(((((((((((((((((((((((((((((
SnapShot@2009-06-06_18.08.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-08 06:18 . 2009-06-08 06:18 16384 c:\windows\Temp\Perflib_Perfdata_1f4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Pando"="c:\program files\Pando Networks\Pando\Pando.exe" [2008-11-20 3647304]
"filehippo.com"="c:\program files\filehippo.com\UpdateChecker.exe" [2008-12-31 146432]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-27 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-22 185896]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-11 1947928]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-30 518488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
c:\documents and settings\John O Neill\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Indago Updater.lnk - c:\windows\Installer\{3F6114A3-2AAA-464B-98C1-9ABBBF5FCFAB}\Icon3F6114A34.exe [2009-3-12 8192]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-11 08:07 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
path=
backup=
[HKLM\~\startupfolder\C:^Documents and Settings^John O Neill^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
backup=c:\windows\pss\Memeo AutoSync Launcher.lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57879:TCP"= 57879:TCP:Pando P2P TCP Listening Port
"57879:UDP"= 57879:UDP:Pando P2P UDP Listening Port
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [09/03/2009 20:59 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20/11/2008 22:16 325896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [15/01/2009 17:17 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15/01/2009 17:17 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [31/01/2009 09:31 298776]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [29/07/2008 14:56 184968]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 20:19 13592]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15/01/2009 17:17 7408]
S2 gupdate1c9b50127445d1a;Google Update Service (gupdate1c9b50127445d1a);c:\program files\Google\Update\GoogleUpdate.exe [04/04/2009 09:41 133104]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [06/11/2007 12:08 12288]
.
Contents of the 'Scheduled Tasks' folder
2009-06-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 17:38]
2009-06-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-06-08 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 08:41]
2009-06-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
2009-06-08 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 16:20]
2009-06-04 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 16:20]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%sIE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} -
hxxp://static.photobox.co.uk/sg/common/ImageUploader4.cabDPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} -
hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090602074935DPF: {37A8A17B-2DDC-4600-BBC6-538C10AED8C0} -
hxxp://htmlupload.silverwire.de/upload/JavaActiveX/ImageUploader4.cab.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-08 21:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(548)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-06-08 21:59
ComboFix-quarantined-files.txt 2009-06-08 20:59
ComboFix2.txt 2009-06-06 18:45
ComboFix3.txt 2009-06-06 18:11
Pre-Run: 21,739,347,968 bytes free
Post-Run: 22,212,067,328 bytes free
291 --- E O F --- 2009-06-04 23:35