ComboFix 09-09-07.03 - Garrett 09/07/2009 22:26.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1582 [GMT -7:00]
Running from: c:\documents and settings\Garrett\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090907-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Garrett\Application Data\inst.exe
c:\program files\INSTALL.LOG
c:\program files\SGPSA
c:\program files\SGPSA\BHO.dll
c:\program files\Windows Police Pro
c:\program files\Windows Police Pro\msvcm80.dll
c:\program files\Windows Police Pro\msvcp80.dll
c:\program files\Windows Police Pro\msvcr80.dll
c:\program files\Windows Police Pro\tmp\dbsinit.exe
c:\program files\Windows Police Pro\tmp\images\i1.gif
c:\program files\Windows Police Pro\tmp\images\i2.gif
c:\program files\Windows Police Pro\tmp\images\i3.gif
c:\program files\Windows Police Pro\tmp\images\j1.gif
c:\program files\Windows Police Pro\tmp\images\j2.gif
c:\program files\Windows Police Pro\tmp\images\j3.gif
c:\program files\Windows Police Pro\tmp\images\jj1.gif
c:\program files\Windows Police Pro\tmp\images\jj2.gif
c:\program files\Windows Police Pro\tmp\images\jj3.gif
c:\program files\Windows Police Pro\tmp\images\l1.gif
c:\program files\Windows Police Pro\tmp\images\l2.gif
c:\program files\Windows Police Pro\tmp\images\l3.gif
c:\program files\Windows Police Pro\tmp\images\pix.gif
c:\program files\Windows Police Pro\tmp\images\t1.gif
c:\program files\Windows Police Pro\tmp\images\t2.gif
c:\program files\Windows Police Pro\tmp\images\up1.gif
c:\program files\Windows Police Pro\tmp\images\up2.gif
c:\program files\Windows Police Pro\tmp\images\w1.gif
c:\program files\Windows Police Pro\tmp\images\w11.gif
c:\program files\Windows Police Pro\tmp\images\w2.gif
c:\program files\Windows Police Pro\tmp\images\w3.gif
c:\program files\Windows Police Pro\tmp\images\w3.jpg
c:\program files\Windows Police Pro\tmp\images\wt1.gif
c:\program files\Windows Police Pro\tmp\images\wt2.gif
c:\program files\Windows Police Pro\tmp\images\wt3.gif
c:\program files\Windows Police Pro\tmp\wispex.html
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\ppp3.dat
c:\windows\ppp4.dat
c:\windows\system32\18467.exe
c:\windows\system32\26500.exe
c:\windows\system32\41.exe
c:\windows\system32\6334.exe
c:\windows\system32\bennuar.old
c:\windows\system32\bincd32.dat
c:\windows\system32\config\systemprofile\Desktop\Advanced Virus Remover.lnk
c:\windows\system32\config\systemprofile\Start Menu\Advanced Virus Remover.lnk
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\ovfsthgvcttqsilqbfgymjfeykkmkyfxltueyg.dat
c:\windows\system32\ovfsthhlxxxrnldwwfwfswaodlkaviwulebiny.dat
c:\windows\system32\rotscxlporukub.dat
c:\windows\system32\rotscxnqatuvnw.dll
c:\windows\system32\rotscxsqapqfhv.dat
c:\windows\system32\rotscxylaoirkt.dll
c:\windows\system32\sonhelp.htm
c:\windows\system32\sysnet.dat
c:\windows\system32\UACxfsktnsbiq.dat
c:\windows\system32\winitn.dll
c:\windows\system32\wispex.html
c:\windows\tidosr.dll
Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\system32\logevent.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ovfsthuapbbmnytwwnrcqftcnqspikvubbdrme
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Service_ovfsthuapbbmnytwwnrcqftcnqspikvubbdrme
((((((((((((((((((((((((( Files Created from 2009-08-08 to 2009-09-08 )))))))))))))))))))))))))))))))
.
2009-09-08 04:14 . 2009-09-08 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-08 04:14 . 2009-09-08 05:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-08 04:14 . 2009-09-08 04:14 -------- d-----w- c:\documents and settings\Garrett\Application Data\SUPERAntiSpyware.com
2009-09-08 04:13 . 2009-09-08 04:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-08 03:47 . 2009-09-08 03:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Spyware Terminator
2009-09-08 03:46 . 2009-09-08 03:46 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-08 03:29 . 2009-09-08 03:29 -------- d-----w- c:\program files\Trend Micro
2009-09-08 03:19 . 2009-09-08 03:21 -------- d-----w- c:\windows\BDOSCAN8
2009-09-08 03:06 . 2009-09-08 05:26 -------- d--h--w- c:\windows\PIF
2009-09-08 03:01 . 2009-09-08 03:01 -------- d-----w- c:\documents and settings\Garrett\Application Data\Malwarebytes
2009-09-08 03:01 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 03:01 . 2009-09-08 03:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 03:01 . 2009-09-08 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-08 03:01 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 03:00 . 2009-09-08 03:00 -------- d-----w- c:\program files\ERUNT
2009-09-08 01:44 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-08 01:44 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-08 01:44 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-08 01:44 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-08 01:44 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-08 01:44 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-08 01:44 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-08 01:44 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-08 01:44 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-08 01:44 . 2009-09-08 01:44 -------- d-----w- c:\program files\Alwil Software
2009-09-08 00:41 . 2009-09-08 00:41 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-09-08 00:41 . 2009-09-08 04:00 -------- d-----w- c:\documents and settings\Garrett\Application Data\Spyware Terminator
2009-09-08 00:41 . 2009-09-08 04:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-09-08 00:41 . 2009-09-08 04:02 -------- d-----w- c:\program files\Spyware Terminator
2009-09-08 00:30 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-08 00:30 . 2009-09-08 00:30 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-08 00:29 . 2009-09-08 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-08 00:29 . 2009-09-08 00:29 -------- d-----w- c:\program files\Lavasoft
2009-09-08 00:20 . 2009-09-08 00:20 -------- d-----w- c:\program files\SpywareBlaster
2009-09-07 16:25 . 2009-04-03 17:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-07 16:25 . 2008-12-18 18:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-07 16:25 . 2008-12-10 18:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-07 16:25 . 2009-09-07 16:25 -------- d-----w- c:\documents and settings\Garrett\Application Data\PC Tools
2009-09-07 16:25 . 2009-09-07 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-07 15:56 . 2009-09-07 15:56 -------- d-----w- c:\program files\Advanced Spyware Remover
2009-09-07 15:48 . 2009-09-08 00:31 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-07 15:48 . 2009-09-07 16:30 -------- d-----w- c:\program files\Spyware Doctor
2009-09-07 15:48 . 2009-09-07 15:48 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\PC Tools
2009-09-07 12:44 . 2009-09-07 12:44 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-09-07 00:10 . 2009-09-08 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-07 00:10 . 2009-09-08 02:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-05 17:19 . 2009-09-07 00:49 -------- d--h--w- C:\$AVG8.VAULT$
2009-09-05 05:58 . 2009-09-05 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-09-05 05:57 . 2009-09-06 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-09-05 05:57 . 2009-09-05 05:57 -------- d-----w- c:\program files\Common Files\iS3
2009-09-05 05:52 . 2009-09-07 04:41 0 ----a-w- c:\documents and settings\Garrett\Local Settings\Application Data\prvlcl.dat
2009-09-05 05:11 . 2009-09-05 05:11 -------- d-sh--w- c:\documents and settings\Garrett\IECompatCache
2009-09-04 14:22 . 2009-09-04 14:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-04 14:12 . 2009-09-04 14:12 -------- d-----w- c:\program files\Common Files\Vbox
2009-08-29 17:51 . 2009-09-08 01:11 -------- d-----w- c:\program files\Common Files\Real
2009-08-29 17:44 . 2009-08-29 17:44 -------- d-----w- c:\program files\AVI MPEG WMV RM to MP3 Converter
2009-08-29 17:30 . 2009-08-29 17:30 90112 ----a-w- c:\windows\system32\agsaami.dll
2009-08-29 17:30 . 2009-08-29 17:30 610304 ----a-w- c:\windows\system32\agsaamg.dll
2009-08-29 17:30 . 2009-08-29 17:30 53760 ----a-w- c:\windows\system\ppacklib.dll
2009-08-29 17:30 . 2009-08-29 17:30 372736 ----a-w- c:\windows\system32\agsaamc.dll
2009-08-29 17:30 . 2009-08-29 17:30 2535424 ----a-w- c:\windows\system32\agsaamj.dll
2009-08-29 17:30 . 2009-08-29 17:30 1986560 ----a-w- c:\windows\system32\akll.dll
2009-08-29 17:30 . 2009-08-29 17:30 196608 ----a-w- c:\windows\system32\maag.dll
2009-08-29 17:30 . 2009-08-29 17:30 1245184 ----a-w- c:\windows\system32\bkll.dll
2009-08-29 17:30 . 2009-08-29 17:30 1212416 ----a-w- c:\windows\system32\ckll.dll
2009-08-29 17:30 . 2009-08-29 17:30 -------- d-----w- c:\windows\system32\RMBin
2009-08-29 17:30 . 1998-12-25 03:23 40960 ----a-w- c:\windows\system32\VBAME.DLL
2009-08-25 02:02 . 2009-08-25 02:02 -------- d-----w- c:\program files\Ulead Systems
2009-08-25 02:02 . 2009-08-25 02:02 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-08-22 02:10 . 2009-09-06 02:52 -------- d-----w- c:\documents and settings\Garrett\Application Data\uTorrent
2009-08-19 22:16 . 2009-08-19 22:16 -------- d-----w- c:\program files\WinAVI Video Converter 9.0
2009-08-19 22:16 . 2009-08-19 22:16 -------- d-----w- c:\windows\WinAVI Video Converter 9.0
2009-08-12 03:56 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-10 05:34 . 2009-08-10 05:34 -------- d-----w- c:\program files\Search Guard PlusU
2009-08-10 05:34 . 2009-08-10 05:34 -------- d-----w- c:\program files\Search Guard Plus
2009-08-10 05:33 . 2009-08-10 05:33 -------- d-----w- C:\users
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-08 05:32 . 2009-03-24 22:07 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-06 01:50 . 2009-02-17 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-06 00:23 . 2009-02-17 23:24 -------- d-----w- c:\program files\Yahoo!
2009-09-05 20:40 . 2009-02-17 23:27 -------- d-----w- c:\program files\Winamp
2009-09-05 06:18 . 2009-07-20 17:34 -------- d-----w- c:\program files\Free RM to MP3 Converter
2009-09-04 05:15 . 2009-07-10 05:19 -------- d-----w- c:\documents and settings\Garrett\Application Data\UseNeXT
2009-08-29 17:51 . 2009-04-22 05:06 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-08-29 17:51 . 2009-03-24 18:54 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-08-26 23:20 . 2009-07-19 21:35 -------- d-----w- c:\program files\Muziic
2009-08-26 16:34 . 2009-02-17 23:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-26 16:34 . 2009-02-17 23:11 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-26 16:34 . 2009-02-17 23:11 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-25 18:47 . 2009-03-06 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-08-25 02:03 . 2009-02-18 16:22 -------- d-----w- c:\program files\QuickTime
2009-08-25 02:02 . 2009-02-17 20:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-25 02:02 . 2009-02-18 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-08-20 17:12 . 2009-03-07 01:54 -------- d-----w- c:\program files\DVDRipNBurnPro
2009-08-14 13:58 . 2009-09-07 15:48 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-10 22:42 . 2009-02-18 03:30 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-10 16:36 . 2009-02-17 23:27 -------- d-----w- c:\documents and settings\Garrett\Application Data\Winamp
2009-08-07 23:41 . 2009-08-07 23:40 -------- d-----w- c:\program files\TagRename
2009-08-07 23:38 . 2009-08-07 23:36 -------- d-----w- c:\documents and settings\Garrett\Application Data\Mp3tag
2009-08-07 23:36 . 2009-08-07 23:36 -------- d-----w- c:\program files\Mp3tag
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-28 20:43 . 2009-07-28 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft
2009-07-28 19:05 . 2009-02-25 15:40 -------- d-----w- c:\program files\Common Files\supportsoft
2009-07-28 19:05 . 2009-07-28 18:54 -------- d-----w- c:\program files\Qwest
2009-07-28 18:54 . 2009-07-28 18:54 130 ----a-w- c:\documents and settings\Garrett\Local Settings\Application Data\fusioncache.dat
2009-07-28 18:53 . 2009-07-28 18:53 -------- d-----w- c:\program files\2Wire
2009-07-28 18:53 . 2009-07-28 18:53 -------- d-----w- c:\program files\Actiontec
2009-07-28 18:53 . 2009-07-28 18:53 -------- d-----w- c:\documents and settings\Garrett\Application Data\InstallShield
2009-07-20 21:57 . 2009-07-20 21:57 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-07-20 21:56 . 2009-07-20 21:56 311296 ----a-r- c:\windows\system32\SZBase5.dll
2009-07-20 21:56 . 2009-07-20 21:56 540672 ----a-r- c:\windows\system32\SZComp5.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 19:21 . 2004-08-04 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 22:52 . 2009-07-09 22:52 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll
2009-07-09 22:52 . 2009-07-09 22:52 393216 ----a-r- c:\windows\system32\IS3DBA5.dll
2009-07-09 22:51 . 2009-07-09 22:51 385024 ----a-r- c:\windows\system32\IS3UI5.dll
2009-07-09 22:51 . 2009-07-09 22:51 61440 ----a-r- c:\windows\system32\IS3Hks5.dll
2009-07-09 22:51 . 2009-07-09 22:51 23040 ----a-r- c:\windows\system32\IS3XDat5.dll
2009-07-09 22:50 . 2009-07-09 22:50 225280 ----a-r- c:\windows\system32\IS3Win325.dll
2009-07-09 22:50 . 2009-07-09 22:50 94208 ----a-r- c:\windows\system32\IS3Inet5.dll
2009-07-09 22:50 . 2009-07-09 22:50 90112 ----a-r- c:\windows\system32\IS3Svc5.dll
2009-07-09 22:47 . 2009-07-09 22:47 724992 ----a-r- c:\windows\system32\IS3Base5.dll
2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 16:19 . 2009-02-17 17:29 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-03-13 16:25 . 2009-03-13 16:25 523 ----a-w- c:\program files\Shortcut to Weight By Date Pro.lnk
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-05 4363504]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-09-08 3055616]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-04 1994480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-17 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-17 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-17 138008]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-26 2007832]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-07-25 413696]
"QuickCare"="c:\program files\Qwest\Quickcare\bin\sprtcmd.exe" [2008-11-06 202016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SGPUpdater"="c:\program files\Search Guard PlusU\sgpUpdaters.exe" [2009-05-15 67456]
"FBSearch"="c:\program files\Search Guard Plus\SearchGuardPlus.exe" [2009-05-04 194432]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-09-08 2171904]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-01-09 16859648]
c:\documents and settings\Garrett\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-1-14 525664]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-26 16:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Qwest\\QuickConnect\\QuickConnect.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15764:TCP"= 15764:TCP:BitComet 15764 TCP
"15764:UDP"= 15764:UDP:BitComet 15764 UDP
"1620:TCP"= 1620:TCP:1
"21525:TCP"= 21525:TCP:BitComet 21525 TCP
"21525:UDP"= 21525:UDP:BitComet 21525 UDP
"25339:TCP"= 25339:TCP:BitComet 25339 TCP
"25339:UDP"= 25339:UDP:BitComet 25339 UDP
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/7/2009 5:30 PM 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/7/2009 6:44 PM 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/17/2009 4:11 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/17/2009 4:11 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/4/2009 2:50 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 2:49 PM 74480]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [9/7/2009 5:41 PM 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/7/2009 6:44 PM 20560]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/24/2009 9:01 AM 297752]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/7/2009 9:25 AM 348752]
R2 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [5/12/2009 2:13 PM 61328]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [4/26/2009 2:46 PM 16896]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/24/2009 9:01 AM 908056]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 7:49 AM 1029456]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 2:50 PM 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-09-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
Toolbar-SITEguard - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
HKU-Default-Run-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
DPF: ActiveGS.cab - hxxp://activegs.freetoolsassociation.com/ActiveGS.cab
DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxps://ra.qwest.com/sdccommon/download/tgctlins.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-07 22:31
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SGPUpdater = c:\program files\Search Guard PlusU\sgpUpdaters.exe??o?="customxml_16" name="custombtn_16"/> ? ? 'winlogon.exe'(708)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(3312)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\progra~1\AUDIOS~1\AUDIOS~1.DLL
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wscntfy.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-09-08 22:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-08 05:36
Pre-Run: 394,871,623,680 bytes free
Post-Run: 394,836,434,944 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
d:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
432 --- E O F --- 2009-08-26 22:56