Hello Pleanie.
Open HijackThis and select Do a system scan only
Place a check mark next to the following entries: (if there)
- O20 - AppInit_DLLs: c:\windows\system32\suwunahe.dll,sesotoja.dll
- O21 - SSODL: jilonatiz - {48e5a3c4-6b75-406c-82fb-3b31df9bd9c9} - (no file)
- O22 - SharedTaskScheduler: gahurihor - {48e5a3c4-6b75-406c-82fb-3b31df9bd9c9} - (no file)
Important: Close all open windows except for HijackThis and then click Fix checked.
Once completed, exit HijackThis.
----------
If you already have ComboFix be sure to delete it and download a new copy.
Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.
Link #1
Link #2
**Note: It is important that it is saved directly to your Desktop
Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.
Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
If you have problems with ComboFix usage, see How to use ComboFix
Here you go
ComboFix 10-01-26.02 - Owner 01/26/2010 19:11:11.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.481 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-12-27 to 2010-01-27 )))))))))))))))))))))))))))))))
.
2010-01-26 06:41 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-26 06:41 . 2010-01-26 06:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-26 06:41 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-26 05:48 . 2010-01-26 05:48 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-26 05:47 . 2010-01-26 05:47 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-26 05:47 . 2010-01-26 05:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-26 05:47 . 2010-01-26 05:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-26 05:47 . 2010-01-26 05:47 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-01-26 05:46 . 2010-01-26 05:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-25 16:22 . 2010-01-26 05:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-25 16:22 . 2010-01-26 05:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-22 19:16 . 2010-01-22 19:16 -------- d-----w- c:\program files\Trend Micro
2010-01-21 16:36 . 2010-01-21 16:36 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-21 16:36 . 2010-01-21 16:36 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2010-01-21 16:36 . 2010-01-26 22:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-21 05:10 . 2010-01-27 00:16 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PMB Files
2010-01-21 05:10 . 2010-01-26 21:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-01-21 05:10 . 2010-01-21 05:10 -------- d-----w- c:\program files\Pando Networks
2010-01-19 21:30 . 2009-11-25 18:01 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-01-19 15:07 . 2010-01-19 15:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-18 00:50 . 2010-01-18 00:50 -------- d-----w- c:\program files\Redbana
2010-01-16 06:11 . 2010-01-17 21:39 96 ---ha-w- c:\windows\system32\HsInfo.dat
2010-01-16 06:02 . 2010-01-16 06:02 -------- d-----w- C:\alaplaya
2010-01-16 00:33 . 2010-01-27 00:16 -------- d-----w- c:\program files\Common Files\Akamai
2010-01-10 03:33 . 2008-10-10 09:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-01-10 03:32 . 2005-05-26 20:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-01-10 03:31 . 2010-01-10 03:32 -------- d--h--w- c:\windows\msdownld.tmp
2010-01-10 03:31 . 2010-01-10 03:33 -------- d-----w- c:\windows\Logs
2010-01-04 16:54 . 2010-01-20 02:03 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Adobe
2010-01-04 16:54 . 2010-01-04 16:54 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-04 16:35 . 2010-01-04 16:35 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Identities
2009-12-31 20:19 . 2010-01-26 20:37 0 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\prvlcl.dat
2009-12-31 20:17 . 2009-12-31 20:17 -------- d-----w- c:\windows\Sun
2009-12-31 20:16 . 2009-12-31 20:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-31 20:16 . 2009-12-31 20:16 -------- d-----w- c:\program files\Java
2009-12-31 20:16 . 2009-12-31 20:16 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-31 20:16 . 2009-12-31 20:16 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-30 02:25 . 2009-12-30 02:30 -------- d-----w- c:\documents and settings\Owner\Application Data\NeopleLauncherDFO
2009-12-30 02:17 . 2009-12-30 02:17 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AVG Security Toolbar
2009-12-30 02:16 . 2009-12-30 02:16 -------- d-----w- C:\$AVG
2009-12-30 02:16 . 2009-12-30 02:16 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-30 02:16 . 2009-12-30 02:16 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-30 02:16 . 2009-12-30 02:16 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-30 02:16 . 2009-12-30 02:16 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-30 02:16 . 2010-01-26 22:36 -------- d-----w- c:\windows\system32\drivers\Avg
2009-12-30 02:16 . 2010-01-19 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-12-30 02:16 . 2009-12-30 02:16 -------- d-----w- c:\program files\AVG
2009-12-30 02:16 . 2009-12-30 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-30 02:13 . 2009-12-30 02:13 -------- d-----w- c:\program files\CCleaner
2009-12-30 02:09 . 2010-01-26 06:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-12-30 02:09 . 2010-01-26 06:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-30 01:53 . 2010-01-26 21:38 -------- d-----w- C:\Nexon
2009-12-30 01:53 . 2010-01-26 21:38 393216 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2009-12-30 01:53 . 2010-01-26 21:38 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2009-12-30 01:53 . 2010-01-26 21:38 118784 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2009-12-30 01:53 . 2009-12-30 01:53 90112 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2009-12-30 01:53 . 2010-01-26 21:38 561152 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2009-12-30 01:53 . 2010-01-26 21:38 167936 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2009-12-30 01:53 . 2009-12-30 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonUS
2009-12-30 01:40 . 2009-12-30 01:40 0 ----a-w- c:\windows\nsreg.dat
2009-12-30 01:40 . 2009-12-30 01:40 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2009-12-29 20:34 . 2008-04-13 18:39 5376 -c--a-w- c:\windows\system32\dllcache\mspclock.sys
2009-12-29 20:29 . 2010-01-18 00:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-29 20:29 . 2009-12-29 20:29 -------- d-----w- c:\program files\VIA
2009-12-29 20:29 . 2009-12-29 20:34 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-29 20:28 . 2004-07-07 03:45 60672 ----a-w- c:\windows\system32\drivers\viamraid.sys
2009-12-28 23:49 . 2010-01-26 06:16 20456 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-25 19:52 . 2006-02-28 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-29 20:34 . 2009-12-29 20:34 -------- d-----w- c:\program files\Realtek Sound Manager
2009-12-29 20:34 . 2009-12-29 20:34 -------- d-----w- c:\program files\AvRack
2009-12-29 20:34 . 2009-12-29 20:34 -------- d-----w- c:\program files\Realtek AC97
2009-12-28 22:51 . 2009-12-28 22:51 -------- d-----w- c:\program files\microsoft frontpage
2009-12-28 22:48 . 2009-12-28 22:48 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-28 21:27 . 2009-12-28 22:50 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-21 19:14 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 15:51 . 2006-02-28 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-01-26 2937528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-31 2033432]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-31 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-30 02:16 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Nexon\\DFO\\DFO.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Nexon\\PopTag\\CA.exe"=
"c:\\Nexon\\PopTag\\NMCOSrv.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56891:TCP"= 56891:TCP:Pando Media Booster
"56891:UDP"= 56891:UDP:Pando Media Booster
"57814:TCP"= 57814:TCP:Pando Media Booster
"57814:UDP"= 57814:UDP:Pando Media Booster
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/29/2009 9:16 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/29/2009 9:16 PM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2/28/2006 7:00 AM 14336]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [12/29/2009 9:16 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/29/2009 9:16 PM 285392]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
S3 XDva310;XDva310;\??\c:\windows\system32\XDva310.sys --> c:\windows\system32\XDva310.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
2010-01-27 c:\windows\Tasks\User_Feed_Synchronization-{317D9D5A-8E20-40D2-B5D1-C7E2828238C6}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ujuc4ame.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.
enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "
http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugi
n", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-01-26 19:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(640)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(2344)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SOUNDMAN.EXE
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-26 19:18:57 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-27 00:18
Pre-Run: 235,131,940,864 bytes free
Post-Run: 235,103,506,432 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 8E7246D4DF152B798A36CF6A5B18472A