The new combofix log
ComboFix 07-12-02.7 - End User 2007-12-06 12:23:41.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.536 [GMT -5:00]
Running from: C:\Documents and Settings\End User\My Documents\AndrewI.exe
.
((((((((((((((((((((((((( Files Created from 2007-11-06 to 2007-12-06 )))))))))))))))))))))))))))))))
.
2007-12-04 12:56 . 2007-12-04 12:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-04 12:55 . 2007-12-04 17:07 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-04 12:55 . 2007-12-04 12:55 <DIR> d-------- C:\Documents and Settings\End User\Application Data\SUPERAntiSpyware.com
2007-12-04 12:40 . 2007-12-04 12:40 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-04 12:21 . 2007-12-04 12:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-04 12:21 . 2007-12-04 12:21 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-04 12:19 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-04 12:19 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-04 12:19 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-04 12:19 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-04 12:18 . 2007-12-06 12:14 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-04 12:18 . 2007-12-04 12:18 <DIR> d-------- C:\Documents and Settings\End User\Application Data\PC Tools
2007-12-04 12:18 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-30 14:53 . 2007-11-30 16:25 <DIR> d-------- C:\suspect
2007-11-30 14:53 . 2007-11-30 14:53 <DIR> d-------- C:\Documents and Settings\End User\Application Data\Grisoft
2007-11-30 14:52 . 2007-11-30 14:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-30 14:52 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-04 17:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-15 01:47 --------- d-----w C:\Documents and Settings\End User\Application Data\Xfire
2007-11-11 19:39 58,032 ----a-w C:\Documents and Settings\End User\Application Data\GDIPFONTCACHEV1.DAT
2007-10-28 01:20 --------- d-----w C:\Program Files\SwiftSwitch
2007-10-25 12:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\SwiftSwitch
2007-10-23 16:39 --------- d-----w C:\Program Files\Java
2007-10-22 15:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-22 15:43 --------- d-----w C:\Program Files\Acclaim
2007-10-21 14:55 --------- d-----w C:\Documents and Settings\End User\Application Data\Snapfish
2007-10-19 17:09 --------- d-----w C:\Program Files\World of Warcraft
2007-10-09 00:05 --------- d-s---w C:\Program Files\Xfire
2004-10-01 20:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((( snapshot@2007-12-04_17.22.47.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-06 16:54:59 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_664.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 20:07]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 08:42]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 20:07 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-02-13 08:05 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 20:07 C:\WINDOWS\system32\rundll32.exe]
"GameFace Messenger"="C:\Program Files\GameFace Messenger\GameFace.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 02:08 C:\WINDOWS\soundman.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"EPSON Stylus CX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.exe" [2005-02-08 04:00]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2001-10-05 19:34]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2001-08-23 16:52]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 23:41]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 10:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]
C:\Documents and Settings\End User\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-10-02 18:56:04]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 18:06:54]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys
S3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-08-31 12:47:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-12-06 12:27:43
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-12-06 12:29:32
C:\ComboFix2.txt ... 2007-12-06 12:17
C:\ComboFix3.txt ... 2007-12-04 18:30
.
--- E O F ---