Here's the log from Combofix:
ComboFix 09-06-08.03 - Administrator 06/08/2009 23:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.541 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((( Files Created from 2009-05-09 to 2009-06-09 )))))))))))))))))))))))))))))))
.
2009-06-09 01:00 . 2009-06-09 01:00 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-09 01:00 . 2009-06-09 01:00 -------- d-----w- c:\program files\Java
2009-06-08 23:08 . 2009-06-08 23:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-08 23:08 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-08 23:08 . 2009-06-08 23:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-08 23:08 . 2009-06-08 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-08 23:08 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-08 21:55 . 2009-06-08 23:02 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-08 21:54 . 2009-06-08 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-08 21:54 . 2009-06-08 21:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-08 21:54 . 2009-06-08 21:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-06-08 21:53 . 2009-06-08 21:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-08 21:38 . 2009-06-08 21:38 -------- d-----w- c:\program files\CCleaner
2009-06-08 20:37 . 2009-06-08 21:17 -------- d-----w- c:\program files\Trend Micro
2009-05-27 01:40 . 2009-05-27 01:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\ieSpell
2009-05-24 17:09 . 2009-05-24 17:09 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-05-24 17:06 . 2009-05-24 17:06 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-05-24 17:05 . 2009-05-24 17:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-05-24 17:05 . 2009-05-24 17:05 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-05-24 16:28 . 2009-05-30 02:08 -------- d-----w- c:\windows\ie8updates
2009-05-24 16:28 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-05-24 16:27 . 2009-05-24 16:27 -------- dc-h--w- c:\windows\ie8
2009-05-24 15:25 . 2009-05-24 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Chat Republic Games
2009-05-24 14:50 . 2009-05-24 14:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Chat Republic Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-30 02:06 . 2009-04-14 13:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\OfficeUpdate12
2009-05-06 04:55 . 2009-05-06 04:55 -------- d-----w- c:\program files\MSECache
2009-04-19 21:49 . 2005-12-16 22:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-19 21:48 . 2009-04-13 21:40 0 ----a-w- c:\windows\system32\drivers\FUJITSU_AA80N1E996000000_WXPMCE.MKR
2009-04-14 04:45 . 2009-04-13 19:28 -------- d-----w- c:\program files\ieSpell
2009-04-14 03:28 . 2009-04-14 03:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2009-04-14 03:10 . 2009-04-14 13:10 264704 ------w- c:\documents and settings\Administrator\Application Data\OfficeUpdate12\oudetect.dll
2009-04-13 21:17 . 2009-04-13 21:16 -------- d-----w- c:\program files\ffdshow
2009-04-13 21:13 . 2009-04-13 20:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-04-13 20:59 . 2009-04-13 20:59 -------- d-----w- c:\program files\Media Player Classic
2009-04-13 01:45 . 2009-04-12 23:40 -------- d-----w- c:\program files\Maxtor
2009-04-13 01:44 . 2009-04-12 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Maxtor
2009-04-12 21:22 . 2009-04-12 03:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\AdobeUM
2009-04-12 21:18 . 2005-12-16 23:13 -------- d-----w- c:\program files\Common Files\Adobe
2009-04-12 21:05 . 2009-04-12 21:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-04-12 21:05 . 2009-04-12 21:05 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-04-12 03:21 . 2009-04-12 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2009-04-10 22:45 . 2009-04-10 22:45 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-04-10 22:43 . 2009-04-10 22:43 -------- d-----w- c:\program files\Common Files\L&H
2009-04-10 22:41 . 2009-04-10 22:40 -------- d-----w- c:\program files\Hewlett-Packard
2009-04-10 22:40 . 2009-04-10 22:40 -------- d--h--w- c:\program files\Zenographics
2009-04-10 21:57 . 2009-04-10 21:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\ESET
2009-04-10 21:57 . 2009-04-10 21:57 -------- d-----w- c:\program files\ESET
2009-04-10 21:57 . 2009-04-10 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-04-10 21:37 . 2005-12-16 23:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-04-10 21:37 . 2005-12-16 23:19 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-04-10 21:26 . 2005-12-16 19:21 -------- d-----w- c:\program files\GemMaster
2009-04-10 21:12 . 2009-04-10 21:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2009-04-10 21:11 . 2009-04-10 21:11 -------- d-----w- c:\program files\Windows Desktop Search
2009-04-10 20:20 . 2009-04-10 20:20 -------- d-----w- c:\program files\MSBuild
2009-04-10 20:20 . 2009-04-10 20:20 -------- d-----w- c:\program files\Reference Assemblies
2009-04-10 18:49 . 2009-04-10 18:49 -------- d-----w- c:\program files\MSXML 4.0
2009-04-10 18:44 . 2009-04-10 18:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel
2009-04-10 18:43 . 2009-04-10 18:43 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-04-10 18:43 . 2009-04-10 18:43 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intel
2009-04-10 18:43 . 2009-04-10 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2009-04-10 18:43 . 2005-12-16 19:14 -------- d-----w- c:\program files\Intel
2009-04-10 18:42 . 2009-04-10 18:42 -------- d-----w- c:\program files\Broadcom
2009-04-10 18:04 . 2009-04-10 18:04 -------- d-----w- c:\program files\Windows Media Connect 2
2009-04-10 17:58 . 2009-04-10 17:58 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-10 17:54 . 2009-04-10 17:54 -------- d-----w- c:\program files\Microsoft Silverlight
2009-04-10 17:27 . 2005-12-16 23:11 -------- d-----w- c:\program files\Quicken
2009-04-10 17:20 . 2005-12-16 18:29 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-31 01:01 . 2009-04-13 21:16 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2009-03-31 01:01 . 2009-04-13 21:16 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-03-16 23:42 . 2009-03-16 23:42 524288 ----a-w- c:\windows\opuc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-07-02 163840]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-08-09 81920]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2005-06-08 69632]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2005-11-01 242688]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-11-01 61440]
"RemoteControl"="c:\program files\CyberLink Codec\PDVDServ.exe" [2004-07-15 32768]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-11-10 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-10 602182]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\fjdvrupd.exe" [2006-02-17 303104]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-09 148888]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-11-17 88203]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2005-12-09 15691264]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [2009-4-12 25214]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12/21/2007 8:21 AM 468224]
R2 FlashDrv;FlashDrv;c:\progra~1\Fujitsu\FlashAid\FlashDrv.sys [12/16/2005 6:17 PM 7196]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [12/16/2005 1:50 PM 4864]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [11/18/1999 5:20 PM 3872]
S3 AVUSBPVR;AVerMedia USB MPEG-2 Capture Device;c:\windows\system32\drivers\avusbpvr.sys [12/16/2005 5:56 PM 1947264]
S3 bioschk;FPC BIOS Check Driver;c:\windows\system32\drivers\bioschk.sys [4/10/2009 1:41 PM 3909]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-08 23:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-4211940775-4122393118-504975954-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5
977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f3,12,12,0f,a5,2b,2a,45,9d,66,e5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839
E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f3,12,12,0f,a5,2b,2a,45,9d,66,e5,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1348)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2120)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-09 23:56
ComboFix-quarantined-files.txt 2009-06-09 04:56
Pre-Run: 56,131,862,528 bytes free
Post-Run: 56,132,554,752 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
204 --- E O F --- 2009-05-14 12:28