hi and thanks for your help , heres my reports
ComboFix 09-10-30.01 - Administrator 01/11/2009 14:27.1.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1711 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it
.
((((((((((((((((((((((((( Files Created from 2009-10-01 to 2009-11-01 )))))))))))))))))))))))))))))))
.
2009-10-30 16:53 . 2009-10-30 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-30 16:53 . 2009-10-30 16:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-30 16:53 . 2009-10-30 16:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-10-30 16:52 . 2009-10-30 16:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-30 16:06 . 2009-10-30 16:06 -------- d-----w- c:\program files\Trend Micro
2009-10-30 15:45 . 2009-11-01 14:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-30 15:45 . 2009-10-30 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-29 23:49 . 2009-10-29 23:49 -------- d-----w- c:\program files\CCleaner
2009-10-29 23:22 . 2009-10-29 23:22 -------- d-----w- c:\program files\Free Window Registry Repair
2009-10-29 16:23 . 2009-10-29 16:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-29 16:23 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-29 16:23 . 2009-10-29 16:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-29 16:23 . 2009-10-29 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-29 16:23 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 23:30 . 2009-10-28 23:29 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-28 15:41 . 2009-10-28 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\launcher
2009-10-28 15:39 . 2009-10-28 15:39 -------- d-----w- c:\program files\Paragon Software
2009-10-27 12:16 . 2009-10-27 12:16 4248848 ----a-w- c:\windows\system32\qtp-mt334.dll
2009-10-27 12:15 . 2009-10-27 12:15 248592 ----a-w- c:\windows\system32\prgiso.dll
2009-10-25 17:05 . 2009-10-29 23:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-22 14:45 . 2009-10-22 14:45 10 ----a-w- c:\windows\iosys32b.dat
2009-10-18 17:34 . 2009-10-18 17:34 -------- d-----w- c:\program files\directx
2009-10-18 17:30 . 2004-08-03 22:07 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-10-18 17:30 . 2004-08-03 22:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-10-18 17:14 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-10-18 17:03 . 2009-10-18 17:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-10-15 22:18 . 2009-10-15 22:18 10 ----a-w- c:\windows\winitwkg.dat
2009-10-15 02:24 . 2009-10-15 02:24 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-12 21:12 . 2009-04-22 10:53 40712 ----a-w- c:\windows\system32\eetransx.exe
2009-10-12 21:12 . 2008-04-29 12:16 143360 ----a-w- c:\windows\system32\EEGenFn1.dll
2009-10-12 21:12 . 1998-04-23 23:00 368912 ----a-w- c:\windows\system32\vbar332.dll
2009-10-11 12:46 . 2009-10-11 12:46 -------- d-----w- c:\program files\PartyGaming
2009-10-03 15:18 . 2009-10-03 15:20 -------- d-----w- c:\windows\system32\Adobe
2009-10-02 16:01 . 2009-10-11 19:50 -------- d-----w- c:\documents and settings\Administrator\PARTYPokerDir
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-01 02:49 . 2009-09-07 17:30 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-30 17:46 . 2009-09-30 10:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-29 12:31 . 2009-08-06 08:50 38 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2009-10-29 12:31 . 2009-09-05 19:55 63 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences2.dat
2009-10-29 11:49 . 2009-09-30 10:48 -------- d-----w- c:\program files\Norton Internet Security
2009-10-26 23:49 . 2009-08-05 19:25 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-10-18 17:10 . 2009-08-05 18:14 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-03 18:19 . 2009-09-07 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-10-03 18:18 . 2009-09-30 10:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-30 11:23 . 2009-09-30 11:23 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-09-30 11:05 . 2009-09-30 10:46 -------- d-----w- c:\program files\Symantec
2009-09-30 11:04 . 2009-09-30 11:04 -------- d-----w- c:\program files\SymNetDrv
2009-09-30 11:01 . 2009-09-30 10:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Symantec
2009-09-21 22:28 . 2009-09-21 18:01 -------- d-----w- c:\program files\Common Files\Apple
2009-09-21 18:28 . 2009-09-21 18:28 691420 ----a-w- c:\windows\system32\Client.exe
2009-09-21 18:04 . 2009-09-21 18:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-09-21 18:02 . 2009-09-21 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-21 18:02 . 2009-09-21 18:02 -------- d-----w- c:\program files\iTunes
2009-09-21 18:02 . 2009-09-21 18:02 -------- d-----w- c:\program files\iPod
2009-09-21 18:02 . 2009-09-21 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-21 18:01 . 2009-09-21 18:01 -------- d-----w- c:\program files\QuickTime
2009-09-21 18:01 . 2009-09-21 18:01 -------- d-----w- c:\program files\Apple Software Update
2009-09-21 18:01 . 2009-09-21 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-21 13:20 . 2009-08-11 13:41 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-19 01:20 . 2009-08-05 19:18 12328 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-17 18:59 . 2009-09-17 18:59 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-09-16 14:09 . 2009-09-16 14:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\iolo
2009-09-15 21:13 . 2009-09-15 21:12 -------- d-----w- c:\program files\Windows Live
2009-09-15 21:12 . 2009-09-15 21:12 -------- d-----w- c:\program files\Microsoft
2009-09-15 21:09 . 2009-09-15 21:09 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-14 12:48 . 2009-08-30 20:48 -------- d-----w- c:\program files\Common Files\Real
2009-09-14 12:48 . 2009-09-14 12:48 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-14 12:47 . 2006-11-17 13:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-14 12:47 . 2009-09-14 12:47 -------- d-----w- c:\program files\Real
2009-09-12 17:53 . 2009-09-12 17:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\pkClient
2009-09-12 17:40 . 2009-09-12 17:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\godzHell
2009-09-12 13:29 . 2009-09-12 13:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Passware
2009-09-11 14:33 . 2004-08-04 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 21:06 . 2009-09-10 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\sctemp
2009-09-10 21:05 . 2009-08-05 18:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-08 22:16 . 2009-09-07 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Tenebril
2009-09-08 14:21 . 2009-09-07 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-09-07 21:11 . 2009-09-07 21:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\ParetoLogic
2009-09-07 21:11 . 2009-09-07 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-09-07 21:11 . 2009-09-07 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-09-07 19:24 . 2009-09-07 19:24 -------- d-----w- c:\program files\MSBuild
2009-09-07 19:24 . 2009-09-07 19:24 -------- d-----w- c:\program files\Reference Assemblies
2009-09-07 19:23 . 2009-09-07 19:23 -------- d-----w- c:\program files\MSXML 6.0
2009-09-07 17:47 . 2009-08-05 18:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-07 17:39 . 2009-08-20 13:04 -------- d-----w- c:\program files\Common Files\Webroot Shared
2009-09-07 13:18 . 2009-09-07 13:18 -------- d-----w- c:\program files\NVIDIA Corporation
2009-09-07 13:17 . 2009-09-07 13:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-09-07 13:01 . 2009-09-07 13:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-09-07 12:55 . 2009-09-07 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-09-04 20:45 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:16 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 02:03 . 2009-08-17 02:03 3674112 ----a-w- c:\windows\system32\nvwssr.dll
2009-08-17 02:02 . 2009-08-17 02:02 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-08-16 23:57 . 2009-08-16 23:57 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-16 23:57 . 2009-08-16 23:57 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-16 23:57 . 2009-08-16 23:57 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-08-16 23:57 . 2009-08-05 18:22 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-16 23:57 . 2008-05-16 13:01 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-08-16 23:57 . 2008-05-16 13:01 7729568 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-08-16 23:57 . 2008-05-16 13:01 5845760 ----a-w- c:\windows\system32\nv4_disp.dll
2009-08-16 23:57 . 2008-05-16 13:01 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-16 23:57 . 2008-05-16 13:01 155648 ----a-w- c:\windows\system32\nvcodins.dll
2009-08-16 23:57 . 2008-05-16 13:01 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-08-16 23:57 . 2008-05-16 13:01 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-08-11 11:35 . 2009-08-05 18:22 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-06 18:24 . 2009-08-04 17:17 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 18:24 . 2009-08-04 17:17 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 18:24 . 2009-08-04 17:17 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 18:24 . 2008-10-16 13:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 18:24 . 2009-08-04 17:17 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 18:24 . 2004-08-04 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 18:23 . 2009-08-04 17:17 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 18:23 . 2009-09-15 23:28 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 18:23 . 2009-09-15 23:28 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 18:23 . 2009-08-04 17:17 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 18:36 . 2009-08-05 18:36 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-05 18:28 . 2009-08-05 18:28 0 ----a-w- c:\windows\nsreg.dat
2009-08-05 18:14 . 2009-08-05 18:14 319488 ----a-w- c:\windows\HideWin.exe
2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:17 . 2009-08-04 17:17 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-04 13:58 . 2004-08-04 12:00 2136064 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 13:13 . 2004-08-03 22:59 2015744 ------w- c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-12 2000112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-05 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-14 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-17 58728]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2009-09-30 100056]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-09 16851968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2006-10-04 53760]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 15:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SAVScan"=3 (0x3)
"idsvc"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-10-12 7408]
R3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2008-12-01 16640]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-10-12 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-10-12 74480]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-21 1028432]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder
2009-10-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 13:20]
2009-10-30 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Administrator.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2004-08-31 11:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = <local>
IE: &Search
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8e4xmoj9.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-Wdf01000.sys
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-11-01 14:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1708537768-2052111302-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,58,48,db,e7,e6,dc,4c,b6,86,be,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,58,48,db,e7,e6,dc,4c,b6,86,be,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(796)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-11-01 14:31
ComboFix-quarantined-files.txt 2009-11-01 14:31
Pre-Run: 481,969,410,048 bytes free
Post-Run: 481,944,879,104 bytes free
- - End Of File - - 884FF1CE0A727EECE9031BC3738DCD09
hijackthis log is.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:29, on 01/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe