Jump to content

Recommended Posts

I followed the instructions posted on this thread since I had the same problem:

http://forums.malwarebytes.org/index.php?showtopic=79312

...and stopped when I ran into the part that said: Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system. so now I'm kinda stuck.

I ran ComboFix and have the log below but can't really go any further since I'd rather not risk doing more harm than good.

Kenny94 was the user than assisted in the other thread if that makes any difference/helps.

Thanks for any help!

ComboFix 11-05-04.03 - Marc & Kat 04/05/2011 23:59:35.1.2 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2302.1676 [GMT -4:00]

Running from: c:\documents and settings\Marc & Kat\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Sunbelt VIPRE *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Marc & Kat\Application Data\inst.exe

c:\documents and settings\Marc & Kat\Start Menu\Programs\Windows Recovery

c:\windows\jestertb.dll

c:\windows\system32\autorun.ini

c:\windows\system32\autorun\Drivers\LAN\WIN2000\_desktop.ini

c:\windows\system32\autorun\Drivers\LAN\WIN98SE\_desktop.ini

c:\windows\system32\autorun\Drivers\LAN\WINME\_desktop.ini

c:\windows\system32\autorun\Drivers\LAN\WINXP\_desktop.ini

D:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-04-05 to 2011-05-05 )))))))))))))))))))))))))))))))

.

.

2011-05-04 19:08 . 2011-05-04 19:08 -------- d-----w- c:\program files\Common Files\Java

2011-05-04 05:58 . 2011-04-08 18:48 74840 ------w- c:\windows\system32\drivers\sbapifs.sys

2011-05-04 05:58 . 2011-04-08 18:48 21592 ------w- c:\windows\system32\drivers\sbaphd.sys

2011-05-04 05:50 . 2011-05-04 05:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt

2011-05-04 05:49 . 2011-05-04 05:49 -------- d-----w- c:\documents and settings\Marc & Kat\Application Data\Sunbelt

2011-05-04 05:43 . 2011-04-05 21:35 212568 ------w- c:\windows\system32\drivers\sbtis.sys

2011-05-04 04:14 . 2006-06-19 16:01 69632 ------w- c:\windows\system32\ztvcabinet.dll

2011-05-04 04:14 . 2006-05-25 18:52 162304 ------w- c:\windows\system32\ztvunrar36.dll

2011-05-04 04:14 . 2005-08-26 04:50 77312 ------w- c:\windows\system32\ztvunace26.dll

2011-05-04 04:14 . 2003-02-02 23:06 153088 ------w- c:\windows\system32\unrar3.dll

2011-05-04 04:14 . 2002-03-06 04:00 75264 ------w- c:\windows\system32\unacev2.dll

2011-05-04 04:14 . 2011-05-04 04:14 -------- d-----w- c:\documents and settings\Marc & Kat\Application Data\Simply Super Software

2011-05-04 04:14 . 2011-05-04 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software

2011-05-04 03:47 . 2011-05-04 03:47 -------- d-----w- c:\program files\Panda Security

2011-04-22 17:28 . 2011-04-22 17:28 42832 ------w- c:\windows\system32\sbbd.exe

2011-04-16 23:01 . 2011-04-16 23:01 -------- d-----w- c:\documents and settings\Marc & Kat\Application Data\Uniblue

2011-04-16 23:01 . 2011-04-16 23:01 -------- d-----w- c:\program files\Uniblue

2011-04-16 22:44 . 2011-04-16 22:44 -------- d-----w- c:\documents and settings\Marc & Kat\Local Settings\Application Data\PackageAware

2011-04-16 16:54 . 2011-04-16 16:54 -------- d-----w- c:\documents and settings\Marc & Kat\Application Data\GARMIN

2011-04-12 22:57 . 2011-04-12 22:57 -------- d-----w- c:\program files\Westward Kingdoms

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-18 17:25 . 2010-09-23 22:44 40112 ------w- c:\windows\avastSS.scr

2011-04-18 17:25 . 2010-01-24 22:10 199304 ------w- c:\windows\system32\aswBoot.exe

2011-04-18 17:17 . 2011-03-26 17:56 441176 ------w- c:\windows\system32\drivers\aswSnx.sys

2011-04-18 17:17 . 2010-01-24 22:11 307288 ------w- c:\windows\system32\drivers\aswSP.sys

2011-04-18 17:16 . 2010-01-24 22:11 49240 ------w- c:\windows\system32\drivers\aswTdi.sys

2011-04-18 17:16 . 2010-01-24 22:11 102488 ------w- c:\windows\system32\drivers\aswmon2.sys

2011-04-18 17:16 . 2010-01-24 22:11 96344 ------w- c:\windows\system32\drivers\aswmon.sys

2011-04-18 17:13 . 2010-01-24 22:11 25432 ------w- c:\windows\system32\drivers\aswRdr.sys

2011-04-18 17:13 . 2010-01-24 22:11 30680 ------w- c:\windows\system32\drivers\aavmker4.sys

2011-04-18 17:12 . 2010-01-24 22:11 19544 ------w- c:\windows\system32\drivers\aswFsBlk.sys

2011-04-15 23:53 . 2011-03-25 15:27 0 ------w- c:\windows\system32\ConduitEngine.tmp

2011-03-07 05:33 . 2004-08-11 00:00 692736 ------w- c:\windows\system32\inetcomm.dll

2011-03-05 17:39 . 2011-03-05 17:39 323624 ------w- c:\windows\system32\wiaaut.dll

2011-03-04 06:37 . 2004-08-11 00:00 420864 ------w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2004-08-11 00:00 1857920 ------w- c:\windows\system32\win32k.sys

2011-02-22 23:06 . 2006-01-09 15:02 916480 ------w- c:\windows\system32\wininet.dll

2011-02-22 23:06 . 2004-08-11 00:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06 . 2004-08-11 00:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:42 . 2004-08-11 00:00 385024 ------w- c:\windows\system32\html.iec

2011-02-17 13:18 . 2004-08-11 00:00 455936 ------w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2004-08-11 00:00 357888 ------w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:32 . 2010-01-24 08:01 5120 ------w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2004-08-11 00:00 290432 ------w- c:\windows\system32\atmfd.dll

2011-02-11 13:25 . 2004-08-11 00:00 229888 ------w- c:\windows\system32\fxscover.exe

2011-02-08 13:33 . 2004-08-11 00:00 978944 ------w- c:\windows\system32\mfc42.dll

2011-02-08 13:33 . 2004-08-11 00:00 974848 ------w- c:\windows\system32\mfc42u.dll

2011-02-04 21:48 . 2005-08-05 18:01 456192 ------w- c:\windows\system32\encdec.dll

2011-02-04 21:48 . 2005-08-05 18:01 291840 ------w- c:\windows\system32\sbe.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-04-18 17:25 122512 ------w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-01-14 274608]

"SBAMTray"="d:\sunbelt software\VIPRE\SBAMTray.exe" [2011-04-22 1353040]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 159472]

"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2008-09-10 237568]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]

"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-06-04 662016]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-11 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-11 455168]

"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-11 59392]

"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-11 208952]

"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"BisonBar"="c:\windows\BUtilityBar\BisonBar.exe" [2006-09-08 245760]

"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-15 53248]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\superantispyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- d:\superantispyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Messenger\\MSMSGS.EXE"=

"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6112:TCP"= 6112:TCP:Blizzard Downloader

"31040:TCP"= 31040:TCP:UtorrentT

"31040:UDP"= 31040:UDP:Utorrentu

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28/12/2010 1:39 PM 420920]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [26/03/2011 1:56 PM 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24/01/2010 6:11 PM 307288]

R1 SASDIFSV;SASDIFSV;d:\superantispyware\sasdifsv.sys [17/02/2010 2:25 PM 12872]

R1 SASKUTIL;SASKUTIL;d:\superantispyware\SASKUTIL.SYS [10/05/2010 2:41 PM 67656]

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [04/05/2011 1:58 AM 21592]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [27/01/2011 9:04 AM 103256]

R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [04/05/2011 1:43 AM 212568]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24/01/2010 6:11 PM 19544]

R2 SBAMSvc;VIPRE Antivirus;d:\sunbelt software\VIPRE\SBAMSvc.exe [22/04/2011 1:27 PM 2804280]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [04/05/2011 1:58 AM 74840]

R2 SBPIMSvc;SB Recovery Service;d:\sunbelt software\VIPRE\SBPIMSvc.exe [22/04/2011 1:27 PM 181584]

S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]

S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]

S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [24/11/2010 10:21 AM 33792]

S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913d.sys [01/02/2011 1:38 PM 29522]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;"c:\program files\Zune\WMZuneComm.exe" --> c:\program files\Zune\WMZuneComm.exe [?]

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-775571373-3778170501-3342836321-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 15:33]

.

2011-05-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-775571373-3778170501-3342836321-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 15:33]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.tsn.ca/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uInternet Connection Wizard,ShellNext = hxxp://en.ca.acer.yahoo.com/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ycomp/defaults/su/*http://ca.yahoo.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

DPF: {6BE2ABE1-B432-491A-81AE-6B6EE7628570} - hxxp://thepunisher.mvix.net:8080/mBox.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://217.173.193.218/activex/AMC.cab

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-LaunchApp - (no file)

SafeBoot-WudfPf

SafeBoot-WudfRd

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-05 00:14

Windows 5.1.2600 Service Pack 3 FAT NTAPI

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(784)

d:\superantispyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2011-05-05 00:18:28

ComboFix-quarantined-files.txt 2011-05-05 04:18

.

Pre-Run: 15,034,351,616 bytes free

Post-Run: 20,990,853,120 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer

.

- - End Of File - - E8451F651B05E2FD7D9EF691A898970F

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

I notice that you are using more than one antivirus program (Sunbelt and avast). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

Thank you for the reply. Here is the MBAM log and the DDS.txt below it.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6533

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

08/05/2011 4:46:38 PM

mbam-log-2011-05-08 (16-46-38).txt

Scan type: Quick scan

Objects scanned: 162045

Time elapsed: 14 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_11-03-05.01) - FAT32x86

Run by Marc & Kat at 16:52:13.17 on 08/05/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2302.1525 [GMT -4:00]

.

AV: Sunbelt VIPRE *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Real\RealPlayer\update\realsched.exe

D:\Sunbelt Software\VIPRE\SBAMTray.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\vsnp2uvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\BUtilityBar\BisonBar.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\eHome\ehmsas.exe

svchost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\HPZipm12.exe

D:\Sunbelt Software\VIPRE\SBAMSvc.exe

D:\Sunbelt Software\VIPRE\SBPIMSvc.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Marc & Kat\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.tsn.ca/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uInternet Connection Wizard,ShellNext = hxxp://en.ca.acer.yahoo.com/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ycomp/defaults/su/*http://ca.yahoo.com

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {00000000-0000-0000-0000-000000000000} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [sBAMTray] "d:\sunbelt software\vipre\SBAMTray.exe"

mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"

mRun: [tsnp2uvc] c:\windows\tsnp2uvc.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [snp2uvc] c:\windows\vsnp2uvc.exe

mRun: [skyTel] SkyTel.EXE

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [bisonBar] c:\windows\butilitybar\BisonBar.exe

mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe

mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264321668140

DPF: {6BE2ABE1-B432-491A-81AE-6B6EE7628570} - hxxp://thepunisher.mvix.net:8080/mBox.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://217.173.193.218/activex/AMC.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://svat.webex.com/client/T27LB/support/ieatgpc.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - d:\superantispyware\SASWINLO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\superantispyware\SASSEH.DLL

.

============= SERVICES / DRIVERS ===============

.

R1 SASDIFSV;SASDIFSV;d:\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;d:\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2011-5-4 21592]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-1-27 103256]

R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-5-4 212568]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 SBAMSvc;VIPRE Antivirus;d:\sunbelt software\vipre\SBAMSvc.exe [2011-4-22 2804280]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-5-4 74840]

R2 SBPIMSvc;SB Recovery Service;d:\sunbelt software\vipre\SBPIMSvc.exe [2011-4-22 181584]

S1 MpKsl50b8d269;MpKsl50b8d269;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bf8f245a-a29c-431e-ae1e-c50fc50aed69}\mpksl50b8d269.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bf8f245a-a29c-431e-ae1e-c50fc50aed69}\MpKsl50b8d269.sys [?]

S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\elock2burnerlockdriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]

S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\elock2fsctldriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]

S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2010-11-24 33792]

S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913d.sys [2011-2-1 29522]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;"c:\program files\zune\wmzunecomm.exe" --> c:\program files\zune\WMZuneComm.exe [?]

.

=============== Created Last 30 ================

.

2011-05-08 20:26:46 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-05-08 02:07:54 -------- d-sh--w- C:\Recycled

2011-05-08 02:01:02 -------- d-----w- c:\docume~1\marc&k~1\applic~1\Malwarebytes

2011-05-08 02:00:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-08 02:00:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-05-08 02:00:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-08 02:00:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-07 06:31:53 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-05 22:26:24 -------- d-----w- c:\program files\Downloaded Installations

2011-05-05 03:58:01 -------- d-sha-r- C:\cmdcons

2011-05-05 03:55:43 98816 ----a-w- c:\windows\sed.exe

2011-05-05 03:55:43 89088 ----a-w- c:\windows\MBR.exe

2011-05-05 03:55:43 256512 ----a-w- c:\windows\PEV.exe

2011-05-05 03:55:43 161792 ----a-w- c:\windows\SWREG.exe

2011-05-04 05:58:53 74840 ------w- c:\windows\system32\drivers\sbapifs.sys

2011-05-04 05:58:52 21592 ------w- c:\windows\system32\drivers\sbaphd.sys

2011-05-04 05:50:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Sunbelt

2011-05-04 05:49:47 -------- d-----w- c:\docume~1\marc&k~1\applic~1\Sunbelt

2011-05-04 05:43:46 212568 ------w- c:\windows\system32\drivers\sbtis.sys

2011-05-04 04:14:20 77312 ------w- c:\windows\system32\ztvunace26.dll

2011-05-04 04:14:20 75264 ------w- c:\windows\system32\unacev2.dll

2011-05-04 04:14:20 69632 ------w- c:\windows\system32\ztvcabinet.dll

2011-05-04 04:14:20 162304 ------w- c:\windows\system32\ztvunrar36.dll

2011-05-04 04:14:20 153088 ------w- c:\windows\system32\unrar3.dll

2011-05-04 04:14:13 -------- d-----w- c:\docume~1\marc&k~1\applic~1\Simply Super Software

2011-05-04 04:14:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software

2011-05-04 03:47:49 -------- d-----w- c:\program files\Panda Security

2011-04-22 17:28:24 42832 ------w- c:\windows\system32\sbbd.exe

2011-04-16 23:01:07 -------- d-----w- c:\docume~1\marc&k~1\applic~1\Uniblue

2011-04-16 23:01:02 -------- d-----w- c:\program files\Uniblue

2011-04-16 22:44:32 -------- d-----w- c:\docume~1\marc&k~1\locals~1\applic~1\PackageAware

2011-04-16 16:54:17 -------- d-----w- c:\docume~1\marc&k~1\applic~1\GARMIN

2011-04-12 22:57:40 -------- d-----w- c:\program files\Westward Kingdoms

.

==================== Find3M ====================

.

2011-04-15 23:53:40 0 ------w- c:\windows\system32\ConduitEngine.tmp

2011-03-07 05:33:50 692736 ------w- c:\windows\system32\inetcomm.dll

2011-03-05 17:39:40 323624 ------w- c:\windows\system32\wiaaut.dll

2011-03-04 06:37:06 420864 ------w- c:\windows\system32\vbscript.dll

2011-03-03 13:21:12 1857920 ------w- c:\windows\system32\win32k.sys

2011-02-22 23:06:30 916480 ------w- c:\windows\system32\wininet.dll

2011-02-22 23:06:30 43520 ------w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:42:00 385024 ------w- c:\windows\system32\html.iec

2011-02-17 12:32:12 5120 ------w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56:40 290432 ------w- c:\windows\system32\atmfd.dll

2011-02-11 13:25:52 229888 ------w- c:\windows\system32\fxscover.exe

2011-02-08 13:33:56 978944 ------w- c:\windows\system32\mfc42.dll

2011-02-08 13:33:56 974848 ------w- c:\windows\system32\mfc42u.dll

.

============= FINISH: 16:54:28.17 ===============

Link to post
Share on other sites

ComboFix 11-05-13.03 - Marc & Kat 14/05/2011 11:12:19.3.2 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2302.1670 [GMT -4:00]

Running from: c:\documents and settings\Marc & Kat\Desktop\ComboFix.exe

AV: Sunbelt VIPRE *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}

.

.

((((((((((((((((((((((((( Files Created from 2011-04-14 to 2011-05-14 )))))))))))))))))))))))))))))))

.

.

2011-05-08 20:26 . 2011-05-08 20:26 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-05-08 02:01 . 2011-05-08 02:01 -------- d-----w- c:\documents and settings\Marc & Kat\Application Data\Malwarebytes

2011-05-08 02:00 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-08 02:00 . 2011-05-08 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-05-08 02:00 . 2011-05-08 02:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-08 02:00 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-07 06:31 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-05 22:26 . 2011-05-05 22:26 -------- d-----w- c:\program files\Downloaded Installations

2011-05-04 19:08 . 2011-05-04 19:08 -------- d-----w- c:\program files\Common Files\Java

2011-05-04 05:58 . 2011-04-08 18:48 74840 ------w- c:\windows\system32\drivers\sbapifs.sys

2011-05-04 05:58 . 2011-04-08 18:48 21592 ------w- c:\windows\system32\drivers\sbaphd.sys

2011-05-04 05:50 . 2011-05-04 05:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt

2011-05-04 05:49 . 2011-05-04 05:49 -------- d-----w- c:\documents and settings\Marc & Kat\Application Data\Sunbelt

2011-05-04 05:43 . 2011-04-05 21:35 212568 ------w- c:\windows\system32\drivers\sbtis.sys

2011-05-04 04:14 . 2006-06-19 16:01 69632 ------w- c:\windows\system32\ztvcabinet.dll

2011-05-04 04:14 . 2006-05-25 18:52 162304 ------w- c:\windows\system32\ztvunrar36.dll

2011-05-04 04:14 . 2005-08-26 04:50 77312 ------w- c:\windows\system32\ztvunace26.dll

2011-05-04 04:14 . 2003-02-02 23:06 153088 ------w- c:\windows\system32\unrar3.dll

2011-05-04 04:14 . 2002-03-06 04:00 75264 ------w- c:\windows\system32\unacev2.dll

2011-05-04 04:14 . 2011-05-04 04:14 -------- d-----w- c:\documents and settings\Marc & Kat\Application Data\Simply Super Software

2011-05-04 04:14 . 2011-05-04 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software

2011-05-04 03:47 . 2011-05-04 03:47 -------- d-----w- c:\program files\Panda Security

2011-04-22 17:28 . 2011-04-22 17:28 42832 ------w- c:\windows\system32\sbbd.exe

2011-04-16 23:01 . 2011-04-16 23:01 -------- d-----w- c:\documents and settings\Marc & Kat\Application Data\Uniblue

2011-04-16 23:01 . 2011-04-16 23:01 -------- d-----w- c:\program files\Uniblue

2011-04-16 22:44 . 2011-04-16 22:44 -------- d-----w- c:\documents and settings\Marc & Kat\Local Settings\Application Data\PackageAware

2011-04-16 16:54 . 2011-04-16 16:54 -------- d-----w- c:\documents and settings\Marc & Kat\Application Data\GARMIN

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-15 23:53 . 2011-03-25 15:27 0 ------w- c:\windows\system32\ConduitEngine.tmp

2011-03-07 05:33 . 2004-08-11 00:00 692736 ------w- c:\windows\system32\inetcomm.dll

2011-03-05 17:39 . 2011-03-05 17:39 323624 ------w- c:\windows\system32\wiaaut.dll

2011-03-04 06:37 . 2004-08-11 00:00 420864 ------w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2004-08-11 00:00 1857920 ------w- c:\windows\system32\win32k.sys

2011-02-22 23:06 . 2006-01-09 15:02 916480 ------w- c:\windows\system32\wininet.dll

2011-02-22 23:06 . 2004-08-11 00:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06 . 2004-08-11 00:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:42 . 2004-08-11 00:00 385024 ------w- c:\windows\system32\html.iec

2011-02-17 13:18 . 2004-08-11 00:00 455936 ------w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2004-08-11 00:00 357888 ------w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:32 . 2010-01-24 08:01 5120 ------w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2004-08-11 00:00 290432 ------w- c:\windows\system32\atmfd.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-01-14 274608]

"SBAMTray"="d:\sunbelt software\VIPRE\SBAMTray.exe" [2011-04-22 1353040]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 159472]

"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2008-09-10 237568]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]

"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-06-04 662016]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-11 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-11 455168]

"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-11 59392]

"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-11 208952]

"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"BisonBar"="c:\windows\BUtilityBar\BisonBar.exe" [2006-09-08 245760]

"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-15 53248]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\superantispyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- d:\superantispyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Messenger\\MSMSGS.EXE"=

"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6112:TCP"= 6112:TCP:Blizzard Downloader

"31040:TCP"= 31040:TCP:UtorrentT

"31040:UDP"= 31040:UDP:Utorrentu

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28/12/2010 1:39 PM 420920]

R1 SASDIFSV;SASDIFSV;d:\superantispyware\sasdifsv.sys [17/02/2010 2:25 PM 12872]

R1 SASKUTIL;SASKUTIL;d:\superantispyware\SASKUTIL.SYS [10/05/2010 2:41 PM 67656]

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [04/05/2011 1:58 AM 21592]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [27/01/2011 9:04 AM 103256]

R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [04/05/2011 1:43 AM 212568]

R2 SBAMSvc;VIPRE Antivirus;d:\sunbelt software\VIPRE\SBAMSvc.exe [22/04/2011 1:27 PM 2804280]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [04/05/2011 1:58 AM 74840]

R2 SBPIMSvc;SB Recovery Service;d:\sunbelt software\VIPRE\SBPIMSvc.exe [22/04/2011 1:27 PM 181584]

S1 MpKsl50b8d269;MpKsl50b8d269;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BF8F245A-A29C-431E-AE1E-C50FC50AED69}\MpKsl50b8d269.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BF8F245A-A29C-431E-AE1E-C50FC50AED69}\MpKsl50b8d269.sys [?]

S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]

S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]

S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [24/11/2010 10:21 AM 33792]

S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913d.sys [01/02/2011 1:38 PM 29522]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;"c:\program files\Zune\WMZuneComm.exe" --> c:\program files\Zune\WMZuneComm.exe [?]

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-775571373-3778170501-3342836321-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 15:33]

.

2011-05-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-775571373-3778170501-3342836321-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 15:33]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.tsn.ca/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uInternet Connection Wizard,ShellNext = hxxp://en.ca.acer.yahoo.com/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ycomp/defaults/su/*http://ca.yahoo.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

DPF: {6BE2ABE1-B432-491A-81AE-6B6EE7628570} - hxxp://thepunisher.mvix.net:8080/mBox.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://217.173.193.218/activex/AMC.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-14 11:18

Windows 5.1.2600 Service Pack 3 FAT NTAPI

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(752)

d:\superantispyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(3120)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-05-14 11:20:12

ComboFix-quarantined-files.txt 2011-05-14 15:20

ComboFix2.txt 2011-05-08 01:53

ComboFix3.txt 2011-05-05 04:18

.

Pre-Run: 21,496,168,448 bytes free

Post-Run: 22,117,613,568 bytes free

.

- - End Of File - - 1E6EB635B1C7AA17FB5454C12C6C5344

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Please see:

HijackThis Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.