hi, sorry about earlier - i did paste all the logs in the message but it was too long. at any rate, i have removed the other antivirus and left only avira. the following is the combofix log. i have to paste the hijackthis in the next post as again i have exceeded the #characters allowed per post. thanks again.
ComboFix 10-04-17.07 - default user 04/18/2010 23:12:01.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1333 [GMT -4:00]
Running from: c:\documents and settings\default user.YOUR-4105E587B6\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\TMExLogon.lnk
c:\documents and settings\All Users\Start Menu\Programs\Startup\TSBxLogon.lnk
c:\recycler\S-1-5-21-1708537768-308236825-839522115-1003
c:\recycler\S-1-5-21-3288127050-197847358-126776011-1003
c:\windows\asam.exe
c:\windows\Fonts\VNCHooks.dll
.
((((((((((((((((((((((((( Files Created from 2010-03-19 to 2010-04-19 )))))))))))))))))))))))))))))))
.
2010-04-18 16:10 . 2010-04-18 16:10 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-18 16:10 . 2010-04-18 16:10 -------- d-----w- c:\program files\Java
2010-04-18 14:30 . 2010-04-18 15:08 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..Z..Z.ZZ
2010-04-18 13:33 . 2010-04-18 14:29 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZZZ.ZZ.Z.ZZZZ
2010-04-17 22:36 . 2010-04-17 22:36 60672 ----a-w- c:\documents and settings\default user.YOUR-4105E587B6\Local Settings\Application Data\syssvc.exe
2010-04-17 22:34 . 2010-04-18 15:55 -------- d-----w- c:\documents and settings\default user.YOUR-4105E587B6\Local Settings\Application Data\vlwbxkhuf
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-19 03:03 . 2005-11-27 17:06 -------- d-----w- c:\program files\Common Files\Network Associates
2010-04-18 23:35 . 2009-03-26 02:17 117760 ----a-w- c:\documents and settings\default user.YOUR-4105E587B6\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-18 16:11 . 2005-04-10 09:34 -------- d-----w- c:\program files\Common Files\Java
2010-04-18 16:09 . 2010-04-18 16:09 0 ----a-w- c:\windows\system32\REN15.tmp
2010-04-18 16:09 . 2010-04-18 16:09 0 ----a-w- c:\windows\system32\REN14.tmp
2010-04-18 15:43 . 2009-03-26 01:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-18 05:22 . 2009-03-25 22:28 -------- d-----w- c:\program files\CCleaner
2010-04-18 03:43 . 2009-03-26 02:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-15 08:15 . 2007-12-20 13:59 -------- d-----w- c:\documents and settings\default user.YOUR-4105E587B6\Application Data\skypePM
2010-04-14 02:07 . 2008-06-18 14:36 -------- d-----w- c:\documents and settings\default user.YOUR-4105E587B6\Application Data\CameraWindowDC
2010-04-13 02:32 . 2007-10-12 22:20 -------- d-----w- c:\documents and settings\default user.YOUR-4105E587B6\Application Data\Skype
2010-04-08 02:07 . 2008-06-18 14:37 -------- d-----w- c:\documents and settings\default user.YOUR-4105E587B6\Application Data\ZoomBrowser EX
2010-03-30 04:46 . 2009-03-26 01:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45 . 2009-03-26 01:00 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-25 00:59 . 2009-11-25 01:09 79488 ----a-w- c:\documents and settings\default user.YOUR-4105E587B6\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-11 22:32 . 2006-11-08 15:07 -------- d-----w- c:\documents and settings\default user.YOUR-4105E587B6\Application Data\webex
2010-03-11 12:38 . 2004-08-04 08:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-04 08:00 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-04 08:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-03 17:24 . 2006-04-21 22:23 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-02-27 14:55 . 2005-11-27 17:05 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-27 01:52 . 2005-12-08 23:33 -------- d-----w- c:\program files\Citrix
2010-02-24 13:11 . 2004-08-04 08:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-21 23:50 . 2010-01-30 16:10 52224 ----a-w- c:\documents and settings\default user.YOUR-4105E587B6\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-17 13:10 . 2004-08-04 08:00 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 08:00 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-04 08:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 08:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.
------- Sigcheck -------
[-] 1999-12-07 01:00 . C23832AE8FB509D763120BA5C45DE657 . 120592 . . [5.00.2168.1] . . c:\windows\system32\appmgmts.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-11-12 21760296]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-19 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-22 126976]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-11-05 233534]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-04-10 98304]
"eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2006-12-20 1528880]
eFax 4.3.lnk - c:\program files\eFax Messenger 4.3\J2GTray.exe [2007-11-9 629248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2001-12-13 106560]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\CASEwise\\CM10\\BIN\\CorporateModeler.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys --> c:\windows\system32\drivers\mvstdi5x.sys [?]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [3/23/2009 2:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/28/2009 3:56 PM 108289]
R2 MSSQL$CASEWISE;MSSQL$CASEWISE;c:\program files\Microsoft SQL Server\MSSQL$CASEWISE\Binn\sqlservr.exe -sCASEWISE --> c:\program files\Microsoft SQL Server\MSSQL$CASEWISE\Binn\sqlservr.exe -sCASEWISE [?]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 7408]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 6:27 PM 135664]
S3 SQLAgent$CASEWISE;SQLAgent$CASEWISE;c:\program files\Microsoft SQL Server\MSSQL$CASEWISE\Binn\sqlagent.EXE -i CASEWISE --> c:\program files\Microsoft SQL Server\MSSQL$CASEWISE\Binn\sqlagent.EXE -i CASEWISE [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - FXTDYPOW
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*Deregistered* - fxtdypow
.
Contents of the 'Scheduled Tasks' folder
2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 22:27]
2010-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 22:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\default user.YOUR-4105E587B6\Application Data\Mozilla\Firefox\Profiles\rs5sy59y.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-asam - c:\windows\asam.exe
HKLM-Run-asam - c:\windows\asam.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-04-18 23:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????2?2?7?3??????? ?,?B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1080)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
Completion time: 2010-04-18 23:19:35
ComboFix-quarantined-files.txt 2010-04-19 03:19
ComboFix2.txt 2009-03-28 15:53
ComboFix3.txt 2009-03-28 00:32
Pre-Run: 7,881,080,832 bytes free
Post-Run: 7,851,368,448 bytes free
- - End Of File - - 1A9BF856131505ADD5BC15C62C2BEB44