ComboFix log:
ComboFix 10-12-31.02 - My Computer 01/01/2011 6:13.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.171 [GMT -8:00]
Running from: c:\documents and settings\My Computer\My Documents\Downloads\commy.exe.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe
.
((((((((((((((((((((((((( Files Created from 2010-12-01 to 2011-01-01 )))))))))))))))))))))))))))))))
.
2011-01-01 14:02 . 2011-01-01 14:04 -------- d-----w- C:\32788R22FWJFW
2010-12-29 17:20 . 2010-12-29 17:20 -------- d-s---w- c:\documents and settings\LocalService\UserData
2010-12-29 11:26 . 2010-12-29 11:26 388096 ----a-r- c:\documents and settings\My Computer\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-29 11:26 . 2010-12-29 11:26 -------- d-----w- c:\program files\Trend Micro
2010-12-29 11:07 . 2010-12-29 11:07 -------- d-----w- c:\program files\Common Files\Java
2010-12-29 11:06 . 2010-11-13 02:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-29 08:18 . 2010-12-29 08:18 -------- d-----w- c:\documents and settings\My Computer\Application Data\SUPERAntiSpyware.com
2010-12-29 08:18 . 2010-12-29 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-12-29 08:16 . 2010-12-29 08:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-29 07:57 . 2010-12-29 07:57 -------- d-----w- c:\program files\CCleaner
2010-12-29 07:18 . 2010-12-13 16:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-29 07:18 . 2010-12-13 16:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-29 07:18 . 2010-06-17 22:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-12-29 07:18 . 2010-06-17 22:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-12-29 07:18 . 2010-12-29 07:18 -------- d-----w- c:\program files\Avira
2010-12-29 07:18 . 2010-12-29 07:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-12-29 06:17 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-29 06:17 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-29 05:14 . 2010-12-29 07:37 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2010-12-29 05:14 . 2010-12-29 05:18 -------- d-----w- c:\documents and settings\My Computer\Application Data\OnlineArmor
2010-12-29 05:13 . 2010-07-07 20:25 22600 ----a-w- c:\windows\system32\drivers\OAmon.sys
2010-12-29 05:13 . 2010-07-07 20:25 28232 ----a-w- c:\windows\system32\drivers\OAnet.sys
2010-12-29 05:13 . 2010-07-07 20:25 236104 ----a-w- c:\windows\system32\drivers\OADriver.sys
2010-12-29 05:13 . 2010-12-29 05:13 -------- d-----w- c:\program files\Emsisoft
2010-12-29 05:08 . 2010-12-29 05:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-12-29 05:08 . 2010-12-29 05:08 -------- d-----w- c:\program files\Alwil Software
2010-12-29 03:39 . 2010-12-29 03:39 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-29 03:34 . 2010-12-29 03:34 -------- d-----w- c:\program files\Common Files\HP
2010-12-29 03:34 . 2010-12-29 03:34 -------- d-----w- c:\program files\Hewlett-Packard
2010-12-29 03:32 . 2010-12-29 03:32 -------- d-----w- c:\documents and settings\My Computer\Local Settings\Application Data\Apple
2010-12-29 03:32 . 2010-12-29 03:38 -------- d-----w- c:\windows\system32\DRVSTORE
2010-12-29 03:31 . 2010-12-29 03:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-12-22 20:59 . 2010-12-29 03:38 -------- d-----w- c:\program files\Safari
2010-12-16 22:48 . 2010-12-16 22:48 -------- d-----w- c:\documents and settings\My Computer\Application Data\Malwarebytes
2010-12-16 22:28 . 2010-12-16 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-16 22:28 . 2010-12-29 06:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-16 22:10 . 2010-12-29 03:38 -------- d-s---w- c:\documents and settings\Administrator
2010-12-16 10:58 . 2010-12-29 03:38 -------- d-----w- c:\documents and settings\All Users\Application Data\bDeIn06307
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-13 00:34 . 2010-06-16 08:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-03 12:59 . 2010-06-16 03:41 369664 ------w- c:\windows\system32\html.iec
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\My Computer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-16 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768]
"nwiz"="nwiz.exe" [2003-05-02 323584]
"CHotkey"="zHotkey.exe" [2003-06-03 496640]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-02 65536]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-06-25 868352]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-06-24 319488]
"showicon2k"="c:\program files\\eM\Bay Reader\Shwicon2k.exe" [2003-07-04 135168]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"@OnlineArmor GUI"="c:\program files\Emsisoft\Online Armor\oaui.exe" [2010-07-07 6854984]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\documents and settings\My Computer\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-5-26 503808]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2003-4-23 1742384]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Emsisoft\ONLINE~1\oaevent.dll" [2010-07-07 924488]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [12/28/2010 9:13 PM 236104]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [12/28/2010 9:13 PM 22600]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [12/28/2010 9:13 PM 28232]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/28/2010 11:18 PM 135336]
R2 OAcat;Online Armor Helper Service;c:\program files\Emsisoft\Online Armor\oacat.exe [12/28/2010 9:13 PM 1283400]
R2 SvcOnlineArmor;Online Armor;c:\program files\Emsisoft\Online Armor\oasrv.exe [12/28/2010 9:13 PM 3364680]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 12:19 PM 268528]
.
Contents of the 'Scheduled Tasks' folder
2010-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
2010-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3416578812-2000117343-1721848206-1005Core.job
- c:\documents and settings\My Computer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-16 03:51]
2011-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3416578812-2000117343-1721848206-1005UA.job
- c:\documents and settings\My Computer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-16 03:51]
2010-06-18 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-04-24 00:17]
.
.
------- Supplementary Scan -------
.
uStart Page = facebook.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-WudfPf
SafeBoot-WudfRd
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-01-01 06:30
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(464)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'explorer.exe'(2836)
c:\program files\Emsisoft\Online Armor\OAwatch.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\nvsvc32.exe
c:\windows\wanmpsvc.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\zHotkey.exe
c:\program files\eM\Bay Reader\Shwicon2k.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Emsisoft\Online Armor\OAhlp.exe
c:\program files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2011-01-01 06:36:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-01 14:36
Pre-Run: 131,572,326,400 bytes free
Post-Run: 131,819,802,624 bytes free
- - End Of File - - F78B4FB3575AE802677DF8A84655B920