Jump to content

my mbam will not scan


Recommended Posts

here is the combo fix log.. PLease Help!!!!!!

ComboFix 09-10-12.03 - mine 10/13/2009 11:12.2.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.601 [GMT -5:00]

Running from: c:\documents and settings\mine\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security 2006 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\mine\LOCALS~1\Temp\IadHide5.dll

c:\documents and settings\mine\Local Settings\Temp\IadHide5.dll

-- Previous Run --

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

--------

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 )))))))))))))))))))))))))))))))

.

2009-10-13 16:04 . 2009-10-13 16:04 -------- d-----w- c:\documents and settings\mine\Local Settings\Application Data\Apple Computer

2009-10-13 16:03 . 2009-10-13 16:03 -------- d-----w- c:\documents and settings\mine\Logs

2009-10-13 14:42 . 2009-10-13 14:42 -------- d-----w- c:\documents and settings\mine\Local Settings\Application Data\AOL

2009-10-13 14:42 . 2009-10-13 14:42 -------- d-----w- c:\documents and settings\mine\Application Data\AOL

2009-10-13 13:40 . 2009-10-13 13:40 -------- d-----w- c:\documents and settings\mine\Application Data\Malwarebytes

2009-10-13 13:21 . 2009-10-13 13:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-10-13 13:10 . 2009-06-18 17:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys

2009-10-13 01:40 . 2009-10-13 01:40 -------- d-----w- c:\program files\Sophos

2009-10-13 01:07 . 2009-10-13 01:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AOL

2009-10-13 01:06 . 2009-10-13 01:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\AOL

2009-10-13 00:50 . 2009-10-13 00:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-10-12 21:26 . 2009-10-12 21:26 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes

2009-10-12 21:20 . 2009-10-12 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-10-12 13:02 . 2009-10-12 13:02 -------- d-----w- c:\documents and settings\Guest.YOUR-4DACD0EA75\Local Settings\Application Data\AOL

2009-10-12 13:02 . 2009-10-12 13:02 -------- d-----w- c:\documents and settings\Guest.YOUR-4DACD0EA75\Application Data\AOL

2009-10-12 11:26 . 2009-10-12 11:26 -------- d-----w- c:\documents and settings\HP_Administrator\Logs

2009-10-12 00:02 . 2009-10-12 00:12 -------- d-----w- c:\windows\BDOSCAN8

2009-10-12 00:00 . 2009-10-12 22:59 -------- d-----w- c:\program files\a-squared Free

2009-10-11 23:48 . 2009-10-11 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE

2009-10-11 23:06 . 2009-10-11 23:43 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-10-11 22:50 . 2009-10-11 22:50 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Safer Networking

2009-10-11 22:34 . 2009-10-12 21:13 -------- d-----w- c:\program files\Safer Networking

2009-10-11 21:25 . 2009-10-12 21:12 -------- d-----w- c:\program files\Free Window Registry Repair

2009-10-11 20:07 . 2009-10-11 22:28 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-10-11 20:07 . 2009-10-11 20:07 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com

2009-10-11 19:43 . 2009-10-11 19:43 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2009-10-11 19:16 . 2009-10-11 20:42 -------- d-----w- c:\program files\Uniblue

2009-10-11 19:16 . 2009-10-11 20:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Uniblue

2009-10-11 17:59 . 2009-10-11 22:39 -------- d-----w- c:\program files\spybot

2009-10-11 16:08 . 2009-10-11 16:08 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Application Data\InstallShield

2009-10-11 16:08 . 2009-10-11 16:08 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\The Weather Channel

2009-10-11 16:08 . 2009-10-11 16:08 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Local Settings\Application Data\The Weather Channel

2009-10-11 16:08 . 2009-10-11 16:08 -------- d--h--w- c:\documents and settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}

2009-10-11 04:15 . 2009-10-11 04:15 -------- d-----w- c:\program files\Avira

2009-10-11 04:15 . 2009-10-11 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-10-09 14:49 . 2009-10-09 14:49 -------- d-----w- c:\program files\Lowrance

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-13 16:28 . 2006-02-23 02:03 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-10-13 12:03 . 2009-02-25 23:04 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp

2009-10-12 23:28 . 2008-05-27 15:10 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AOL

2009-10-12 21:13 . 2008-05-27 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot

2009-10-12 11:52 . 2006-12-16 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-10-12 11:27 . 2008-06-01 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic

2009-10-12 11:21 . 2008-02-11 14:23 -------- d-----w- c:\program files\Bonjour

2009-10-12 11:21 . 2006-02-23 01:32 -------- d-----w- c:\program files\DISC

2009-10-12 11:21 . 2007-01-26 14:18 -------- d-----w- c:\program files\Freeze.com

2009-10-11 17:34 . 2006-02-23 02:05 -------- d-----w- c:\program files\Norton Internet Security

2009-10-11 17:30 . 2009-10-11 17:29 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2009-10-11 17:30 . 2009-10-11 17:29 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2009-10-11 17:30 . 2006-02-23 02:04 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2009-10-11 17:30 . 2006-02-23 02:04 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2009-10-11 17:30 . 2006-02-23 02:04 -------- d-----w- c:\program files\Symantec

2009-10-11 17:06 . 2008-01-03 14:24 -------- d-----w- c:\program files\AOL 9.1

2009-10-11 16:09 . 2009-03-28 21:37 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Application Data\mjusbsp

2009-10-11 16:08 . 2006-02-23 01:40 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-10-11 14:20 . 2006-02-23 01:32 61008 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-10-11 04:02 . 2007-04-12 19:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-10-05 23:13 . 2006-09-06 13:23 -------- d-----w- c:\program files\Print Workshop 2006

2009-09-09 19:53 . 2009-09-09 19:19 176 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat

2009-09-09 19:21 . 2009-09-09 19:21 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Template

2009-09-05 13:30 . 2008-07-23 23:02 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Application Data\Apple Computer

2009-09-01 01:49 . 2009-09-01 01:47 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Application Data\Move Networks

2009-08-26 01:30 . 2006-04-28 01:37 -------- d-----w- c:\program files\Punch! Pro

2009-08-07 00:24 . 2004-08-10 04:00 327896 ----a-w- c:\windows\system32\wucltui.dll

2009-08-07 00:24 . 2004-08-10 04:00 209632 ----a-w- c:\windows\system32\wuweb.dll

2009-08-07 00:24 . 2007-07-31 02:19 44768 ----a-w- c:\windows\system32\wups2.dll

2009-08-07 00:24 . 2007-07-31 02:19 44768 ----a-w- c:\windows\system32\wups2(2).dll

2009-08-07 00:24 . 2004-08-10 04:00 35552 ----a-w- c:\windows\system32\wups.dll

2009-08-07 00:24 . 2004-08-10 04:00 35552 ----a-w- c:\windows\system32\wups(2).dll

2009-08-07 00:24 . 2004-08-10 04:00 53472 ----a-w- c:\windows\system32\wuauclt.exe

2009-08-07 00:24 . 2004-08-10 04:00 96480 ----a-w- c:\windows\system32\cdm.dll

2009-08-07 00:23 . 2004-08-10 04:00 575704 ----a-w- c:\windows\system32\wuapi.dll

2009-08-07 00:23 . 2004-08-10 04:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll

2009-08-05 09:01 . 2004-08-10 04:00 204800 ------w- c:\windows\system32\mswebdvd.dll

2009-07-17 19:01 . 2004-08-10 04:00 58880 ----a-w- c:\windows\system32\atl.dll

2007-01-22 00:43 . 2006-12-23 02:40 0 ----a-w- c:\program files\llh.dll

2007-01-22 00:43 . 2006-12-23 02:32 7176 ----a-w- c:\program files\ARA.ini

2006-12-23 02:40 . 2006-12-23 02:40 679936 ----a-w- c:\program files\libeay32.dll

2006-12-23 02:40 . 2006-12-23 02:40 59904 ----a-w- c:\program files\zlib1.dll

2006-12-23 02:40 . 2006-12-23 02:40 147728 ----a-w- c:\program files\ASYCFILT.DLL

2006-12-23 02:40 . 2006-12-23 02:40 147456 ----a-w- c:\program files\ssleay32.dll

2006-12-23 02:32 . 2006-12-23 02:32 77824 ----a-w- c:\program files\DM.dll

2006-12-23 02:32 . 2006-12-23 02:32 995410 ----a-w- c:\program files\MFC42LU.DLL

2006-12-23 02:32 . 2006-12-23 02:32 393216 ----a-w- c:\program files\MSLUP60.dll

2006-12-23 02:32 . 2006-12-23 02:32 258352 ----a-w- c:\program files\UNICOWS.DLL

2006-12-23 02:32 . 2006-12-23 02:32 237568 ----a-w- c:\program files\MSLURT.dll

2006-10-31 01:27 . 2006-10-31 01:27 0 ----a-w- c:\program files\Common Files\err.log

.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2006-02-23 01:32 . 2006-02-23 01:32 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

2006-02-23 02:12 . 2005-11-10 00:29 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe

2006-02-23 02:12 . 2005-11-10 00:29 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

2006-02-23 00:47 . 2005-06-02 06:35 49152 c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak\hphupd08.exe

2006-02-23 00:47 . 2005-06-02 06:35 49152 c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

2005-05-12 14:12 . 2005-05-12 14:12 49152 c:\program files\HP\HP Software Update\bak\HPwuSchd2.exe

2007-05-08 21:24 . 2007-05-08 21:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

2006-10-23 23:50 . 2005-11-10 18:03 36975 c:\program files\Java\jre1.5.0_06\bin\bak\jusched.exe

2005-11-01 17:01 . 2005-11-01 17:01 90112 c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\bak\DMAScheduler.exe

2005-11-01 17:01 . 2005-11-01 17:01 90112 c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe

2006-10-29 04:05 . 2006-10-24 21:10 4662776 c:\program files\Yahoo!\Messenger\bak\YAHOOM~1.EXE

2006-02-23 01:45 . 2004-12-14 10:23 663552 c:\windows\CREATOR\bak\Remind_XP.exe

2006-02-23 01:45 . 2004-12-14 10:23 663552 c:\windows\CREATOR\Remind_XP.exe

2004-08-10 10:04 . 2005-08-06 04:56 64512 c:\windows\ehome\bak\ehtray.exe

2004-08-10 10:04 . 2005-08-06 04:56 64512 c:\windows\ehome\ehtray.exe

2006-02-23 01:45 . 2005-07-23 06:14 237568 c:\windows\SMINST\bak\RECGUARD.EXE

2006-02-23 01:45 . 2005-07-23 06:14 237568 c:\windows\SMINST\Recguard.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"AOL Fast Start"="c:\progra~1\AOL9~1.1\AOL.EXE" [2007-10-27 50528]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]

"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]

"DISCover"="c:\program files\DISC\DISCover.exe" [N/A]

"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-12 61440]

"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

"HostManager"="c:\program files\Common Files\AOL\1225479186\ee\AOLSoftware.exe" [2008-06-24 41824]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [N/A]

"SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-25 1519616]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-01-23 15969280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\Guest.YOUR-4DACD0EA75\Start Menu\Programs\Startup\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-22 27136]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\

MEMonitor.lnk - c:\program files\Sprint music manager\MEMonitor.exe [2008-2-19 983040]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2008-5-27 1470480]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-12 972064]

Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-2-22 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\DISC\\DiscStreamHub.exe"=

"c:\\Program Files\\DISC\\myFTP.exe"=

"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\AOL 9.1\\waol.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\Carrie.YOUR-4DACD0EA75\\Application Data\\mjusbsp\\magicJack.exe"=

"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

"c:\\Documents and Settings\\HP_Administrator\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"135:TCP"= 135:TCP:DCOM(135)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

"AllowInboundTimestampRequest"= 1 (0x1)

"AllowInboundMaskRequest"= 1 (0x1)

"AllowInboundRouterRequest"= 1 (0x1)

R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [10/13/2009 8:10 AM 18816]

S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1.tmp --> c:\windows\system32\1.tmp [?]

S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]

S3 XoftSpyService;XoftSpyService;"c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe" --> c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

2009-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2009-10-11 c:\windows\Tasks\Norton Security Scan for Carrie.job

- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-17 00:58]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html

IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html

IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html

.

- - - - ORPHANS REMOVED - - - -

BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)

Toolbar-Locked - (no file)

AddRemove-SuperiorCasino - c:\program files\SuperiorCasino\uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-13 11:57

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\1.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@DACL=(02 0010)

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@DACL=(02 0010)

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@DACL=(02 0010)

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

@DACL=(02 0000)

"Installed"="1"

@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

@DACL=(02 0000)

"NoChange"="1"

"Installed"="1"

@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

@DACL=(02 0000)

"Installed"="1"

@=""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2460)

c:\docume~1\mine\LOCALS~1\Temp\IadHide5.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE

c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE

c:\program files\Common Files\Symantec Shared\CCPROXY.EXE

c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

c:\program files\a-squared Free\a2service.exe

c:\windows\arservice.exe

c:\windows\ehome\ehrecvr.exe

c:\windows\ehome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE

c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wscntfy.exe

c:\windows\ehome\ehmsas.exe

c:\progra~1\AOL9~1.1\waol.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\AOL\ACS\AOLacsd.exe

c:\progra~1\AOL9~1.1\shellmon.exe

.

**************************************************************************

.

Completion time: 2009-10-13 12:04 - machine was rebooted

ComboFix-quarantined-files.txt 2009-10-13 17:04

Pre-Run: 83,890,946,048 bytes free

Post-Run: 85,394,812,928 bytes free

333 --- E O F --- 2009-10-12 08:00

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.