ComboFix 10-05-08.03 - Mark 05/09/2010 18:39:04.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1323 [GMT -4:00] Running from: c:\documents and settings\Mark\Desktop\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . Infected copy of c:\windows\system32\drivers\ohci1394.sys was found and disinfected Restored copy from - Kitty had a snack :p . ((((((((((((((((((((((((( Files Created from 2010-04-09 to 2010-05-09 ))))))))))))))))))))))))))))))) . 2010-05-09 05:33 . 2010-05-09 05:33 63488 ----a-w- c:\documents and settings\Mark\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-05-09 05:33 . 2010-05-09 05:33 52224 ----a-w- c:\documents and settings\Mark\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-05-09 05:33 . 2010-05-09 05:33 117760 ----a-w- c:\documents and settings\Mark\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-05-09 05:32 . 2010-05-09 05:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-05-09 05:32 . 2010-05-09 05:32 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-05-09 05:32 . 2010-05-09 05:32 -------- d-----w- c:\documents and settings\Mark\Application Data\SUPERAntiSpyware.com 2010-05-09 05:32 . 2010-05-09 05:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-05-09 04:21 . 2010-05-09 04:21 -------- d-----w- c:\program files\Common Files\Java 2010-05-09 04:18 . 2010-05-09 04:18 -------- d-----w- c:\program files\Sun 2010-05-09 04:18 . 2010-05-09 04:17 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-05-09 01:02 . 2010-05-09 01:02 388096 ----a-r- c:\documents and settings\Mark\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-05-08 15:05 . 2010-05-09 05:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-05-08 15:05 . 2010-05-08 15:09 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-05-08 13:58 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-05-08 13:58 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-05-08 13:58 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-05-08 13:58 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-05-08 13:58 . 2010-05-08 13:58 -------- d-----w- c:\program files\Avira 2010-05-08 13:58 . 2010-05-08 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-05-08 13:27 . 2010-05-08 03:05 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-05-08 03:06 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-05-08 03:06 . 2010-05-08 03:05 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-05-08 03:02 . 2010-05-08 03:02 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-05-08 03:02 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe 2010-05-08 03:02 . 2010-05-08 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-05-08 03:02 . 2010-05-08 03:02 -------- d-----w- c:\program files\Lavasoft 2010-05-08 02:49 . 2010-05-08 02:49 -------- d-----w- c:\program files\Trend Micro 2010-05-08 00:48 . 2010-05-08 00:48 -------- d-----w- c:\program files\AVG 2010-05-07 22:30 . 2010-05-07 22:30 36896 ----a-w- c:\documents and settings\Mark\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-07 20:41 . 2010-05-07 22:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\onivqhytu 2010-05-06 03:52 . 2010-05-06 03:52 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-05-06 03:39 . 2010-05-06 04:02 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\vtgqboqtw 2010-04-27 03:34 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll 2010-04-27 03:18 . 2010-04-27 03:18 -------- d-----w- c:\program files\YouTube Downloader 2010-04-27 03:09 . 2010-05-09 01:52 -------- d-----w- C:\music 2010-04-24 03:07 . 2010-04-24 03:07 -------- d-----w- c:\windows\Sun 2010-04-24 03:06 . 2010-04-24 03:06 503808 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3a1d1ed5-n\msvcp71.dll 2010-04-24 03:06 . 2010-04-24 03:06 499712 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3a1d1ed5-n\jmc.dll 2010-04-24 03:06 . 2010-04-24 03:06 348160 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3a1d1ed5-n\msvcr71.dll 2010-04-24 03:06 . 2010-04-24 03:06 61440 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-429a1f77-n\decora-sse.dll 2010-04-24 03:06 . 2010-04-24 03:06 12800 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-429a1f77-n\decora-d3d.dll 2010-04-24 03:06 . 2010-05-09 04:17 -------- d-----w- c:\program files\Java 2010-04-22 22:16 . 2008-04-14 04:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2010-04-22 12:36 . 2010-04-22 12:36 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2010-04-21 02:52 . 2010-04-21 02:52 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe 2010-04-21 02:50 . 2010-02-01 01:45 38784 ----a-w- c:\documents and settings\Mark\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-04-21 02:50 . 2010-04-21 02:50 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-04-21 02:49 . 2010-04-21 02:49 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe 2010-04-21 02:49 . 2010-04-21 11:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-04-21 02:48 . 2010-05-05 03:38 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\Adobe 2010-04-21 02:48 . 2010-04-21 02:48 -------- d-----w- c:\program files\Common Files\Adobe 2010-04-20 20:09 . 2010-04-20 20:09 -------- d-----w- c:\program files\CCleaner 2010-04-20 18:35 . 2010-04-20 18:35 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\Identities 2010-04-20 17:31 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-04-20 17:31 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll 2010-04-20 17:29 . 2008-11-10 15:41 32656 ----a-w- c:\windows\system32\msonpmon.dll 2010-04-20 17:29 . 2006-10-26 23:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll 2010-04-20 17:29 . 2010-04-22 12:34 -------- d-----w- c:\program files\Microsoft Works 2010-04-20 17:28 . 2010-04-20 17:28 -------- d-----w- c:\program files\Microsoft.NET 2010-04-20 17:25 . 2010-04-20 17:25 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\Microsoft Help 2010-04-20 17:25 . 2010-04-23 11:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-04-20 17:25 . 2010-04-20 17:25 -------- d-----r- C:\MSOCache 2010-04-20 16:00 . 2010-04-20 16:00 -------- d-----w- c:\windows\system32\XPSViewer 2010-04-20 15:59 . 2010-04-20 15:59 -------- d-----w- c:\program files\MSBuild 2010-04-20 15:59 . 2010-04-20 15:59 -------- d-----w- c:\program files\Reference Assemblies 2010-04-20 15:59 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-04-20 15:59 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-04-20 15:59 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-04-20 15:59 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-04-20 15:59 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2010-04-20 15:59 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-04-20 15:59 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2010-04-20 15:59 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-04-20 15:59 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-04-20 15:59 . 2010-04-20 15:59 -------- d-----w- C:\f75ac42679d5b18408d4b2049642eb4a 2010-04-20 13:48 . 2010-04-20 13:48 -------- d-----w- c:\program files\MSXML 4.0 2010-04-20 13:47 . 2010-04-20 13:47 -------- d-----w- c:\documents and settings\Mark\Application Data\Malwarebytes 2010-04-20 13:47 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-20 13:47 . 2010-05-06 04:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-20 13:47 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-20 13:47 . 2010-04-20 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-04-20 13:45 . 2010-04-20 13:45 -------- d-sh--w- c:\documents and settings\Mark\IECompatCache 2010-04-20 13:44 . 2010-04-20 13:44 -------- d-sh--w- c:\documents and settings\Mark\PrivacIE 2010-04-19 19:27 . 2010-04-19 19:27 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\Symantec 2010-04-19 19:26 . 2006-09-18 21:55 48816 ----a-w- c:\windows\system32\S32EVNT1.DLL 2010-04-19 19:26 . 2006-09-18 21:55 109744 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-04-19 19:26 . 2010-04-19 19:27 -------- d-----w- c:\program files\Symantec 2010-04-19 19:26 . 2010-05-09 22:37 -------- d-----w- c:\program files\Symantec AntiVirus 2010-04-19 19:26 . 2010-04-19 19:27 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-04-19 19:26 . 2010-04-19 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2010-04-19 18:41 . 2010-04-19 19:00 -------- d-----w- C:\Symantec Endpoint Protection 11 2010-04-19 17:45 . 2010-04-19 17:47 -------- d-----w- c:\documents and settings\Mark\Application Data\Corel 2010-04-19 17:45 . 2010-04-19 17:47 952 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2010-04-19 17:45 . 2008-02-26 18:43 655136 ----a-w- c:\documents and settings\Mark\Application Data\Corel\WordPerfect Office X4\User Config\InitLBar.exe 2010-04-19 17:32 . 2010-04-19 17:32 -------- d-----w- c:\program files\Common Files\Protexis 2010-04-19 17:32 . 2010-04-20 17:26 -------- d-----w- c:\windows\ShellNew 2010-04-19 17:32 . 2010-04-19 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel 2010-04-19 17:32 . 2010-04-19 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Borland 2010-04-19 17:32 . 2010-04-19 17:32 -------- d-----w- c:\program files\Common Files\Borland Shared 2010-04-19 17:31 . 2010-04-19 17:48 -------- d-----w- c:\program files\Common Files\Corel 2010-04-19 17:28 . 2010-04-19 17:33 -------- d-----w- c:\program files\Corel 2010-04-19 17:26 . 2010-04-19 17:26 -------- d-----w- c:\documents and settings\Mark\Application Data\CyberLink 2010-04-19 17:20 . 2010-04-19 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell 2010-04-19 17:20 . 2010-04-19 17:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PowerDVD DX 2010-04-19 17:19 . 2010-04-19 17:19 -------- d-----w- c:\program files\CyberLink 2010-04-19 17:19 . 2008-05-23 18:06 89088 ----a-w- c:\windows\system32\atl71.dll 2010-04-19 17:19 . 2008-05-23 18:06 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-04-19 17:19 . 2008-05-23 18:06 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-04-19 17:19 . 2008-05-23 18:06 1060864 ----a-w- c:\windows\system32\MFC71.dll 2010-04-19 17:19 . 2008-05-23 18:06 1047552 ----a-w- c:\windows\system32\MFC71u.dll 2010-04-19 17:15 . 2010-04-19 17:15 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache 2010-04-19 17:11 . 2010-04-19 17:11 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2010-04-19 17:07 . 2010-04-19 17:07 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2010-04-19 17:01 . 2010-02-25 15:54 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll 2010-04-19 17:01 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-04-19 17:01 . 2010-02-25 06:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-04-19 17:01 . 2010-02-25 06:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-04-19 17:01 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-04-19 17:01 . 2010-02-25 06:24 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-04-19 17:01 . 2010-04-19 17:01 -------- d-----w- c:\windows\ie8updates 2010-04-19 17:01 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-04-19 17:00 . 2010-04-19 17:01 -------- dc-h--w- c:\windows\ie8 2010-04-19 15:03 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2010-04-19 15:03 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys 2010-04-19 15:02 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-06 04:23 . 2010-05-06 04:23 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-04-20 16:24 . 2010-04-19 14:33 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-04-19 17:19 . 2010-04-19 14:47 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-19 14:54 . 2010-04-19 14:42 -------- d-----w- c:\program files\Dell 2010-04-19 14:52 . 2010-04-19 14:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf 2010-04-19 14:52 . 2010-04-19 14:52 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2010-04-19 14:52 . 2010-04-19 14:52 -------- d-----w- c:\program files\DellTPad 2010-04-19 14:51 . 2010-04-19 14:51 -------- d-----w- c:\program files\SigmaTel 2010-04-19 14:51 . 2010-04-19 14:51 -------- d-----w- c:\program files\Common Files\InstallShield 2010-04-19 14:50 . 2010-04-19 14:50 -------- d-----w- c:\program files\CONEXANT 2010-04-19 14:49 . 2010-04-19 14:49 -------- d-----w- c:\program files\Broadcom 2010-04-19 14:47 . 2010-04-19 14:47 -------- d-----w- c:\program files\O2Micro OZ776 SCR Driver 2010-04-19 14:42 . 2010-04-19 14:42 5 ----a-w- c:\windows\system32\drivers\DELL_LAT_D630.MRK 2010-04-19 14:42 . 2010-04-19 14:42 5 ----a-w- c:\windows\system32\drivers\1028_DELL_LAT_D630.MRK 2010-04-19 14:42 . 2010-04-19 14:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield 2010-04-19 14:40 . 2010-04-19 14:40 -------- d-----w- c:\program files\Intel 2010-04-19 14:34 . 2010-04-19 14:34 -------- d-----w- c:\program files\microsoft frontpage 2010-04-19 14:31 . 2010-04-19 14:31 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2010-03-10 06:15 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:24 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 14:08 . 2008-04-14 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2008-04-14 00:01 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:33 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-06 2017280] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "IgfxTray"=c:\windows\system32\igfxtray.exe "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" "Persistence"=c:\windows\system32\igfxpers.exe "QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE" "SigmatelSysTrayApp"=%ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "vptray"=c:\progra~1\SYMANT~1\VPTray.exe "HotKeysCmds"=c:\windows\system32\hkcmd.exe "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" "Broadcom Wireless Manager UI"=c:\windows\system32\WLTRAY.exe "AVG9_TRAY"=c:\progra~1\AVG\AVG9\avgtray.exe "Apoint"=c:\program files\DellTPad\Apoint.exe "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" /min "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/7/2010 11:06 PM 64288] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 68168] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/8/2010 9:58 AM 135336] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1285864] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/19/2010 3:36 PM 102448] S0 cerc6;cerc6; [x] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464] . Contents of the 'Scheduled Tasks' folder 2010-05-09 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = . - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-09 18:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(888) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll . Completion time: 2010-05-09 18:45:11 ComboFix-quarantined-files.txt 2010-05-09 22:45 Pre-Run: 66,317,889,536 bytes free Post-Run: 66,381,463,552 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 1389ADCF0AFED0F87A3F851B855D107B