Here is the log
I am away from 31st to 18th - please advise what to do after that time? PC will be off of course.
Thanks
ComboFix 08-07-23.5 - Martin 2008-07-29 19:14:34.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.558 [GMT 1:00]
Running from: Cá:\Documents and Settings\Martin\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-29 )))))))))))))))))))))))))))))))
.
2008-07-29 19:23 . 2008-07-29 19:23 5,311 --a------ C:\huadio.tmp
2008-07-28 19:06 . 2008-07-28 19:06 <DIR> d-------- C:\Program Files\COMODO
2008-07-28 19:06 . 2008-07-28 19:06 <DIR> d-------- C:\Documents and Settings\Martin\Application Data\Comodo
2008-07-28 19:06 . 2008-07-28 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-07-28 19:06 . 2008-07-28 19:06 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-07-28 19:06 . 2008-07-28 19:06 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-07-28 19:06 . 2008-07-28 19:06 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-07-28 08:06 . 2008-07-28 08:10 250 --a------ C:\WINDOWS\gmer.ini
2008-07-27 18:27 . 2008-07-27 18:27 <DIR> d-------- C:\Program Files\Avira
2008-07-27 18:27 . 2008-07-27 18:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-23 20:08 . 2008-07-23 20:08 <DIR> d-------- C:\Deckard
2008-07-22 22:14 . 2008-07-22 22:14 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-22 22:14 . 2008-07-22 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-18 20:24 . 2008-07-18 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-18 20:17 . 2008-07-18 20:17 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-18 20:17 . 2008-07-18 20:17 <DIR> d-------- C:\Documents and Settings\Martin\Application Data\SUPERAntiSpyware.com
2008-07-18 08:36 . 2008-07-18 08:36 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-18 08:31 . 2008-07-18 09:12 <DIR> d-------- C:\Program Files\NOS
2008-07-18 08:31 . 2008-07-18 09:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-17 18:15 . 2008-07-17 18:15 <DIR> d-------- C:\Documents and Settings\Martin\Application Data\InstallShield
2008-07-17 18:15 . 2007-11-27 22:51 35,216 --a------ C:\WINDOWS\system32\drivers\TMPassthru.sys
2008-07-17 17:58 . 2008-07-17 17:58 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-16 19:00 . 2008-07-16 19:00 <DIR> d-------- C:\Documents and Settings\Martin\Application Data\vlc
2008-07-16 18:23 . 2008-07-16 18:23 <DIR> d-------- C:\Program Files\Secunia
2008-07-16 07:43 . 2008-07-16 07:43 <DIR> d-------- C:\Program Files\Panda Security
2008-07-16 07:43 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-15 22:49 . 2008-07-18 08:36 <DIR> d-------- C:\Program Files\SpywareGuard
2008-07-15 22:37 . 2008-07-15 22:38 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-07-15 17:44 . 2008-07-22 22:06 <DIR> d-------- C:\Program Files\Sophos
2008-07-15 07:30 . 2008-07-17 18:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-14 21:44 . 2008-07-14 21:44 <DIR> d-------- C:\Documents and Settings\Martin\Application Data\Malwarebytes
2008-07-14 21:43 . 2008-07-16 18:48 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-14 21:43 . 2008-07-14 21:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-14 21:43 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-14 21:43 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-13 08:04 . 2008-07-24 08:56 <DIR> d-------- C:\Documents and Settings\Martin\.housecall6.6
2008-07-08 21:25 . 2008-07-08 21:25 <DIR> d-------- C:\Documents and Settings\Martin\Application Data\Media Player Classic
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 19:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-18 07:42 --------- d-----w C:\Program Files\Orb Networks
2008-07-18 07:35 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-17 17:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-17 16:29 --------- d-----w C:\Program Files\Java
2008-07-17 06:38 --------- d-----w C:\Program Files\Replay AV 8
2008-07-16 20:13 --------- d-----w C:\Program Files\WinPcap
2008-07-16 17:54 --------- d-----w C:\Program Files\Opera
2008-07-15 21:48 --------- d-----w C:\Program Files\PeerGuardian2
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 20:29 --------- d-----w C:\Program Files\Common Files\L&H
2008-06-19 20:23 --------- d-----w C:\Program Files\Microsoft Reader
2008-06-16 08:31 7,808 ----a-w C:\WINDOWS\system32\drivers\psi_mf.sys
2008-06-14 10:12 --------- d-----w C:\Documents and Settings\Martin\Application Data\U3
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-02 17:04 --------- d-----w C:\Program Files\WMV9_VCM
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2006-02-23 07:16 34,048 ----a-w C:\Program Files\opera\program\plugins\upd62i9x.dll
2006-02-23 07:16 45,056 ----a-w C:\Program Files\opera\program\plugins\upd62int.dll
2005-07-14 18:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.
((((((((((((((((((((((((((((( snapshot@2008-07-24_20.45.11.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-28 07:06:49 884,736 ----a-w C:\WINDOWS\gmer.dll
+ 2008-04-17 20:13:02 811,008 ----a-r C:\WINDOWS\gmer.exe
- 2007-11-13 08:49:23 1,429,504 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-07-25 15:22:08 1,429,504 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-05-09 12:15:51 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 17:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-06-27 14:03:55 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2008-07-28 07:06:49 85,969 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
+ 2008-07-28 18:06:03 79,760 ----a-w C:\WINDOWS\system32\drivers\inspect.sys
+ 2007-03-01 09:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2007-12-13 23:02 96552 --a------ C:\Program Files\Nero\Nero\Nero8\InCD\NBHShx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 01:12 1695232]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 11:20 1079296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MaxBlastMonitor.exe"="C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2007-04-20 07:59 1169720]
"AcronisTimounterMonitor"="C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe" [2007-04-20 08:09 1945712]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-04-20 08:03 149024]
"Samsung LBP SM"="C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" [2003-04-04 09:40 266240]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"SecurDisc"="C:\Program Files\Nero\Nero\Nero8\InCD\NBHGui.exe" [2007-12-13 23:02 2048808]
"InCD"="C:\Program Files\Nero\Nero\Nero8\InCD\InCD.exe" [2007-12-13 23:02 1082152]
"NBKeyScan"="C:\Program Files\Nero\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 15:21 2213160]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"TMRUBottedTray"="C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2007-12-19 00:18 288088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-07-28 19:06 1655552]
"SoundMan"="SOUNDMAN.EXE" [2002-09-11 03:57 46592 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 01:12 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]
C:\Documents and Settings\Martin\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-05-27 17:48:52 542192]
gwum.lnk - C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe [2007-06-19 17:53:18 475136]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= C:\PROGRA~1\REPLAY~1\iac25_32.ax
"vidc.iv50"= C:\PROGRA~1\REPLAY~1\ir50_32.dll
"mixer"= APTRRNTm.dll
"wave"= APTRRNTm.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"18790:TCP"= 18790:TCP:OPERA TCP
"18790:UDP"= 18790:UDP:OPERA BT UDP
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-07-28 19:06]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-07-28 19:06]
R2 ETDrv;ETDrv;C:\WINDOWS\system32\drivers\ETDrv.sys [2002-04-17 10:15]
R2 GLOGODrv;GLOGODrv;C:\WINDOWS\system32\drivers\GLOGODrv.sys [2000-10-12 16:16]
R2 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2007-12-13 23:02]
R2 RUBotted;Trend Micro RUBotted Service;C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe [2007-12-19 00:18]
R3 TMPassthruMP;TMPassthruMP;C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2007-11-27 22:51]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2006-11-29 06:46]
S3 cpuz126;cpuz126;C:\Program Files\PC Wizard 2007\pcwiz32.sys [2006-12-14 14:00]
S3 D100IB;D100IB;C:\WINDOWS\system32\DRIVERS\D100IB5.SYS [2001-08-17 12:12]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe []
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\3.tmp []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 21:22]
S3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-06-16 09:31]
S3 TFBULK;Topfield USB client driver;C:\WINDOWS\system32\drivers\TfBulk.sys [2003-08-26 14:11]
S3 TMPassthru;Trend Micro Passthru Ndis Service;C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2007-11-27 22:51]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4569fd3e-0db1-11dc-b210-8fb19581a6d8}]
\Shell\AutoRun\command - I:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-20 21:44:36 C:\WINDOWS\Tasks\restart.job"
- C:\WINDOWS\system32\shutdown.exe
"2007-08-06 20:13:04 C:\WINDOWS\Tasks\shutdown.job"
- C:\WINDOWS\system32\shutdown.exe
"2008-07-29 17:08:11 C:\WINDOWS\Tasks\User_Feed_Synchronization-{5FA4598D-DC2F-4730-A566-6AB1D16E3BAF}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
.
------- Supplementary Scan -------
.
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-07-29 19:22:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\3.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Nero\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\guardgui.exe
.
**************************************************************************
.
Completion time: 2008-07-29 19:26:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-29 18:26:28
ComboFix2.txt 2008-07-25 15:44:31
ComboFix3.txt 2008-07-24 20:00:13
Pre-Run: 8,954,392,576 bytes free
Post-Run: 8,931,385,344 bytes free
233 --- E O F --- 2008-07-09 07:09:24