OK, done.
Combofix log:
ComboFix 09-05-05.03 - ADMINISTRATOR 1 05/05/2009 21:41.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1645 [GMT -7:00]
Running from: c:\documents and settings\ADMINISTRATOR 1\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ADMINISTRATOR 1\Desktop\cfscript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\progra~1\crawler
c:\progra~1\crawler\adrkeys.dat
c:\progra~1\crawler\autose.dat
c:\progra~1\crawler\Cache\COMMON\DIRLIST_CHBMP.dat
c:\progra~1\crawler\Cache\COMMON\DIRLIST_MENU.dat
c:\progra~1\crawler\Cache\COMMON\ECARDS_BMP.dat
c:\progra~1\crawler\Cache\COMMON\ECARDS_CHBMP.dat
c:\progra~1\crawler\Cache\COMMON\ECARDS_MENU.dat
c:\progra~1\crawler\Cache\COMMON\EMAIL_CHBMP.dat
c:\progra~1\crawler\Cache\COMMON\FFILL_BMP.dat
c:\progra~1\crawler\Cache\COMMON\FFILL_CHBMP.dat
c:\progra~1\crawler\Cache\COMMON\FIND-0_BMP.dat
c:\progra~1\crawler\Cache\COMMON\FIND-0_CHBMP.dat
c:\progra~1\crawler\Cache\COMMON\FIND-1_BMP.dat
c:\progra~1\crawler\Cache\COMMON\FIND-1_CHBMP.dat
c:\progra~1\crawler\Cache\COMMON\FIND-2_BMP.dat
c:\progra~1\crawler\Cache\COMMON\FIND-2_CHBMP.dat
c:\progra~1\crawler\Cache\COMMON\FIND-3_BMP.dat
c:\progra~1\crawler\Cache\COMMON\FIND-3_CHBMP.dat
c:\progra~1\crawler\Cache\COMMON\FIND-4_BMP.dat
c:\progra~1\crawler\Cache\COMMON\FIND-4_CHBMP.dat
c:\progra~1\crawler\Cache\COMMON\GAMES_CHBMP.dat
c:\progra~1\crawler\Cache\COMMON\GAMES_MENU.dat
c:\progra~1\crawler\Cache\COMMON\HIGHLIGHT_CHBMP.dat
c:\progra~1\crawler\Cache\COMMON\POPBLOCKER_MENU.dat
c:\progra~1\crawler\Cache\COMMON\SHOP_CHBMP.dat
c:\progra~1\crawler\Cache\COMMON\SKINS_BMP.dat
c:\progra~1\crawler\Cache\COMMON\SKINS_CHBMP.dat
c:\progra~1\crawler\Cache\COMMON\SKINS_MENU.dat
c:\progra~1\crawler\Cache\COMMON\SPELL_BMP.dat
c:\progra~1\crawler\Cache\COMMON\SPELL_CHBMP.dat
c:\progra~1\crawler\Cache\COMMON\TRAVEL_CHBMP.dat
c:\progra~1\crawler\Cache\COMMON\WAYBACK_CHBMP.dat
c:\progra~1\crawler\Cache\COMMON\WP_CHBMP.dat
c:\progra~1\crawler\Cache\COMMON\YP_CHBMP.dat
c:\progra~1\crawler\confirm.dat
c:\progra~1\crawler\ctbcomm.dll
c:\progra~1\crawler\ctbr.dll
c:\progra~1\crawler\CTConf.dat
c:\progra~1\crawler\CTipsDef.dll
c:\progra~1\crawler\CUpdate.exe
c:\progra~1\crawler\Cursors\284DB5093AA7C030E068CBC8BE6DFB6B\appstarting.ani
c:\progra~1\crawler\Cursors\284DB5093AA7C030E068CBC8BE6DFB6B\arrow.ani
c:\progra~1\crawler\Cursors\284DB5093AA7C030E068CBC8BE6DFB6B\cursor.xml
c:\progra~1\crawler\Cursors\284DB5093AA7C030E068CBC8BE6DFB6B\wait.ani
c:\progra~1\crawler\Cursors\8AA5B71D0994F160EA0C269A7B7AE9DA\appstarting.ani
c:\progra~1\crawler\Cursors\8AA5B71D0994F160EA0C269A7B7AE9DA\arrow.ani
c:\progra~1\crawler\Cursors\8AA5B71D0994F160EA0C269A7B7AE9DA\cursor.xml
c:\progra~1\crawler\Cursors\8AA5B71D0994F160EA0C269A7B7AE9DA\wait.ani
c:\progra~1\crawler\Cursors\cursors.xml
c:\progra~1\crawler\ecards.dat
c:\progra~1\crawler\ffill.dat
c:\progra~1\crawler\games.dat
c:\program files\INSTALL.LOG
c:\windows\system32\drivers\fad.sys
.
((((((((((((((((((((((((( Files Created from 2009-04-06 to 2009-05-06 )))))))))))))))))))))))))))))))
.
2009-04-30 05:51 . 2009-04-30 05:52 -------- d-----w C:\XTGOLD
2009-04-29 18:36 . 2009-04-29 18:37 -------- d-----w c:\documents and settings\ADMINISTRATOR 1\Application Data\U3
2009-04-25 04:51 . 2009-04-25 04:57 -------- d-----w c:\documents and settings\ADMINISTRATOR 1\Local Settings\Application Data\Adobe
2009-04-25 04:50 . 2009-04-25 05:05 -------- d-----w c:\temp\jobs
2009-04-25 04:50 . 2009-04-30 09:37 -------- d-----w c:\temp\passwords
2009-04-25 04:48 . 2009-04-25 05:05 -------- d-----w c:\temp\CRedit card payments
2009-04-24 23:29 . 2009-05-06 04:06 -------- d-----w c:\program files\a-squared Free
2009-04-24 20:47 . 2009-04-24 20:47 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-24 20:47 . 2009-04-24 20:47 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-24 20:47 . 2009-04-24 20:47 -------- d-----w c:\documents and settings\ADMINISTRATOR 1\Application Data\SUPERAntiSpyware.com
2009-04-24 20:46 . 2009-04-24 20:46 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-24 19:55 . 2009-04-24 19:55 -------- d-----w c:\program files\Trend Micro
2009-04-24 19:41 . 2009-04-24 19:41 -------- d-----w c:\windows\Sun
2009-04-24 19:41 . 2009-04-24 19:41 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-24 19:41 . 2009-04-24 19:41 -------- d-----w c:\program files\Java
2009-04-24 19:03 . 2009-04-24 20:24 -------- d-----w c:\program files\CCleaner
2009-04-24 17:56 . 2009-04-30 08:40 -------- d-----w c:\program files\PurgeIE
2009-04-24 17:14 . 2009-05-06 04:08 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-24 17:08 . 2009-05-06 04:09 -------- d-----w c:\program files\Lavasoft
2009-04-24 17:08 . 2009-05-06 04:09 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-24 03:45 . 2009-05-06 04:02 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-24 03:45 . 2009-05-06 04:02 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-24 03:44 . 2009-05-06 04:02 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-24 03:44 . 2009-05-06 04:03 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-24 03:44 . 2009-04-24 16:36 -------- d-----w c:\documents and settings\ADMINISTRATOR 1\Application Data\AVGTOOLBAR
2009-04-24 03:44 . 2009-04-24 03:44 -------- d-----w c:\program files\AVG
2009-04-24 03:44 . 2009-04-30 08:47 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-23 06:42 . 2009-05-06 04:07 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-23 06:24 . 2009-04-23 06:24 -------- d-----w c:\documents and settings\ADMINISTRATOR 1\Application Data\EMCO
2009-04-23 06:18 . 2009-04-23 06:18 -------- d-----w c:\program files\FileASSASSIN
2009-04-23 06:15 . 2009-04-23 06:15 -------- d-----w c:\documents and settings\ADMINISTRATOR 1\Application Data\Malwarebytes
2009-04-23 06:15 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-23 06:15 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-23 06:15 . 2009-04-23 06:15 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-23 06:15 . 2009-04-24 22:19 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-23 06:07 . 2009-04-24 05:11 -------- d-----w c:\windows\system32\CatRoot_bak
2009-04-23 05:42 . 2009-04-23 05:42 -------- d-----w C:\!KillBox
2009-04-22 04:43 . 2005-07-26 04:39 60416 ------w c:\windows\system32\dllcache\colbact.dll
2009-04-22 04:43 . 2009-02-09 10:20 399360 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-22 04:43 . 2009-02-06 17:14 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-22 04:43 . 2009-02-09 10:20 473088 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-22 04:43 . 2009-02-06 16:39 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-22 04:43 . 2009-02-09 10:20 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-22 04:43 . 2009-02-09 10:20 616960 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-22 04:43 . 2009-02-09 10:20 714752 ------w c:\windows\system32\dllcache\ntdll.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-06 14:44 . 2002-08-29 10:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-02-09 10:20 . 2004-04-27 17:19 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2002-08-29 10:00 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2002-08-29 10:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2002-08-29 10:00 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2002-08-29 10:00 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:24 . 1980-01-01 05:00 2180480 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2002-08-29 10:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2002-08-29 10:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:49 . 1980-01-01 05:00 2057728 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-05 06:56 . 2003-04-14 12:01 90112 ----a-w c:\windows\DUMP9598.tmp
2009-02-05 06:52 . 2003-04-14 12:01 90112 ----a-w c:\windows\DUMP84df.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-06 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-24 148888]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-4-14 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2007-06-04 16:44 10792 ----a-w c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-06 04:02 11952 ----a-w c:\windows\SYSTEM32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [4/23/2009 8:44 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [4/23/2009 8:45 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [3/23/2009 2:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 72944]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/23/2009 8:44 PM 298776]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 7408]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mSearch Bar =
uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/
uInternet Settings,ProxyOverride = hxxp://localhost;
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-05-05 21:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(624)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll
- - - - - - - > 'explorer.exe'(4028)
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SYSTEM32\mnmsrvc.exe
c:\windows\SYSTEM32\rundll32.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\SYSTEM32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-06 21:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-06 04:48
Pre-Run: 49,302,016,000 bytes free
Post-Run: 49,421,197,312 bytes free
215 --- E O F --- 2009-04-23 06:51