Combofix log:
ComboFix 11-08-24.04 - MJ 08/25/2011 6:55.16.4 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1695 [GMT 8:00]
Running from: c:\documents and settings\MJ\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\MJ\Desktop\cfscript4.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
FILE ::
"C:\bootQD.exe"
"c:\documents and settings\on1.exe"
"c:\documents and settings\onSetup.exe"
"c:\windows\system32\bootQD.exe"
"c:\windows\system32\hex1.exe"
"c:\windows\system32\on1.exe"
"c:\windows\system32\onSetup.exe"
"c:\windows\system32\winghost.exe"
"C:\xpQD.exe"
.
ADS - WINDOWS: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\bootQD.exe
c:\documents and settings\onSetup.exe
c:\windows\system32\hex123.exe
c:\windows\system32\onSetup.exe
c:\windows\system32\winghost.exe
c:\windows\system32\WS.exe
c:\windows\system32\xp1433.exe
c:\windows\system32\xpQD.exe
c:\windows\winsys.exe
C:\xpQD.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-24 to 2011-08-24 )))))))))))))))))))))))))))))))
.
.
2011-08-24 22:32 . 2011-08-24 22:32 499712 ----a-w- c:\documents and settings\onwinsys.exe
2011-08-24 22:32 . 2011-08-24 22:32 499712 ----a-w- c:\windows\system32\onwinsys.exe
2011-08-24 22:09 . 2011-08-24 22:10 -------- d-----w- c:\windows\system32\i1067
2011-08-24 22:05 . 2011-08-24 22:05 0 ----a-w- c:\documents and settings\hex123.exe
2011-08-24 22:05 . 2011-08-24 22:05 561152 ----a-w- c:\documents and settings\on123.exe
2011-08-24 21:41 . 2011-08-24 21:41 236032 ----a-w- C:\hex1433.exe
2011-08-24 21:40 . 2011-08-24 21:40 66 ----a-w- C:\xp1433.exe
2011-08-23 20:26 . 2011-08-23 20:26 119446862 ----a-w- C:\registrybackup.reg
2011-08-23 12:23 . 2011-08-23 12:23 -------- d-----w- c:\program files\Common Files\Java
2011-08-23 12:22 . 2011-08-23 12:22 -------- d-----w- c:\program files\Java
2011-08-23 11:38 . 2011-08-23 11:38 -------- d-----w- c:\documents and settings\MJ\Application Data\SUPERAntiSpyware.com
2011-08-23 11:37 . 2011-08-23 11:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-23 11:37 . 2011-08-23 11:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-08-23 08:36 . 2011-08-23 08:36 -------- d-----w- C:\_OTL
2011-08-23 03:13 . 2011-08-23 03:13 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2011-08-22 19:45 . 2011-08-22 19:45 -------- d-----w- c:\documents and settings\MJ\DoctorWeb
2011-08-22 18:53 . 2011-08-22 18:53 -------- d-----w- C:\VundoFix Backups
2011-08-22 18:07 . 2011-08-22 18:07 -------- d-----w- c:\documents and settings\MJ\Application Data\Malwarebytes
2011-08-22 18:07 . 2011-07-06 11:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-22 18:07 . 2011-08-22 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-22 18:06 . 2011-08-22 18:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-22 18:06 . 2011-07-06 11:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 12:50 . 2011-08-22 14:06 -------- d-----w- C:\Clipart
2011-08-22 12:50 . 2003-08-01 05:00 13359 ----a-w- c:\windows\system32\drivers\SYDEXFDD.SYS
2011-08-22 12:50 . 2001-01-19 07:21 28416 ----a-w- c:\windows\system32\drivers\WNTPPORT.SYS
2011-08-22 12:50 . 2000-05-03 09:26 244232 ----a-w- c:\windows\system32\MSFLXGRD.OCX
2011-08-22 12:50 . 1999-05-06 16:00 140288 ----a-w- c:\windows\system32\COMDLG32.OCX
2011-08-22 12:50 . 1998-10-29 08:58 20644 ----a-w- c:\windows\system32\EMTRANS.VXD
2011-08-22 12:50 . 1997-01-21 10:16 133392 ----a-w- c:\windows\system32\MSMAPI32.OCX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-23 12:22 . 2010-05-24 13:31 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-08-22 12:26 . 2010-05-13 09:24 81920 ----a-w- c:\windows\DUMP4dd1.tmp
2011-08-22 12:17 . 2010-05-13 09:24 81920 ----a-w- c:\windows\DUMP46bd.tmp
2011-07-05 16:36 . 2011-07-05 16:36 9216 ----a-r- c:\documents and settings\MJ\Application Data\Microsoft\Installer\{7426428E-71D4-452C-BA13-B14E5EB52859}\Icon7426428E16.exe
2011-08-18 06:01 . 2011-03-23 22:20 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-22_22.02.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-08-22 20:38 . 2011-08-22 20:38 16384 c:\windows\Temp\Perflib_Perfdata_684.dat
+ 2011-08-24 23:06 . 2011-08-24 23:06 16384 c:\windows\temp\Perflib_Perfdata_684.dat
+ 2011-08-24 23:06 . 2011-08-24 23:06 16384 c:\windows\temp\Perflib_Perfdata_630.dat
+ 2010-05-13 16:43 . 2011-08-23 13:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-13 16:43 . 2011-08-22 16:29 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-13 16:43 . 2011-08-23 13:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-05-13 16:43 . 2011-08-22 16:29 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-12-21 14:11 . 2010-12-21 14:11 157472 c:\windows\system32\javaws.exe
+ 2011-08-23 12:22 . 2011-08-23 12:22 157472 c:\windows\system32\javaws.exe
+ 2011-08-23 12:22 . 2011-08-23 12:22 145184 c:\windows\system32\javaw.exe
- 2010-12-21 14:11 . 2010-12-21 14:11 145184 c:\windows\system32\javaw.exe
+ 2011-08-23 12:22 . 2011-08-23 12:22 145184 c:\windows\system32\java.exe
- 2010-12-21 14:11 . 2010-12-21 14:11 145184 c:\windows\system32\java.exe
+ 2011-08-23 12:23 . 2011-08-23 12:23 203776 c:\windows\Installer\749179.msi
+ 2011-08-23 12:22 . 2011-08-23 12:22 902656 c:\windows\Installer\749171.msi
+ 2004-08-03 22:56 . 2004-08-03 22:56 1032192 c:\windows\system32\sethc.exe
+ 2004-08-03 22:56 . 2004-08-03 22:56 1032192 c:\windows\system32\dllcache\sethc.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-05-27 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-14 18702336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-25 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-25 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-25 136192]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"FixCamera"="c:\windows\FixCamera.exe" [2008-08-21 188928]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2009-12-11 320512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 110592]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-05-09 2552648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-20 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
c:\documents and settings\MJ\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2011-6-9 477736]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-18 74308]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"k:\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"k:\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"k:\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"k:\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"k:\\Dragon Age\\bin_ship\\daorigins.exe"=
"k:\\Dragon Age\\DAOriginsLauncher.exe"=
"k:\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
.
R0 AladdinUsbFilter;AladdinUsbFilterService;c:\windows\system32\drivers\AladdinUsbFilter.sys [5/13/2010 8:12 AM 484352]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [5/2/2011 8:36 PM 242472]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [5/2/2011 8:36 PM 29400]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/23/2011 12:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/13/2011 5:55 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/12/2011 7:38 AM 116608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/12/2011 5:28 AM 136360]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2/19/2010 5:00 PM 148744]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [12/16/2009 10:09 AM 188736]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [12/16/2009 10:11 AM 65856]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [7/24/2011 5:58 PM 2214504]
R2 wntpport;wntpport;c:\windows\system32\drivers\WNTPPORT.SYS [8/22/2011 8:50 PM 28416]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [5/13/2010 10:02 AM 119528]
R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [6/9/2011 6:40 PM 13312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/13/2010 9:56 AM 1684736]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [8/2/2010 4:19 PM 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [8/2/2010 4:19 PM 20864]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [8/2/2010 4:19 PM 19968]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [8/2/2010 4:19 PM 24960]
S3 AndNetDiag;LG AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys [8/2/2010 4:19 PM 23040]
S3 AndNetGps;LG AndroidNet USB GPS NMEA Port;c:\windows\system32\drivers\lgandnetgps.sys [8/2/2010 4:19 PM 22272]
S3 ANDNetModem;LG AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys [8/2/2010 4:19 PM 27776]
S3 andnetndis;LG AndroidNet NDIS Ethernet Adapter;c:\windows\system32\drivers\lgandnetndis.sys [8/2/2010 4:19 PM 66816]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [6/9/2011 6:35 PM 31312]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;k:\dragon age\bin_ship\daupdatersvc.service.exe [12/16/2009 4:07 AM 25832]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [9/29/2009 8:11 AM 12160]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys --> c:\windows\system32\DRIVERS\lgbtbus.sys [?]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys --> c:\windows\system32\DRIVERS\lgvmodem.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/23/2011 2:07 AM 41272]
S3 SydexFDD;Sydex Diskette Driver;c:\windows\system32\drivers\SYDEXFDD.SYS [8/22/2011 8:50 PM 13359]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
imgsvc REG_MULTI_SZ StiSvc Please Input Service Name Nxixnv Orirebul Umb
xcvs REG_MULTI_SZ xcvs
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-448539723-725345543-1003Core.job
- c:\documents and settings\MJ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-01 20:53]
.
2011-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-448539723-725345543-1003UA.job
- c:\documents and settings\MJ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-01 20:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=15161&l=dis
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: LG Air Sync (R-Click) - Save as Mobile Image - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/206
IE: LG Air Sync (R-Click) - Save as Mobile Memo - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/208
IE: LG Air Sync (R-Click) - Save as Mobile Text file - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/210
IE: LG Air Sync (R-Click) - Set as Mobile Wallpaper - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/205
IE: LG Air Sync Option - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/209
TCP: DhcpNameServer = 202.8.224.36 202.8.224.39
TCP: Interfaces\{56E4BDAE-AFFC-4749-8E1C-5F2C133402B6}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7D033C36-3894-4E86-818D-2D141154C4BF}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{8BE85404-7DE2-4429-A5FE-C0B39B413BB3}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\MJ\Application Data\Mozilla\Firefox\Profiles\9j7isrn4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-25 07:06
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1048)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(1104)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(3460)
c:\windows\system32\guard32.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
**************************************************************************
.
Completion time: 2011-08-25 07:12:16 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-24 23:12
ComboFix2.txt 2011-08-24 21:22
ComboFix3.txt 2011-08-24 19:09
ComboFix4.txt 2011-08-24 18:42
ComboFix5.txt 2011-08-24 22:52
.
Pre-Run: 4,624,850,944 bytes free
Post-Run: 4,527,546,368 bytes free
.
- - End Of File - - A32322F3ABBC73D3D458E3B6986B6870