View Single Post

hells3000 · 12-23-2008, 03:42 AM

Malwarebytes' Anti-Malware 1.31
Database version: 1533
Windows 5.1.2600 Service Pack 3

12/22/2008 6:41:06 PM
mbam-log-2008-12-22 (18-41-06).txt

Scan type: Quick Scan
Objects scanned: 52464
Time elapsed: 15 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ComboFix 08-12-21.04 - Gustavo 2008-12-22 18:12:58.4 - NTFSx86
Running from: c:\documents and settings\Gustavo\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-11-23 to 2008-12-23 )))))))))))))))))))))))))))))))
.

2008-12-22 14:19 . 2002-04-15 22:13 245,760 --a------ c:\windows\Matrix Code Emulator.scr
2008-12-21 20:55 . 2008-12-21 21:00 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-21 20:55 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-21 20:55 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-19 18:55 . 2008-12-19 19:00 <DIR> d-------- c:\program files\DFX
2008-12-15 20:10 . 2008-12-15 20:10 <DIR> d-------- c:\windows\system32\AGEIA
2008-12-15 20:10 . 2008-12-15 20:10 <DIR> d-------- c:\program files\AGEIA Technologies
2008-12-15 20:07 . 2008-10-07 13:33 453,152 --a------ c:\windows\system32\nvudisp.exe
2008-12-15 20:07 . 2008-12-22 16:41 200,819 --a------ c:\windows\system32\nvapps.xml
2008-12-15 20:07 . 2008-10-07 13:33 18,477 --a------ c:\windows\system32\nvdisp.nvu
2008-12-15 20:04 . 2008-10-02 10:07 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2008-12-15 18:40 . 2008-12-15 18:41 <DIR> d-------- c:\documents and settings\Administrator
2008-12-15 17:43 . 2008-12-15 20:16 <DIR> d-------- c:\windows\nview
2008-12-15 15:29 . 2008-12-15 15:28 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-15 15:22 . 2008-02-28 12:26 1,414,440 --a------ c:\windows\system32\ShellManager310E2D762.dll
2008-12-15 15:22 . 2008-02-28 12:01 774,144 --a------ c:\windows\system32\NEROINSTAEC43759.DB
2008-12-13 16:13 . 2008-12-13 16:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\SwiftKit
2008-12-05 14:46 . 2008-12-05 14:46 <DIR> d-------- c:\documents and settings\Gustavo\Application Data\TuneUp Software
2008-12-05 14:46 . 2008-12-05 14:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2008-12-05 14:45 . 2008-12-05 14:45 <DIR> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2008-12-03 18:28 . 2008-12-03 18:28 38 --a------ c:\windows\avisplitter.INI
2008-11-28 19:32 . 2008-11-28 19:34 <DIR> d-------- c:\windows\NV36442096.TMP
2008-11-28 19:24 . 2008-11-28 19:24 <DIR> d-------- c:\program files\SystemRequirementsLab
2008-11-28 19:24 . 2008-11-28 19:24 <DIR> d-------- c:\documents and settings\Gustavo\Application Data\SystemRequirementsLab
2008-11-27 13:56 . 2008-11-27 14:15 <DIR> d-------- c:\windows\system32\QuickTime
2008-11-27 13:56 . 2008-07-10 14:56 107,864 --a------ c:\windows\system32\tsccvid.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-12-22 22:43 --------- d-----w c:\documents and settings\Gustavo\Application Data\uTorrent
2008-12-22 04:54 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2008-12-22 04:43 --------- d-----w c:\program files\HP
2008-12-20 02:59 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-19 12:13 31 ----a-w c:\documents and settings\Gustavo\jagex_runescape_preferences.dat
2008-12-19 11:40 --------- d-----w c:\documents and settings\Gustavo\Application Data\mIRC
2008-12-16 01:29 --------- d-----w c:\program files\Windows Desktop Search
2008-12-15 23:42 --------- d-----w c:\program files\Steam
2008-12-15 23:34 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-15 23:26 --------- d-----w c:\program files\Common Files\Nero
2008-12-15 23:26 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-12-15 23:10 --------- d-----w c:\program files\Java
2008-12-15 23:05 --------- d-----w c:\program files\Common Files\AVSMedia
2008-12-15 23:04 --------- d-----w c:\program files\AVS4YOU
2008-12-15 09:49 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-14 17:49 --------- d-----w c:\program files\uTorrent
2008-12-03 01:08 --------- d-----w c:\documents and settings\Gustavo\Application Data\HPAppData
2008-11-28 04:22 --------- d-----w c:\program files\EPSON
2008-11-28 01:01 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-21 04:22 --------- d-----w c:\program files\Yahoo!
2008-11-21 04:22 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-11-15 07:08 --------- d-----w c:\documents and settings\Gustavo\Application Data\AVS4YOU
2008-11-11 02:30 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-10-31 04:15 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-10-31 04:14 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-30 21:14 117,888 ----a-w c:\windows\system32\drivers\Rtenicxp.sys
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 22:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 22:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-12 21:40 5,068,152 ----a-w c:\windows\system32\SpoonUninstall.exe
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-01 00:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-28 03:40 16,376 ----a-w c:\windows\gdrv.sys
.

------- Sigcheck -------

2007-10-30 08:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 03:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-04-02 21:58 360064 482ab7f9cd41702e8f856c11cfefb02d c:\windows\$NtServicePackUninstall$\tcpip.sys
2006-02-28 04:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB941644$\tcpip.sys
2008-04-13 11:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys
2008-04-13 11:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\TCPIP.SYS
2008-09-28 00:19 361600 d24ea301e2b36c4e975fd216ca85d8e7 c:\windows\system32\dllcache\TCPIP.SYS
2008-09-28 00:19 361600 d24ea301e2b36c4e975fd216ca85d8e7 c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( snapshot@2008-12-22_15.42.08.68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-23 00:37:46 16,384 ----atw c:\windows\temp\Perflib_Perfdata_5d4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-06-10 1447168]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-10-07 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-09-27 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-09-27 23:32 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Steam\\steamapps\\hells3000\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\Russobit-M\\Worms Armageddon\\WA.exe"=
"e:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe"=
"e:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Online\\System\\SCDA_online.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"57550:TCP"= 57550:TCP

ando P2P TCP Listening Port
"57550:UDP"= 57550:UDP

ando P2P UDP Listening Port

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-02-29 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-02-29 55024]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET Smart Security\ekrn.exe" [2008-06-10 468224]
S2 FAH@C:+Documents and Settings+Gustavo+Desktop+FAH504-Console.exe;FAH@C:+Documents and Settings+Gustavo+Desktop+FAH504-Console.exe;c:\documents and settings\Gustavo\Desktop\FAH504-Console.exe -svcstart []
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-06 33752]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system3 2\drivers\mbamswissarmy.sys [2008-12-21 38496]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Gustavo\Application Data\Mozilla\Firefox\Profiles\woaod1xm.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: e:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: e:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: e:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: e:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: e:\program files\VideoLAN\VLC\npvlc.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 18:15:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet006\Services\F AH@C:+Documents and Settings+Gustavo+Desktop+FAH504-Console.exe]
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(980)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2008-12-22 18:18:23
ComboFix-quarantined-files.txt 2008-12-23 02:17:18
ComboFix2.txt 2008-12-22 23:44:07
ComboFix3.txt 2008-12-15 22:12:17

Pre-Run: 1,142,509,568 bytes free
Post-Run: 1,123,618,816 bytes free

173 --- E O F --- 2008-12-18 11:02:53

12-23-2008, 03:42 AM	#6 (permalink)
hells3000 Platinum Member Join Date: Sep 2005 Location: In My House Posts: 948	Malwarebytes' Anti-Malware 1.31 Database version: 1533 Windows 5.1.2600 Service Pack 3 12/22/2008 6:41:06 PM mbam-log-2008-12-22 (18-41-06).txt Scan type: Quick Scan Objects scanned: 52464 Time elapsed: 15 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ComboFix 08-12-21.04 - Gustavo 2008-12-22 18:12:58.4 - NTFSx86 Running from: c:\documents and settings\Gustavo\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-11-23 to 2008-12-23 ))))))))))))))))))))))))))))))) . 2008-12-22 14:19 . 2002-04-15 22:13 245,760 --a------ c:\windows\Matrix Code Emulator.scr 2008-12-21 20:55 . 2008-12-21 21:00 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-21 20:55 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-21 20:55 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-19 18:55 . 2008-12-19 19:00 <DIR> d-------- c:\program files\DFX 2008-12-15 20:10 . 2008-12-15 20:10 <DIR> d-------- c:\windows\system32\AGEIA 2008-12-15 20:10 . 2008-12-15 20:10 <DIR> d-------- c:\program files\AGEIA Technologies 2008-12-15 20:07 . 2008-10-07 13:33 453,152 --a------ c:\windows\system32\nvudisp.exe 2008-12-15 20:07 . 2008-12-22 16:41 200,819 --a------ c:\windows\system32\nvapps.xml 2008-12-15 20:07 . 2008-10-07 13:33 18,477 --a------ c:\windows\system32\nvdisp.nvu 2008-12-15 20:04 . 2008-10-02 10:07 453,152 --a------ c:\windows\system32\NVUNINST.EXE 2008-12-15 18:40 . 2008-12-15 18:41 <DIR> d-------- c:\documents and settings\Administrator 2008-12-15 17:43 . 2008-12-15 20:16 <DIR> d-------- c:\windows\nview 2008-12-15 15:29 . 2008-12-15 15:28 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-15 15:22 . 2008-02-28 12:26 1,414,440 --a------ c:\windows\system32\ShellManager310E2D762.dll 2008-12-15 15:22 . 2008-02-28 12:01 774,144 --a------ c:\windows\system32\NEROINSTAEC43759.DB 2008-12-13 16:13 . 2008-12-13 16:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\SwiftKit 2008-12-05 14:46 . 2008-12-05 14:46 <DIR> d-------- c:\documents and settings\Gustavo\Application Data\TuneUp Software 2008-12-05 14:46 . 2008-12-05 14:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software 2008-12-05 14:45 . 2008-12-05 14:45 <DIR> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2008-12-03 18:28 . 2008-12-03 18:28 38 --a------ c:\windows\avisplitter.INI 2008-11-28 19:32 . 2008-11-28 19:34 <DIR> d-------- c:\windows\NV36442096.TMP 2008-11-28 19:24 . 2008-11-28 19:24 <DIR> d-------- c:\program files\SystemRequirementsLab 2008-11-28 19:24 . 2008-11-28 19:24 <DIR> d-------- c:\documents and settings\Gustavo\Application Data\SystemRequirementsLab 2008-11-27 13:56 . 2008-11-27 14:15 <DIR> d-------- c:\windows\system32\QuickTime 2008-11-27 13:56 . 2008-07-10 14:56 107,864 --a------ c:\windows\system32\tsccvid.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-12-22 22:43 --------- d-----w c:\documents and settings\Gustavo\Application Data\uTorrent 2008-12-22 04:54 --------- d-----w c:\program files\Common Files\DVDVideoSoft 2008-12-22 04:43 --------- d-----w c:\program files\HP 2008-12-20 02:59 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-12-19 12:13 31 ----a-w c:\documents and settings\Gustavo\jagex_runescape_preferences.dat 2008-12-19 11:40 --------- d-----w c:\documents and settings\Gustavo\Application Data\mIRC 2008-12-16 01:29 --------- d-----w c:\program files\Windows Desktop Search 2008-12-15 23:42 --------- d-----w c:\program files\Steam 2008-12-15 23:34 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-15 23:26 --------- d-----w c:\program files\Common Files\Nero 2008-12-15 23:26 --------- d-----w c:\documents and settings\All Users\Application Data\Nero 2008-12-15 23:10 --------- d-----w c:\program files\Java 2008-12-15 23:05 --------- d-----w c:\program files\Common Files\AVSMedia 2008-12-15 23:04 --------- d-----w c:\program files\AVS4YOU 2008-12-15 09:49 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-12-14 17:49 --------- d-----w c:\program files\uTorrent 2008-12-03 01:08 --------- d-----w c:\documents and settings\Gustavo\Application Data\HPAppData 2008-11-28 04:22 --------- d-----w c:\program files\EPSON 2008-11-28 01:01 --------- d-----w c:\program files\Common Files\InstallShield 2008-11-21 04:22 --------- d-----w c:\program files\Yahoo! 2008-11-21 04:22 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! 2008-11-15 07:08 --------- d-----w c:\documents and settings\Gustavo\Application Data\AVS4YOU 2008-11-11 02:30 73,216 ----a-w c:\windows\ST6UNST.EXE 2008-10-31 04:15 --------- d-----w c:\documents and settings\All Users\Application Data\HP 2008-10-31 04:14 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-10-30 21:14 117,888 ----a-w c:\windows\system32\drivers\Rtenicxp.sys 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 22:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 22:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll 2008-10-12 21:40 5,068,152 ----a-w c:\windows\system32\SpoonUninstall.exe 2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-10-01 00:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-28 03:40 16,376 ----a-w c:\windows\gdrv.sys . ------- Sigcheck ------- 2007-10-30 08:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2008-06-20 03:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys 2008-04-02 21:58 360064 482ab7f9cd41702e8f856c11cfefb02d c:\windows\$NtServicePackUninstall$\tcpip.sys 2006-02-28 04:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB941644$\tcpip.sys 2008-04-13 11:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys 2008-04-13 11:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\TCPIP.SYS 2008-09-28 00:19 361600 d24ea301e2b36c4e975fd216ca85d8e7 c:\windows\system32\dllcache\TCPIP.SYS 2008-09-28 00:19 361600 d24ea301e2b36c4e975fd216ca85d8e7 c:\windows\system32\drivers\TCPIP.SYS . ((((((((((((((((((((((((((((( snapshot@2008-12-22_15.42.08.68 ))))))))))))))))))))))))))))))))))))))))) . + 2008-12-23 00:37:46 16,384 ----atw c:\windows\temp\Perflib_Perfdata_5d4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-06-10 1447168] "SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-10-07 86016] "RTHDCPL"="RTHDCPL.EXE" [2007-09-19 c:\windows\RTHDCPL.exe] "nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520] [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-09-27 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-09-27 23:32 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\Steam\\steamapps\\hells3000\\half-life 2 deathmatch\\hl2.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "e:\\Program Files\\Russobit-M\\Worms Armageddon\\WA.exe"= "e:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe"= "e:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Online\\System\\SCDA_online.exe"= "e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "57550:TCP"= 57550:TCPando P2P TCP Listening Port "57550:UDP"= 57550:UDPando P2P UDP Listening Port R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-02-29 8944] R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-02-29 55024] R2 ekrn;Eset Service;"c:\program files\ESET\ESET Smart Security\ekrn.exe" [2008-06-10 468224] S2 FAH@C:+Documents and Settings+Gustavo+Desktop+FAH504-Console.exe;FAH@C:+Documents and Settings+Gustavo+Desktop+FAH504-Console.exe;c:\documents and settings\Gustavo\Desktop\FAH504-Console.exe -svcstart [] S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-06 33752] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system3 2\drivers\mbamswissarmy.sys [2008-12-21 38496] S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . ------- Supplementary Scan ------- . FF - ProfilePath - c:\documents and settings\Gustavo\Application Data\Mozilla\Firefox\Profiles\woaod1xm.default\ FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF - plugin: e:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF - plugin: e:\program files\Java\jre6\bin\new_plugin\npjp2.dll FF - plugin: e:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: e:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: e:\program files\VideoLAN\VLC\npvlc.dll . ************************************************ ******************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-22 18:15:52 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************** ******************** "ServiceDll"="c:\windows\system32\es.dll" [HKEY_LOCAL_MACHINE\system\ControlSet006\Services\F AH@C:+Documents and Settings+Gustavo+Desktop+FAH504-Console.exe] . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(980) c:\program files\SUPERAntiSpyware\SASWINLO.DLL . Completion time: 2008-12-22 18:18:23 ComboFix-quarantined-files.txt 2008-12-23 02:17:18 ComboFix2.txt 2008-12-22 23:44:07 ComboFix3.txt 2008-12-15 22:12:17 Pre-Run: 1,142,509,568 bytes free Post-Run: 1,123,618,816 bytes free 173 --- E O F --- 2008-12-18 11:02:53 __________________ NEC Display Solutions LCD2070NX-BK E2140 Antec Nine Hundred Black Steel Antec True Power Trio TP3-650 GA-P35-DS3L BFG Tech BFGE85256GTE GeForce 8500GT 256MB CORSAIR XMS2 2GB (2 x 1GB) (PC2 6400) FOLDING FOR THE GOOD OF MANKIND :F@H Team 44358**