Jump to content

dansar

Members
 View Profile  See their activity

  • Posts

    13

  • Joined

  • Last visited

Reputation

0 Neutral
  1. dansar
    YES!! Thank you for your help. I truly appreciate it. Dan
  2. dansar
    ComboFix 09-06-11.05 - Dan 06/11/2009 14:51.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1016.558 [GMT -5:00] Running from: c:\documents and settings\Dan\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Downloaded Program Files\ODCTOOLS . ((((((((((((((((((((((((( Files Created from 2009-05-11 to 2009-06-11 ))))))))))))))))))))))))))))))) . 2009-06-11 17:45 . 2009-06-11 17:46 117760 ----a-w- c:\documents and settings\sherry\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-06-11 17:45 . 2009-06-11 17:45 -------- d-----w- c:\documents and settings\sherry\Application Data\SUPERAntiSpyware.com 2009-06-11 02:04 . 2009-06-11 02:04 -------- d-----w- c:\documents and settings\sherry\Local Settings\Application Data\AOL 2009-06-11 02:04 . 2009-06-11 02:04 -------- d-----w- c:\documents and settings\sherry\Application Data\Malwarebytes 2009-06-08 00:29 . 2009-06-08 00:29 0 ----a-w- c:\documents and settings\Dan\settings.dat 2009-06-07 22:29 . 2009-06-09 00:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-07 22:29 . 2009-06-07 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-06-07 22:13 . 2009-06-09 02:25 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\jZip 2009-06-07 22:13 . 2009-06-07 22:13 -------- d-----w- c:\documents and settings\Dan\Application Data\Yahoo! 2009-06-07 22:13 . 2009-06-08 04:17 -------- d-----w- c:\program files\Yahoo! 2009-06-07 21:55 . 2009-06-07 21:55 -------- d-----w- c:\documents and settings\Dan\Application Data\Uniblue 2009-06-06 01:21 . 2004-05-11 15:56 423784 ----a-w- c:\windows\system32\XceedBkp.dll 2009-06-06 01:21 . 2003-11-19 19:59 512688 ----a-w- c:\windows\system32\XceedCry.dll 2009-06-06 01:21 . 2000-07-15 11:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL 2009-06-06 01:21 . 2000-07-15 05:00 118784 ----a-w- c:\windows\system32\msstdfmt.dll 2009-06-06 00:03 . 2009-06-06 00:03 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Identities 2009-06-05 18:59 . 2009-06-06 01:00 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-06-05 16:24 . 2009-06-05 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-06-05 15:09 . 2009-06-05 15:09 -------- d-----w- c:\program files\Trend Micro 2009-06-05 12:34 . 2009-05-26 18:20 75024 ----a-w- c:\documents and settings\FLUFFY\mbamext.dll 2009-06-05 12:34 . 2009-05-26 18:20 1283344 ----a-w- c:\documents and settings\FLUFFY\mbam.exe 2009-06-05 12:34 . 2009-06-05 12:41 -------- d-----w- c:\documents and settings\FLUFFY 2009-06-05 03:58 . 2009-06-05 03:58 -------- d-----w- c:\program files\Windows Defender 2009-06-05 02:06 . 2009-06-05 02:06 -------- d-----w- c:\program files\VS Revo Group 2009-05-22 03:33 . 2009-05-22 03:33 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2009-05-19 19:53 . 2009-06-09 01:54 -------- d-----w- c:\documents and settings\Dan\Application Data\IObit 2009-05-19 19:53 . 2009-05-19 19:53 -------- d-----w- c:\program files\IObit 2009-05-14 02:28 . 2009-05-14 02:28 -------- d-----w- c:\documents and settings\Dan\Application Data\Apple Computer 2009-05-14 02:28 . 2009-03-19 21:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-05-14 02:28 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2009-05-14 02:28 . 2009-05-14 02:28 -------- d-----w- c:\program files\iPod 2009-05-14 02:27 . 2009-05-14 02:28 -------- d-----w- c:\program files\iTunes 2009-05-14 02:27 . 2009-05-14 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-05-14 02:27 . 2009-05-14 02:27 -------- d-----w- c:\program files\Bonjour 2009-05-14 02:26 . 2009-05-14 02:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-05-14 02:25 . 2009-05-14 02:25 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Apple 2009-05-14 02:25 . 2009-05-14 02:25 -------- d-----w- c:\program files\Apple Software Update 2009-05-14 02:24 . 2009-06-05 17:03 -------- dc----w- c:\windows\system32\DRVSTORE 2009-05-14 02:24 . 2009-05-14 02:28 -------- d-----w- c:\program files\Common Files\Apple 2009-05-14 02:24 . 2009-05-14 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-05-14 02:23 . 2009-05-14 02:23 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Apple Computer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-11 18:34 . 2009-06-09 02:01 117760 ----a-w- c:\documents and settings\Dan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-06-11 02:03 . 2009-06-11 02:03 30600 ----a-w- c:\documents and settings\sherry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-09 20:04 . 2003-08-14 02:58 182656 ----a-w- c:\windows\system32\drivers\ndis.sys 2009-06-09 02:01 . 2009-06-09 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-06-09 02:00 . 2009-06-09 02:00 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-06-09 02:00 . 2009-06-09 02:00 -------- d-----w- c:\documents and settings\Dan\Application Data\SUPERAntiSpyware.com 2009-06-09 02:00 . 2009-06-09 02:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-06-09 01:54 . 2009-05-11 15:42 -------- d-----w- c:\program files\AOL Toolbar 2009-06-09 01:06 . 2009-06-09 01:06 60586 ----a-w- c:\documents and settings\Dan\Application Data\Instant Housecall\Free Edition\Specialist\UninstallSignIn.exe 2009-06-09 01:06 . 2009-06-09 01:06 -------- d-----w- c:\documents and settings\Dan\Application Data\Instant Housecall 2009-06-08 22:17 . 2009-06-08 22:17 -------- d-----w- c:\documents and settings\Dan\Application Data\Malwarebytes 2009-06-08 03:42 . 2009-05-09 03:56 -------- d-----w- c:\documents and settings\Dan\Application Data\AdobeUM 2009-06-05 03:58 . 2009-05-09 14:22 30600 ----a-w- c:\documents and settings\Dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-26 18:20 . 2009-05-09 15:47 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-26 18:19 . 2009-05-09 15:47 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-05-16 02:20 . 2003-08-14 21:50 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-16 02:20 . 2003-08-15 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation 2009-05-16 02:12 . 2009-05-09 04:03 -------- d-----w- c:\program files\Microsoft Works 2009-05-16 01:59 . 2003-08-15 01:09 -------- d-----w- c:\program files\Sony 2009-05-14 02:27 . 2003-08-15 19:22 -------- d-----w- c:\program files\QuickTime 2009-05-11 16:14 . 2009-05-11 16:14 -------- d-----w- c:\documents and settings\Dan\Application Data\AOL 2009-05-11 15:44 . 2009-05-11 15:44 -------- d-----w- c:\documents and settings\Dan\Application Data\acccore 2009-05-11 15:41 . 2009-05-11 15:39 -------- d-----w- c:\program files\Common Files\AOL 2009-05-11 15:41 . 2009-05-11 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL 2009-05-11 15:40 . 2009-05-11 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-05-11 15:40 . 2003-08-15 19:21 -------- d-----w- c:\program files\Viewpoint 2009-05-11 15:39 . 2009-05-11 15:39 -------- d-----w- c:\program files\Common Files\aolshare 2009-05-11 15:37 . 2009-05-11 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP 2009-05-11 15:37 . 2009-05-11 15:37 686928 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\SinfInst.exe 2009-05-11 15:37 . 2009-05-11 15:37 607392 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\wbsetup.exe 2009-05-11 15:37 . 2009-05-11 15:37 7976 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\wappchck.dll 2009-05-11 15:37 . 2009-05-11 15:37 95792 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\AOLFwMgr.dll 2009-05-11 15:37 . 2009-05-11 15:36 1174536 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\prfrd.exe 2009-05-11 15:36 . 2009-05-11 15:36 383128 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\tbsetup.exe 2009-05-11 15:36 . 2009-05-11 15:36 1651320 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\reginst4.exe 2009-05-11 15:36 . 2009-05-11 15:36 205360 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\maillang.exe 2009-05-11 15:36 . 2009-05-11 15:36 6363152 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\ocpinst.exe 2009-05-11 15:36 . 2009-05-11 15:36 641960 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\SLinst.exe 2009-05-11 15:36 . 2009-05-11 15:36 357304 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\frntinst.exe 2009-05-11 15:36 . 2009-05-11 15:36 2439824 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\ocpinsti.exe 2009-05-11 15:36 . 2009-05-11 15:36 17192 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\brwschk.dll 2009-05-11 15:36 . 2009-05-11 15:36 7976 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\jgchck.dll 2009-05-11 15:34 . 2009-05-11 15:34 96096 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\instph.dll 2009-05-11 15:34 . 2009-05-11 15:34 215864 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\wsfinst.exe 2009-05-11 15:34 . 2009-05-11 15:34 376568 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\unagi3.exe 2009-05-11 15:34 . 2009-05-11 15:34 1364064 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\fdosetup.exe 2009-05-11 15:34 . 2009-05-11 15:34 11048 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\ocfcheck.dll 2009-05-11 15:34 . 2009-05-11 15:34 294376 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\iacinst.exe 2009-05-11 15:34 . 2009-05-11 15:34 45864 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\ACSInstA.dll 2009-05-11 15:34 . 2009-05-11 15:34 74536 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\instSup.dll 2009-05-11 15:34 . 2009-05-11 15:34 1612544 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\acslang.exe 2009-05-11 15:34 . 2009-05-11 15:34 83808 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\ProgUpd.dll 2009-05-11 15:34 . 2009-05-11 15:33 10533216 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\noneCodesignFilesBundle.exe 2009-05-11 15:33 . 2009-05-11 15:33 7976 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\suitedet.dll 2009-05-11 15:33 . 2009-05-11 15:33 1484136 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\acscore.exe 2009-05-11 15:33 . 2009-05-11 15:33 420152 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\AIMLang.exe 2009-05-11 15:33 . 2009-05-11 15:33 122832 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\jginst.exe 2009-05-11 15:33 . 2009-05-11 15:33 7464 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\ie7chck.dll 2009-05-11 15:33 . 2009-05-11 15:33 2426184 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\frntlang.exe 2009-05-11 15:33 . 2009-05-11 15:33 11048 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\tbinst.dll 2009-05-11 15:33 . 2009-05-11 15:33 10856 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\wsfixchk.dll 2009-05-11 15:33 . 2009-05-11 15:33 155432 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\upgrade.exe 2009-05-11 15:33 . 2009-05-11 15:33 335 ----a-w- c:\windows\nsreg.dat 2009-05-11 15:33 . 2009-05-11 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads 2009-05-10 01:37 . 2009-05-09 16:08 -------- d-----w- c:\program files\McAfee 2009-05-09 18:16 . 2009-05-09 18:16 -------- d-----w- c:\program files\CCleaner 2009-05-09 17:05 . 2009-05-09 17:05 -------- d-----w- c:\documents and settings\Dan\Application Data\Sony Corporation 2009-05-09 16:41 . 2009-05-09 16:41 -------- d-----w- c:\documents and settings\Dan\Application Data\Drag'n Drop CD+DVD 2009-05-09 16:31 . 2009-05-09 03:56 -------- d-----w- c:\documents and settings\Dan\Application Data\MSN6 2009-05-09 16:30 . 2003-08-15 19:28 -------- d-----w- c:\program files\MoodLogic 2009-05-09 16:14 . 2009-05-09 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-05-09 16:10 . 2009-05-09 16:09 -------- d-----w- c:\program files\Common Files\McAfee 2009-05-09 16:09 . 2009-05-09 16:09 -------- d-----w- c:\program files\McAfee.com 2009-05-09 15:43 . 2009-05-09 15:41 -------- d-----w- c:\program files\Google 2009-05-09 14:59 . 2003-08-14 03:07 87711 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2009-05-09 12:38 . 2009-05-09 12:38 -------- d-----w- c:\program files\NETGEAR 2009-05-09 04:17 . 2009-05-09 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-05-09 04:05 . 2009-05-09 04:05 -------- d-----w- c:\program files\Encarta Online 2009-05-09 04:02 . 2009-05-09 04:02 -------- d-----w- c:\documents and settings\Dan\Application Data\Symantec 2009-05-09 03:57 . 2009-05-09 03:57 -------- d-----w- c:\program files\drag'n drop cd+dvd 2009-05-09 03:57 . 2009-05-09 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink 2009-05-09 03:57 . 2009-05-09 03:57 -------- d-----w- c:\program files\cyberlink 2009-05-09 03:56 . 2009-05-09 03:56 0 ---ha-r- c:\windows\system32\drivers\Sony_PCV-RS411(UC)_.mrk 2009-05-09 02:28 . 2009-05-09 04:01 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-04-02 21:29 . 2009-04-02 21:29 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe 2009-03-25 11:29 . 2009-03-25 11:29 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys 2009-03-19 21:32 . 2009-03-19 21:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys . ((((((((((((((((((((((((((((( SnapShot@2009-06-09_20.08.12 ))))))))))))))))))))))))))))))))))))))))) . + 2003-08-14 03:09 . 2009-06-11 16:30 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2003-08-14 03:09 . 2009-06-09 19:19 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2003-08-14 03:09 . 2009-06-11 16:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2003-08-14 03:09 . 2009-06-09 19:19 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2003-08-14 03:09 . 2009-06-11 16:30 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2003-08-14 03:09 . 2009-06-09 19:19 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2008-07-10 21:54 . 2008-07-10 21:54 409168 c:\windows\Downloaded Program Files\MSDcode.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-09 39408] "Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-05-01 2329936] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128] "Google Update"="c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-10 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-06 335872] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992] "HostManager"="c:\program files\Common Files\AOL\1242056371\ee\AOLSoftware.exe" [2008-06-24 41824] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-02-14 88107] c:\documents and settings\Dan\Start Menu\Programs\Startup\ AOL Desktop.lnk - c:\program files\Common Files\AOL\Launch\aollaunch.exe [2008-6-24 41824] c:\documents and settings\All Users\Start Menu\Programs\Startup\ WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2009-5-9 745472] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\1242056371\\ee\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1242056371\\ee\\AOLDesktop.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944] R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [5/9/2009 7:38 AM 66048] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [5/9/2009 7:38 AM 272128] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408] R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [5/9/2009 7:38 AM 13532] S0 bnnsr;bnnsr;c:\windows\system32\drivers\ayqdekw.sys --> c:\windows\system32\drivers\ayqdekw.sys [?] . Contents of the 'Scheduled Tasks' folder 2009-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2009-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-860267971-3276669125-4260065072-1005.job - c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-10 23:58] 2009-05-09 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-09 18:32] 2009-06-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-09 18:32] 2009-06-11 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20] 2009-05-09 c:\windows\Tasks\Registration reminder 2.job - c:\windows\System32\OOBE\oobebaln.exe [2003-08-14 00:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://comcast.net uInternet Settings,ProxyOverride = *.local;<local> uInternet Settings,ProxyServer = http=localhost:7171 IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html Trusted Zone: microsoft.com\widowsupdate Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-11 14:53 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-860267971-3276669125-4260065072-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(824) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\igfxsrvc.dll c:\windows\system32\hccutils.DLL - - - - - - - > 'winlogon.exe'(4048) c:\program files\SUPERAntiSpyware\SASWINLO.dll . Completion time: 2009-06-11 14:55 ComboFix-quarantined-files.txt 2009-06-11 19:54 ComboFix2.txt 2009-06-09 20:12 Pre-Run: 7,587,807,232 bytes free Post-Run: 7,582,994,432 bytes free 274 --- E O F --- 2009-05-14 02:34 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:15:15 PM, on 6/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\System32\ezSP_Px.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Common Files\AOL\1242056371\ee\AOLSoftware.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe C:\Program Files\Common Files\AOL\1242056371\ee\AOLDesktop.exe C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1242056371\ee\AOLSoftware.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ? O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1241873418609 O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe -- End of file - 7326 bytes Malwarebytes' Anti-Malware 1.37 Database version: 2263 Windows 5.1.2600 Service Pack 3 6/11/2009 3:21:12 PM mbam-log-2009-06-11 (15-21-12).txt Scan type: Quick Scan Objects scanned: 91123 Time elapsed: 4 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  3. dansar
    Thank you for replying. I will get that done today. Dan
  4. dansar
    sorry about that . That computer was giving me a hard time copying and pasting. Dan
  5. dansar
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:16:53 PM, on 6/9/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Common Files\AOL\1242056371\ee\AOLSoftware.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe C:\Program Files\Common Files\AOL\1242056371\ee\AOLDesktop.exe C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\9129837.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1242056371\ee\AOLSoftware.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe O4 - Startup: zqosys32.exe O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ? O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1241873418609 O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 7250 ComboFix 09-06-09.01 - Dan 06/09/2009 15:02.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1016.585 [GMT -5:00] Running from: c:\documents and settings\Dan\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Dan\Application Data\wiaserva.log c:\documents and settings\Dan\Application Data\wiaservg.log c:\documents and settings\Dan\Start Menu\Programs\Startup\fmnupd32.exe c:\windows\run_1244436627.exe c:\windows\system32\avast!Antivirus.exe c:\windows\system32\drivers\SKYNEToyfjtpeo.sys c:\windows\system32\kungsflwjjxqty.dat c:\windows\system32\UACixwmbrkntcbxflj.db c:\windows\system32\UACotrmwwsnwoeyenk.dat C:\xcrashdump.dat Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected Restored copy from - The cat ate it . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_AVAST!ANTIVIRUS -------\Service_avast!Antivirus -------\Service_kungsfepsflgme -------\Service_SKYNETkbfpmpdw ((((((((((((((((((((((((( Files Created from 2009-05-09 to 2009-06-09 ))))))))))))))))))))))))))))))) . 2009-06-09 02:01 . 2009-06-09 20:07 117760 ----a-w- c:\documents and settings\Dan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-06-09 02:01 . 2009-06-09 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-06-09 02:00 . 2009-06-09 02:00 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-06-09 02:00 . 2009-06-09 02:00 -------- d-----w- c:\documents and settings\Dan\Application Data\SUPERAntiSpyware.com 2009-06-09 02:00 . 2009-06-09 02:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-06-09 01:06 . 2009-06-09 01:06 60586 ----a-w- c:\documents and settings\Dan\Application Data\Instant Housecall\Free Edition\Specialist\UninstallSignIn.exe 2009-06-09 01:06 . 2009-06-09 01:06 -------- d-----w- c:\documents and settings\Dan\Application Data\Instant Housecall 2009-06-08 22:27 . 2009-06-08 22:27 33888 ----a-w- c:\windows\system32\drivers\olpad17.sys 2009-06-08 22:17 . 2009-06-08 22:17 -------- d-----w- c:\documents and settings\Dan\Application Data\Malwarebytes 2009-06-08 03:42 . 2009-06-09 19:59 182656 -c--a-w- c:\windows\system32\dllcache\ndis.sys 2009-06-08 00:29 . 2009-06-08 00:29 0 ----a-w- c:\documents and settings\Dan\settings.dat 2009-06-07 22:29 . 2009-06-09 00:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-07 22:29 . 2009-06-07 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-06-07 22:13 . 2009-06-09 02:25 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\jZip 2009-06-07 22:13 . 2009-06-07 22:13 -------- d-----w- c:\documents and settings\Dan\Application Data\Yahoo! 2009-06-07 22:13 . 2009-06-08 04:17 -------- d-----w- c:\program files\Yahoo! 2009-06-07 21:55 . 2009-06-07 21:55 -------- d-----w- c:\documents and settings\Dan\Application Data\Uniblue 2009-06-06 01:21 . 2004-05-11 15:56 423784 ----a-w- c:\windows\system32\XceedBkp.dll 2009-06-06 01:21 . 2003-11-19 19:59 512688 ----a-w- c:\windows\system32\XceedCry.dll 2009-06-06 01:21 . 2000-07-15 11:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL 2009-06-06 01:21 . 2000-07-15 05:00 118784 ----a-w- c:\windows\system32\msstdfmt.dll 2009-06-06 00:03 . 2009-06-06 00:03 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Identities 2009-06-05 18:59 . 2009-06-06 01:00 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-06-05 16:24 . 2009-06-05 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-06-05 15:09 . 2009-06-05 15:09 -------- d-----w- c:\program files\Trend Micro 2009-06-05 12:34 . 2009-05-26 18:20 75024 ----a-w- c:\documents and settings\FLUFFY\mbamext.dll 2009-06-05 12:34 . 2009-05-26 18:20 1283344 ----a-w- c:\documents and settings\FLUFFY\mbam.exe 2009-06-05 12:34 . 2009-06-05 12:41 -------- d-----w- c:\documents and settings\FLUFFY 2009-06-05 03:58 . 2009-06-05 03:58 -------- d-----w- c:\program files\Windows Defender 2009-06-05 02:06 . 2009-06-05 02:06 -------- d-----w- c:\program files\VS Revo Group 2009-05-22 03:33 . 2009-05-22 03:33 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2009-05-19 19:53 . 2009-06-09 01:54 -------- d-----w- c:\documents and settings\Dan\Application Data\IObit 2009-05-19 19:53 . 2009-05-19 19:53 -------- d-----w- c:\program files\IObit 2009-05-14 02:28 . 2009-05-14 02:28 -------- d-----w- c:\documents and settings\Dan\Application Data\Apple Computer 2009-05-14 02:28 . 2009-03-19 21:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-05-14 02:28 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2009-05-14 02:28 . 2009-05-14 02:28 -------- d-----w- c:\program files\iPod 2009-05-14 02:27 . 2009-05-14 02:28 -------- d-----w- c:\program files\iTunes 2009-05-14 02:27 . 2009-05-14 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-05-14 02:27 . 2009-05-14 02:27 -------- d-----w- c:\program files\Bonjour 2009-05-14 02:26 . 2009-05-14 02:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-05-14 02:25 . 2009-05-14 02:25 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Apple 2009-05-14 02:25 . 2009-05-14 02:25 -------- d-----w- c:\program files\Apple Software Update 2009-05-14 02:24 . 2009-06-05 17:03 -------- dc----w- c:\windows\system32\DRVSTORE 2009-05-14 02:24 . 2009-05-14 02:28 -------- d-----w- c:\program files\Common Files\Apple 2009-05-14 02:24 . 2009-05-14 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-05-14 02:23 . 2009-05-14 02:23 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Apple Computer 2009-05-11 16:14 . 2009-05-11 16:14 -------- d-----w- c:\documents and settings\Dan\Application Data\AOL 2009-05-11 15:44 . 2009-05-11 15:44 -------- d-----w- c:\documents and settings\Dan\Application Data\acccore 2009-05-11 15:42 . 2009-05-11 15:42 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AOL 2009-05-11 15:42 . 2009-06-09 01:54 -------- d-----w- c:\program files\AOL Toolbar 2009-05-11 15:41 . 2003-01-10 21:13 33588 ----a-r- c:\windows\system32\drivers\wanatw4.sys 2009-05-11 15:41 . 2009-05-24 02:42 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\AOL 2009-05-11 15:40 . 2009-05-11 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-05-11 15:39 . 2009-05-11 15:41 -------- d-----w- c:\program files\Common Files\AOL 2009-05-11 15:39 . 2009-05-11 15:39 -------- d-----w- c:\program files\Common Files\aolshare 2009-05-11 15:37 . 2009-05-11 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL 2009-05-11 15:37 . 2009-05-11 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP 2009-05-11 15:37 . 2009-05-11 15:37 686928 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\SinfInst.exe 2009-05-11 15:37 . 2009-05-11 15:37 607392 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\wbsetup.exe 2009-05-11 15:37 . 2009-05-11 15:37 7976 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\wappchck.dll 2009-05-11 15:37 . 2009-05-11 15:37 95792 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\AOLFwMgr.dll 2009-05-11 15:36 . 2009-05-11 15:37 1174536 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\prfrd.exe 2009-05-11 15:36 . 2009-05-11 15:36 383128 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\tbsetup.exe 2009-05-11 15:36 . 2009-05-11 15:36 1651320 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\reginst4.exe 2009-05-11 15:36 . 2009-05-11 15:36 205360 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\maillang.exe 2009-05-11 15:36 . 2009-05-11 15:36 6363152 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\ocpinst.exe 2009-05-11 15:36 . 2009-05-11 15:36 641960 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\SLinst.exe 2009-05-11 15:36 . 2009-05-11 15:36 357304 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\frntinst.exe 2009-05-11 15:36 . 2009-05-11 15:36 2439824 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\ocpinsti.exe 2009-05-11 15:36 . 2009-05-11 15:36 17192 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\brwschk.dll 2009-05-11 15:36 . 2009-05-11 15:36 7976 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\jgchck.dll 2009-05-11 15:34 . 2009-05-11 15:34 96096 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\instph.dll 2009-05-11 15:34 . 2009-05-11 15:34 215864 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\wsfinst.exe 2009-05-11 15:34 . 2009-05-11 15:34 376568 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\unagi3.exe 2009-05-11 15:34 . 2009-05-11 15:34 1364064 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\fdosetup.exe 2009-05-11 15:34 . 2009-05-11 15:34 11048 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\ocfcheck.dll 2009-05-11 15:34 . 2009-05-11 15:34 294376 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\iacinst.exe 2009-05-11 15:34 . 2009-05-11 15:34 45864 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\ACSInstA.dll 2009-05-11 15:34 . 2009-05-11 15:34 74536 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\instSup.dll 2009-05-11 15:34 . 2009-05-11 15:34 1612544 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\acslang.exe 2009-05-11 15:34 . 2009-05-11 15:34 83808 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\ProgUpd.dll 2009-05-11 15:33 . 2009-05-11 15:34 10533216 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\noneCodesignFilesBundle.exe 2009-05-11 15:33 . 2009-05-11 15:33 7976 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\suitedet.dll 2009-05-11 15:33 . 2009-05-11 15:33 1484136 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\acscore.exe 2009-05-11 15:33 . 2009-05-11 15:33 420152 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\AIMLang.exe 2009-05-11 15:33 . 2009-05-11 15:33 122832 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\jginst.exe 2009-05-11 15:33 . 2009-05-11 15:33 7464 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\ie7chck.dll 2009-05-11 15:33 . 2009-05-11 15:33 2426184 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\frntlang.exe 2009-05-11 15:33 . 2009-05-11 15:33 11048 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\tbinst.dll 2009-05-11 15:33 . 2009-05-11 15:33 10856 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\wsfixchk.dll 2009-05-11 15:33 . 2009-05-11 15:33 155432 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\upgrade.exe 2009-05-11 15:33 . 2009-05-11 15:33 335 ----a-w- c:\windows\nsreg.dat 2009-05-11 15:33 . 2009-05-11 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-09 20:08 . 2009-06-09 20:08 101182 ----a-w- c:\windows\system32\drivers\a0cb222d.sys 2009-06-09 20:08 . 2009-06-09 20:08 24576 ----a-w- c:\windows\9129837.exe 2009-06-09 20:04 . 2003-08-14 02:58 182656 ----a-w- c:\windows\system32\drivers\ndis.sys 2009-06-08 03:42 . 2009-05-09 03:56 -------- d-----w- c:\documents and settings\Dan\Application Data\AdobeUM 2009-06-05 03:58 . 2009-05-09 14:22 30600 ----a-w- c:\documents and settings\Dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-26 18:20 . 2009-05-09 15:47 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-26 18:19 . 2009-05-09 15:47 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-05-16 02:20 . 2003-08-14 21:50 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-16 02:20 . 2003-08-15 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation 2009-05-16 02:12 . 2009-05-09 04:03 -------- d-----w- c:\program files\Microsoft Works 2009-05-16 01:59 . 2003-08-15 01:09 -------- d-----w- c:\program files\Sony 2009-05-14 02:27 . 2003-08-15 19:22 -------- d-----w- c:\program files\QuickTime 2009-05-11 15:40 . 2003-08-15 19:21 -------- d-----w- c:\program files\Viewpoint 2009-05-10 01:37 . 2009-05-09 16:08 -------- d-----w- c:\program files\McAfee 2009-05-09 18:16 . 2009-05-09 18:16 -------- d-----w- c:\program files\CCleaner 2009-05-09 17:05 . 2009-05-09 17:05 -------- d-----w- c:\documents and settings\Dan\Application Data\Sony Corporation 2009-05-09 16:41 . 2009-05-09 16:41 -------- d-----w- c:\documents and settings\Dan\Application Data\Drag'n Drop CD+DVD 2009-05-09 16:31 . 2009-05-09 03:56 -------- d-----w- c:\documents and settings\Dan\Application Data\MSN6 2009-05-09 16:30 . 2003-08-15 19:28 -------- d-----w- c:\program files\MoodLogic 2009-05-09 16:14 . 2009-05-09 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-05-09 16:10 . 2009-05-09 16:09 -------- d-----w- c:\program files\Common Files\McAfee 2009-05-09 16:09 . 2009-05-09 16:09 -------- d-----w- c:\program files\McAfee.com 2009-05-09 15:43 . 2009-05-09 15:41 -------- d-----w- c:\program files\Google 2009-05-09 14:59 . 2003-08-14 03:07 87711 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2009-05-09 12:38 . 2009-05-09 12:38 -------- d-----w- c:\program files\NETGEAR 2009-05-09 04:17 . 2009-05-09 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-05-09 04:05 . 2009-05-09 04:05 -------- d-----w- c:\program files\Encarta Online 2009-05-09 04:02 . 2009-05-09 04:02 -------- d-----w- c:\documents and settings\Dan\Application Data\Symantec 2009-05-09 03:57 . 2009-05-09 03:57 -------- d-----w- c:\program files\drag'n drop cd+dvd 2009-05-09 03:57 . 2009-05-09 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink 2009-05-09 03:57 . 2009-05-09 03:57 -------- d-----w- c:\program files\cyberlink 2009-05-09 03:56 . 2009-05-09 03:56 0 ---ha-r- c:\windows\system32\drivers\Sony_PCV-RS411(UC)_.mrk 2009-05-09 02:28 . 2009-05-09 04:01 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-04-02 21:29 . 2009-04-02 21:29 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe 2009-03-25 11:29 . 2009-03-25 11:29 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys 2009-03-19 21:32 . 2009-03-19 21:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-09 39408] "Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-05-01 2329936] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128] "ttool"="c:\windows\9129837.exe" [2009-06-09 24576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-06 335872] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992] "HostManager"="c:\program files\Common Files\AOL\1242056371\ee\AOLSoftware.exe" [2008-06-24 41824] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-02-14 88107] c:\documents and settings\Dan\Start Menu\Programs\Startup\ AOL Desktop.lnk - c:\program files\Common Files\AOL\Launch\aollaunch.exe [2008-6-24 41824] zqosys32.exe [2008-4-13 27648] c:\documents and settings\All Users\Start Menu\Programs\Startup\ WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2009-5-9 745472] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\1242056371\\ee\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1242056371\\ee\\AOLDesktop.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944] R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [5/9/2009 7:38 AM 66048] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [5/9/2009 7:38 AM 272128] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408] R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [5/9/2009 7:38 AM 13532] S0 bnnsr;bnnsr;c:\windows\system32\drivers\ayqdekw.sys --> c:\windows\system32\drivers\ayqdekw.sys [?] S1 olpad17;olpad17;c:\windows\system32\drivers\olpad17.sys [6/8/2009 5:27 PM 33888] . Contents of the 'Scheduled Tasks' folder 2009-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2009-05-09 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-09 18:32] 2009-06-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-09 18:32] 2009-06-09 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20] 2009-05-09 c:\windows\Tasks\Registration reminder 2.job - c:\windows\System32\OOBE\oobebaln.exe [2003-08-14 00:12] . - - - - ORPHANS REMOVED - - - - SafeBoot-procexp90.Sys . ------- Supplementary Scan ------- . uStart Page = hxxp://comcast.net uInternet Settings,ProxyOverride = *.local;<local> uInternet Settings,ProxyServer = http=localhost:7171 IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-09 15:07 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\a0cb222d] "ImagePath"="\SystemRoot\System32\drivers\a0cb222d.sys" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(828) c:\program files\SUPERAntiSpyware\SASWINLO.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\AOL\1242056371\ee\AOLDesktop.exe c:\program files\Common Files\AOL\ACS\AOLacsd.exe c:\program files\iPod\bin\iPodService.exe c:\program files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe c:\progra~1\McAfee\VIRUSS~1\mcvsshld.exe c:\program files\McAfee\MPF\MpfSrv.exe . ************************************************************************** . Completion time: 2009-06-09 15:12 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-09 20:12 Pre-Run: 6,592,372,736 bytes free Post-Run: 6,614,429,696 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 300 --- E O F --- 2009-05-14 02:34
  6. dansar
    After using Combo Fix I was able to update Malwarebytes and SuperAntiSpyware. Both programs have found more malware and McAfee blocked a trojan and keeps blocking a buffer overflow. WOW..Seems like I'm under attack but everything is much better. All programs are operating as they should. Keeping my fingers crossed. thank you again. Dan
  7. dansar
    hijackthis_log.txtcombo_log.txtHere are the logs.... combo_log.txt hijackthis_log.txt
  8. dansar
    Thank you for your assistance. MUCH appreciated! I will be able to get to the infected computer later this afternoon and will proceed with your instructions. Thanks again Dan
  9. dansar
    I finally was able to get to the infected computer. What a mess! I had to go safe mode and I was able to wipe out SKYNET. Still in Safe mode I ran Malware Bytes and got rid of 18 bad files. I rebooted and my IE wouldn't work but the AOL browser did open if I signed on. I redownloaded Malware bytes and it completed. removed 2 more bad files but still will not update from program. McAfee detects one called NTQueryDirectoryFile Generic rootkit but can not do anything about it. Heres the latest rootrepeal scans.ROOTREPEAL © AD, 2007-2009 ================================================== Scan Time: 2009/06/08 19:53 Program Version: Version 1.3.0.0 Windows Version: Windows XP SP3 ================================================== Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\WINDOWS\Temp\TMP0000002AD93C9EE49D1697C5 Status: Invisible to the Windows API! Path: c:\windows\$ntservicepackuninstall$\ndis.sys Status: Size mismatch (API: 182656, Raw: 182912) Path: c:\windows\system32\dllcache\ndis.sys Status: Size mismatch (API: 182656, Raw: 212224) Path: c:\windows\system32\drivers\ndis.sys Status: Size mismatch (API: 182656, Raw: 212224) Path: C:\Documents and Settings\Dan\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys Status: Size mismatch (API: 182656, Raw: 0) and a hidden services scan OOTREPEAL © AD, 2007-2009 ================================================== Scan Time: 2009/06/08 19:54 Program Version: Version 1.3.0.0 Windows Version: Windows XP SP3 ================================================== Hidden Services ------------------- Service Name: kungsfepsflgme Image Path: C:\WINDOWS\system32\drivers\kungsfydjnpsac.sys Service Name: SKYNETkbfpmpdw Image Path: C:\WINDOWS\system32\drivers\SKYNEToyfjtpeo.sys Service Name: UACd.sys Image Path: C:\WINDOWS\system32\drivers\UAClnrhkbdoqcnoofq.sys THANK YOU in advance for any help. Dan
  10. dansar
    If you look at the 1st rootrepeal you will notice that the UAC sys. file is not there. I did wipe it but on rescan you'll see ( my 2nd log ) that it reappeared. I looked in Hidden Services on rootrepeal and it is there too but when I try to wipe it I get a message saying unable to remove. The Skynet file is there too.
  11. dansar
    Oh..I'm sorry. I followed the directions of another poster who suggested a quick fix by downloading rootrepeal and if I wasn't sure what to delete I could post the report to the forum. My problem is I uninstalled Malwarebytes when it wouldn't open. Tried reinstalling by changing the name. I had no luck there. Same thing with SuperAntiSpyware. My McAfee virus scan works but it seems to quarantine the same trojan everytime I run it. I downloaded the beta of HOUSECALL and it supposedly got rid of a trojan but it does not open anymore either. Now I get strange virus alerts and virus programs load into my taskbar. I've been to several forums with no luck. The one thing that they all say is that Malware bytes will fix it if you can get it to work. I figured that this is the forum I have the best shot to accomplish this. Thank you in advance for any help or replies. Dan
  12. dansar
    I rescanned and this is the new report.ROOTREPEAL © AD, 2007-2009 ================================================== Scan Time: 2009/06/07 19:33 Program Version: Version 1.3.0.0 Windows Version: Windows XP SP3 ================================================== Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\Documents and Settings\Dan\settings.dat Status: Visible to the Windows API, but not on disk. Path: C:\WINDOWS\system32\UACaocjmfccahguptd.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACfplhwnmlvjbfrjy.log Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACgdvivsrugholuym.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\uacinit.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACixwmbrkntcbxflj.db Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UAClmjeksnqvpwroai.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UAClqsmkjejihyckyt.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACotrmwwsnwoeyenk.dat Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\uactmp.db Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACxkuyonqhhlxqlsw.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACjnqnhlgkskvlppu.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\UACfebe.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\drivers\SKYNEToyfjtpeo.sys Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\drivers\UAClnrhkbdoqcnoofq.sys Status: Invisible to the Windows API! Path: C:\Documents and Settings\Dan\Local Settings\Temp\UAC9fb.tmp Status: Invisible to the Windows API!
  13. dansar
    TREPEAL © AD, 2007-2009 ================================================== Scan Time: 2009/06/07 18:50 Program Version: Version 1.3.0.0 Windows Version: Windows XP SP3 ================================================== Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\WINDOWS\system32\UACaocjmfccahguptd.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACfplhwnmlvjbfrjy.log Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACgdvivsrugholuym.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\uacinit.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACixwmbrkntcbxflj.db Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UAClmjeksnqvpwroai.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UAClqsmkjejihyckyt.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACotrmwwsnwoeyenk.dat Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\uactmp.db Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACxkuyonqhhlxqlsw.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACjnqnhlgkskvlppu.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\TMP000000C5245228A17A0B157D Status: Visible to the Windows API, but not on disk. Path: C:\WINDOWS\system32\drivers\SKYNEToyfjtpeo.sys Status: Invisible to the Windows API! Path: C:\Documents and Settings\Dan\Local Settings\Temp\UAC9fb.tmp Status: Invisible to the Windows API! I hope someone can tell me if anything here is malware. Thank you in advance Dan
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.