This is my log after running ComboFix. Is this a proper place to post it?
I don't want to be undecent.
ComboFix 09-12-24.02 - ljuba stojanovic 12/24/2009 21:06:48.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.434 [GMT 1:00]
Running from: c:\documents and settings\ljuba stojanovic\Desktop\ComboFix.exe
AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-561435748-2964645-2904320356-500
.
((((((((((((((((((((((((( Files Created from 2009-11-24 to 2009-12-24 )))))))))))))))))))))))))))))))
.
2009-12-24 19:02 . 2009-12-24 19:02 -------- d-----w- c:\documents and settings\ljuba stojanovic\Application Data\Malwarebytes
2009-12-24 19:02 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-24 19:02 . 2009-12-24 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-24 19:02 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-24 19:02 . 2009-12-24 19:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-24 18:02 . 2009-12-24 18:02 52224 ----a-w- c:\documents and settings\ljuba stojanovic\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-24 18:02 . 2009-12-24 18:02 117760 ----a-w- c:\documents and settings\ljuba stojanovic\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-24 18:01 . 2009-12-24 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-24 18:01 . 2009-12-24 18:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-24 18:01 . 2009-12-24 18:01 -------- d-----w- c:\documents and settings\ljuba stojanovic\Application Data\SUPERAntiSpyware.com
2009-12-24 18:00 . 2009-12-24 18:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-24 17:24 . 2009-12-24 17:24 -------- d-----w- c:\program files\CCleaner
2009-12-23 17:39 . 2009-12-23 17:40 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-21 16:58 . 2009-12-24 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-21 16:58 . 2009-12-21 17:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-14 17:04 . 2009-12-24 20:09 704512 ----a-w- c:\windows\system32\drivers\dgyzk.sys
2009-12-08 18:54 . 2009-12-08 18:54 -------- d-----w- c:\windows\Sun
2009-11-24 20:20 . 2009-11-24 20:21 -------- d-----w- C:\xampp_folder
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 19:42 . 2009-11-10 18:01 -------- d-----w- c:\documents and settings\ljuba stojanovic\Application Data\Skype
2009-12-24 19:41 . 2008-08-26 08:10 3216 ----a-w- c:\windows\system32\encobject.dat
2009-12-24 17:08 . 2007-09-19 06:41 -------- d-----w- c:\program files\Java
2009-12-24 16:51 . 2009-11-11 16:58 79488 ----a-w- c:\documents and settings\ljuba stojanovic\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-23 19:07 . 2009-11-10 18:02 -------- d-----w- c:\documents and settings\ljuba stojanovic\Application Data\skypePM
2009-12-21 16:49 . 2007-09-19 06:49 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2009-11-19 21:21 . 2007-09-19 06:48 -------- d-----w- c:\program files\Picasa2
2009-11-19 21:20 . 2009-11-19 21:20 -------- d-----w- c:\program files\Google
2009-11-10 21:51 . 2009-11-10 21:50 -------- d-----w- c:\program files\The KMPlayer
2009-11-10 21:51 . 2009-11-10 21:51 -------- d-----w- c:\program files\Ask.com
2009-11-10 21:11 . 2009-11-10 21:09 -------- d-----w- c:\program files\ICQ6.5
2009-11-10 21:11 . 2009-11-10 21:09 -------- d-----w- c:\documents and settings\ljuba stojanovic\Application Data\ICQ
2009-11-10 21:10 . 2009-11-10 21:10 -------- d-----w- c:\program files\ICQ6Toolbar
2009-11-10 21:10 . 2007-09-19 06:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-10 21:10 . 2009-11-10 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2009-11-10 19:44 . 2009-11-10 19:43 -------- d-----w- c:\program files\NetBeans 6.7.1
2009-11-10 18:04 . 2009-11-10 18:04 0 ----a-w- c:\windows\nsreg.dat
2009-11-10 18:02 . 2009-11-10 18:02 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-10 18:01 . 2009-11-10 18:01 -------- d-----r- c:\program files\Skype
2009-11-10 18:01 . 2009-11-10 18:01 -------- d-----w- c:\program files\Common Files\Skype
2009-11-10 18:01 . 2009-11-10 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-10-30 00:29 . 2009-10-30 00:29 2146304 ----a-w- c:\windows\system32\GPhotos.scr
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 16:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-16 2002160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"Mouse Suite 98 Daemon"="ICO.EXE" [2005-04-13 49152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-07-04 110592]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-06-18 69632]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-04-24 949376]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-24 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 136600]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BOOKcase 4.0.lnk - c:\program files\TEXTware\BOOKcase40\BC40CASE.exe [2008-6-16 426028]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-06-18 17:06 49152 ----a-w- c:\program files\Lenovo\AwayTask\AwayNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\ljuba stojanovic\\Desktop\\pdt-all-in-one-S20071213_M1-win32\\eclipse\\eclipse.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\xampp_folder\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp_folder\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\xampp_folder\\xampp\\FileZillaFTP\\FileZilla Server.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/1/2008 6:37 AM 96520]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [4/24/2009 4:32 AM 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 4:26 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 74480]
R2 Apache2.2;Apache2.2;c:\xampp_folder\xampp\apache\bin\httpd.exe [11/24/2009 9:21 PM 24640]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/1/2008 6:36 AM 282904]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/1/2008 6:37 AM 75272]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [11/10/2009 10:10 PM 222968]
R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [3/14/2006 12:05 AM 58368]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 11:55 PM 3968]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 7408]
--- Other Services/Drivers In Memory ---
*Deregistered* - dgyzk
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\ljuba stojanovic\Application Data\Mozilla\Firefox\Profiles\f73stfbn.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
.
- - - - ORPHANS REMOVED - - - -
Notify-NavLogon - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-24 21:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dgyzk]
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(944)
c:\windows\system32\tvt_gina.dll
c:\program files\Lenovo\Client Security Solution\css_gina_plugin.dll
c:\program files\Lenovo\Client Security Solution\css_wait_bar.dll
c:\program files\Lenovo\Client Security Solution\cssuserdatadispatcher.dll
c:\program files\Lenovo\Client Security Solution\csswait.dll
c:\program files\Common Files\Lenovo\tvt_banner.dll
c:\program files\Lenovo\Client Security Solution\cssdlgpwentry.dll
c:\program files\Lenovo\Client Security Solution\dlganswerprompt.dll
c:\program files\Lenovo\Client Security Solution\tvttsp.dll
c:\program files\Lenovo\Client Security Solution\tcsrpc.dll
c:\program files\Common Files\Lenovo\tvt_res.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll
- - - - - - - > 'lsass.exe'(1000)
c:\windows\system32\imon.dll
- - - - - - - > 'explorer.exe'(5116)
c:\windows\system32\PROCHLP.DLL
c:\windows\system32\msi.dll
.
Completion time: 2009-12-24 21:10:25
ComboFix-quarantined-files.txt 2009-12-24 20:10
Pre-Run: 44,132,012,032 bytes free
Post-Run: 44,117,635,072 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 1A9C9C18FE1B591CD4D0CA8464C85E27