Whoa that took some time.
11 viruses and 250+ malware....
I even did ipconfig /flushdns to make sure.
Anyways SAS update is still not working so I am suspecting their database site is down.
Anyways gonna try next 3 programs now.
ComboFix 08-09-20.05 - Cohadar 2008-09-21 15:39:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.620 [GMT 2:00]
Running from: C:\Documents and Settings\Damir\Desktop\Downloads\Opera\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Dalibor\My Documents\My Documents.url
C:\Documents and Settings\Dalibor\My Documents\My Music\My Music.url
C:\Documents and Settings\Dalibor\My Documents\My Pictures\My Pictures.url
C:\Documents and Settings\Dalibor\My Documents\My Videos\My Video.url
C:\Program Files\Common Files\icroso~1.net
C:\Program Files\Common Files\icroso~1.net\?icrosoft.NET\
C:\windows\racle~1
C:\windows\racle~1\?racle\
C:\windows\racle~1\ntvdm.exe
C:\Program Files\Common Files\sks~1\n?pdb.exe . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2008-08-21 to 2008-09-21 )))))))))))))))))))))))))))))))
.
2008-09-21 15:29 . 2008-09-21 15:29 <DIR> d-------- C:\VundoFix Backups
2008-09-21 15:11 . 2008-09-21 15:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-21 13:44 . 2008-09-21 13:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-09-21 13:04 . 2008-09-21 13:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-21 11:39 . 2008-09-21 11:39 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-21 11:22 . 2008-09-21 11:22 <DIR> d-------- C:\Program Files\Avira
2008-09-21 11:22 . 2008-09-21 11:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-21 11:13 . 2008-09-21 11:20 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-21 11:13 . 2008-09-21 11:13 <DIR> d-------- C:\Documents and Settings\Damir\Application Data\Malwarebytes
2008-09-21 11:13 . 2008-09-21 11:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-21 11:13 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-21 11:13 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-21 11:04 . 2008-09-21 15:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-21 11:04 . 2008-09-21 15:11 <DIR> d-------- C:\Documents and Settings\Damir\Application Data\SUPERAntiSpyware.com
2008-09-21 11:04 . 2008-09-21 11:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-21 01:19 . 2008-09-21 01:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BOC427
2008-09-21 01:19 . 2008-07-14 05:09 212,728 --a------ C:\WINDOWS\CMDLIC.DLL
2008-09-21 01:19 . 2008-07-14 05:09 205,560 --a------ C:\WINDOWS\UNBOC.EXE
2008-09-21 01:19 . 2004-08-04 14:00 22,528 --a------ C:\WINDOWS\system32\wsock32.dlb
2008-09-21 01:19 . 2008-09-21 15:47 7,526 --a------ C:\WINDOWS\BOC427.INI
2008-09-20 13:07 . 2008-09-20 22:54 <DIR> d-------- C:\Program Files\FreeNinjaSurfing
2008-09-14 21:33 . 2008-09-14 21:33 <DIR> d-------- C:\Program Files\Real Alternative
2008-09-06 21:02 . 2008-09-06 21:02 <DIR> d-------- C:\Documents and Settings\Damir\logs
2008-09-03 22:59 . 2008-09-03 22:59 <DIR> d-------- C:\Program Files\uTorrent
2008-09-03 22:59 . 2008-09-20 01:55 <DIR> d-------- C:\Documents and Settings\Damir\Application Data\uTorrent
2008-09-02 01:23 . 2008-09-02 01:23 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-09-02 01:23 . 2008-09-02 01:23 <DIR> d-------- C:\Program Files\FLV Player
2008-08-30 17:41 . 2008-08-30 17:41 <DIR> d-------- C:\WINDOWS\Eurobattle.net Installer
2008-08-30 17:25 . 2008-08-30 17:29 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-08-30 17:25 . 2008-08-30 17:39 76,941 --a------ C:\WINDOWS\War3Unin.dat
2008-08-30 17:25 . 2008-08-30 17:29 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-08-28 12:14 . 2008-08-28 12:14 <DIR> d-------- C:\Program Files\Bouml
2008-08-28 11:12 . 2008-08-28 11:12 21,992 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-08-28 11:09 . 2008-08-28 11:10 <DIR> d-------- C:\Program Files\Safari
2008-08-28 10:47 . 2008-08-28 10:48 <DIR> d-------- C:\Program Files\QuickTime
2008-08-28 10:47 . 2008-08-28 10:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-28 10:18 . 2008-08-28 10:18 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-28 10:18 . 2008-08-28 10:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-27 17:53 . 2008-09-06 22:10 <DIR> d-------- C:\Program Files\eclipse
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 09:58 --------- d-----w C:\Documents and Settings\Damir\Application Data\SurfAccuracy
2008-09-21 08:34 --------- d-----w C:\Program Files\Opera
2008-09-21 00:33 --------- d-----w C:\Program Files\Google
2008-09-20 23:19 --------- d-----w C:\Program Files\Comodo
2008-09-20 21:07 87,056 ----a-w C:\windows\system32\drivers\cmdguard.sys
2008-09-20 21:07 24,208 ----a-w C:\windows\system32\drivers\cmdhlp.sys
2008-09-20 21:07 143,104 ----a-w C:\windows\system32\guard32.dll
2008-09-20 10:38 --------- d-----w C:\Program Files\Warcraft III
2008-09-14 06:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-28 09:10 --------- d-----w C:\Documents and Settings\Damir\Application Data\Apple Computer
2008-08-16 06:52 --------- d-----w C:\Documents and Settings\Damir\Application Data\THQ
2008-08-09 06:15 --------- d-----w C:\Documents and Settings\Dalibor\Application Data\THQ
2008-07-30 17:39 --------- d-----w C:\Documents and Settings\Damir\Application Data\gtk-2.0
2008-07-23 19:05 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-07-23 19:05 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-18 06:24 108,144 ----a-w C:\windows\system32\CmdLineExt.dll
2008-06-11 20:31 21,040 ----a-w C:\Documents and Settings\Caki\Application Data\GDIPFONTCACHEV1.DAT
2008-03-16 22:31 16,760 -c--a-w C:\Documents and Settings\Damir\Application Data\GDIPFONTCACHEV1.DAT
2008-03-09 07:55 16,760 ----a-w C:\Documents and Settings\Dalibor\Application Data\GDIPFONTCACHEV1.DAT
2008-01-19 15:32 10 -c--a-w C:\Program Files\.autoreg
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\cfp.exe" [2008-09-20 1655552]
"BOC-427"="C:\PROGRA~1\Comodo\CBOClean\BOC427.exe" [2008-07-14 351480]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 15360]
C:\Documents and Settings\Dalibor\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2008-06-02 225280]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln]
2008-01-19 18:55 216576 C:\WINDOWS\system32\monln.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 setuid
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup=C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=C:\windows\pss\Monitor Apache Servers.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Damir^Start Menu^Programs^Startup^H3 The Shadow of Death(TM).lnk]
path=C:\Documents and Settings\Damir\Start Menu\Programs\Startup\H3 The Shadow of Death(TM).lnk
backup=C:\windows\pss\H3 The Shadow of Death(TM).lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gqupdcqj]
C:\Program Files\Common Files\??sks\n?pdb.exe [?]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\windows
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\windows\system32
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a--c--- 2005-06-29 02:09 32768 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a--c--- 2005-06-28 22:05 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\windows\system32\kdhaq.exe]
--------- 2004-08-04 14:00 52224 C:\WINDOWS\system32\kdhaq.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cnfgCav]
--a------ 2008-01-19 18:55 110592 C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 14:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-03 08:32 133104 C:\Documents and Settings\Damir\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 02:06 1667584 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-01-10 15:45 148888 C:\Program Files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w3dr.exe]
--a------ 2008-08-03 16:38 61440 C:\Program Files\Warcraft III\W3DR.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-01-16 00:54 37376 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-11-15 12:20 77824 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindService"=2 (0x2)
"rpcapd"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\windows\system32\DRIVERS\cmdguard.sys [2008-09-20 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\windows\system32\DRIVERS\cmdhlp.sys [2008-09-20 24208]
R3 slnt;Silan SC92031 PCI Fast Ethernet Adapter;C:\windows\system32\DRIVERS\slnt.sys [2003-11-20 18004]
S3 Apache2.2;Apache2.2;C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2008-01-18 24635]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\system32\drivers\mbamswissarmy.sys [2008-09-10 38528]
S3 NPF;NetGroup Packet Filter Driver;C:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S4 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-01-10 147456]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51433668-e3df-11dc-a402-0014854d5c28}]
\Shell\Auto\command - E:\UFO.exe
\Shell\AutoRun\command - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7081ca61-8718-11dc-83f6-0014854d5c28}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
*Newly Created Service* - SASDIFSV
*Newly Created Service* - SASENUM
*Newly Created Service* - SASKUTIL
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
BHO-{1B369AE2-0551-0DF5-0612-5800BEC1819F} - C:\WINDOWS\system32\tfa.dll
MSConfigStartUp-Acrobat Assistant 7 - C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
MSConfigStartUp-Etaa - C:\PROGRA~1\COMMON~1\ICROSO~1.NET\scanregw.exe
MSConfigStartUp-Ncuc - C:\WINDOWS\RACLE~1\ntvdm.exe
MSConfigStartUp-PCSuiteTrayApplication - C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
MSConfigStartUp-ReJf5vH - C:\Documents and Settings\Damir\Application Data\Microsoft\Windows\lcnlfj.exe
MSConfigStartUp-runner1 - C:\WINDOWS\mrofinu1002397.exe
MSConfigStartUp-SurfAccuracy - C:\Documents and Settings\Damir\Application Data\SurfAccuracy\SAcc.exe
MSConfigStartUp-TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://ldp-grocka.org/
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-09-21 15:47:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Comodo\CBOClean\BOCore.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Comodo\Common\CAVASpy\cavasm.exe
C:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
C:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-09-21 15:53:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-21 13:52:51
Pre-Run: 3,977,572,352 bytes free
Post-Run: 5,371,207,680 bytes free
249
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:01:51 PM, on 9/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\windows\system32\svchost.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\windows\system32\wscntfy.exe
C:\windows\explorer.exe
C:\windows\system32\notepad.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ldp-grocka.org/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A8FE85C-FE8C-47D6-9187-E83EDC23B700}: NameServer = 85.255.116.140 85.255.112.66
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: monln - C:\windows\SYSTEM32\monln.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: CVSNT Locking Service 2.5.03.2382 (cvslock) - Unknown owner - C:\Program Files\CVSNT\cvslock.exe
O23 - Service: CVSNT Dispatch service 2.5.03.2382 (cvsnt) - March Hare Software Ltd - C:\Program Files\CVSNT\cvsservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5564 bytes
I got one I could not delete.
Author