-09-13 22:12 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2008-04-20 16:24 . 2007-12-23 17:29 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-04-20 16:24 . 2007-12-23 17:29 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-20 16:24 . 2007-12-23 17:29 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-04-20 16:24 . 2007-12-23 17:29 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-04-20 16:24 . 2007-12-23 17:29 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-04-12 13:08 . 2008-04-12 13:04 24 --sh--w- c:\windows\SFEE6DEAF.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ares"="c:\program files\Ares\Ares.exe" [2007-02-14 969216]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 1481968]
"Veoh"="k:\veoh\VeohClient.exe" [2008-08-13 3660848]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-09 144784]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"Home Theater SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-07-30 155648]
"WINREMOTE"="c:\program files\InterVideo\Common\Bin\WinRemote.exe" [2004-07-30 192512]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2003-12-08 70776]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 339968]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2003-12-17 118784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-10 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-14 267048]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"singtelTrayApp"="c:\program files\SmartFix\bin\McciTrayApp.exe" [2008-05-22 933376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-07-01 73728]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-07-05 2550272]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-8-26 16423]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 04:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"k:\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14766:TCP"= 14766:TCP:BitComet 14766 TCP
"14766:UDP"= 14766:UDP:BitComet 14766 UDP

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/29/2008 4:03 PM 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 4:03 PM 51440]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [1/22/2008 11:54 PM 13352]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [5/31/2009 12:01 PM 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [5/31/2009 12:01 PM 8320]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 4096]
.
Contents of the 'Scheduled Tasks' folder

2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]

2009-06-19 c:\windows\Tasks\Norton AntiVirus - Scan my computer - HP_Owner.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-06-04 09:47]

2009-06-23 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-08-27 17:38]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-VTTimer - VTTimer.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = 127.0.0.1
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download with ImTOO YouTube Video Converter - c:\program files\ImTOO\YouTube Video Converter\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\esxph3lk.default\
FF - component: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\esxph3lk.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-23 18:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(236)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-06-23 18:26
ComboFix-quarantined-files.txt 2009-06-23 10:26

Pre-Run: 39,707,332,608 bytes free
Post-Run: 40,151,367,680 bytes free

298 --- E O F --- 2009-06-16 19:01