suez123
2009-08-11, 02:45
Hi i have the virus msa.exe and i have tried numerous malware, anti virus etc programs to rid it. I also had a.exe but have since managed to remove that using drweb cureit
I have run combofix.exe as instructed by a previous blog on this forum. However i now have the report and no idea how to read it or where to go from here. Can someone please help me out. :)
ComboFix 09-08-10.01 - Susan Sobczak 11/08/2009 0:14.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.2045.928 [GMT 1:00]
Running from: F:\Combo-fix.exe
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
?
c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3033013587-1366545661-483371351-500
.
((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.
2009-08-08 22:26 . 2009-08-08 22:26 -------- d-----w- c:\program files\Enigma Software Group
2009-08-08 21:04 . 2009-08-09 07:48 -------- d-----w- c:\users\Susan Sobczak\DoctorWeb
2009-08-05 14:39 . 2009-08-05 14:38 145408 ----a-w- c:\windows\msa.exe
2009-07-30 10:53 . 2009-07-30 10:53 -------- d-----w- C:\Log
2009-07-30 10:52 . 2009-07-30 10:53 -------- d-----w- c:\program files\Stellar Phoenix Windows Data Recovery
2009-07-16 18:11 . 2009-07-16 18:11 -------- d-----w- c:\program files\iPod
2009-07-16 18:11 . 2009-07-16 18:11 -------- d-----w- c:\program files\iTunes
2009-07-16 18:06 . 2009-07-16 18:06 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-15 05:10 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 05:10 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 05:10 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 05:10 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 23:07 . 2009-03-14 08:31 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-08-10 23:07 . 2009-03-14 08:31 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2009-08-09 11:33 . 2007-12-18 21:40 8268 ----a-w- c:\users\Susan Sobczak\AppData\Local\d3d9caps.dat
2009-08-09 08:46 . 2007-07-30 08:55 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-08 22:27 . 2009-03-14 08:31 281324 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-08-08 22:27 . 2009-03-14 08:31 281324 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2009-08-06 09:53 . 2007-12-22 08:47 -------- d-----w- c:\users\Susan Sobczak\AppData\Roaming\Skype
2009-08-06 07:06 . 2007-12-22 08:49 -------- d-----w- c:\users\Susan Sobczak\AppData\Roaming\skypePM
2009-08-05 11:42 . 2009-06-16 18:39 -------- d-----w- c:\users\Susan Sobczak\AppData\Roaming\Spotify
2009-07-31 08:55 . 2008-04-02 08:08 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-21 21:52 . 2009-07-30 20:40 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-30 20:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-30 20:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-30 20:40 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-16 18:11 . 2007-08-03 14:14 -------- d-----w- c:\program files\Common Files\Apple
2009-07-16 02:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-16 18:39 . 2009-06-16 18:39 -------- d-----w- c:\program files\Spotify
2009-06-15 18:37 . 2007-07-30 09:30 -------- d-----w- c:\program files\Microsoft Works
2009-06-15 18:03 . 2009-06-15 18:02 -------- d-----w- c:\program files\QuickTime
2009-06-15 17:52 . 2007-08-03 08:59 104131 ----a-w- c:\users\Susan Sobczak\AppData\Roaming\nvModes.dat
2009-06-05 10:42 . 2009-06-05 10:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 10:42 . 2009-06-05 10:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2007-08-25 03:52 . 2007-12-20 21:09 300400 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-12-15 22:18 . 2008-12-15 22:18 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-07-30 09:10 . 2007-07-30 09:10 76 --sh--r- c:\windows\CT4CET.bin
2007-07-30 16:49 . 2007-07-30 16:45 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-11 446976]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Google Update"="c:\users\Susan Sobczak\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"<NO NAME>"="c:\program files\Internet Explorer\iexplore.exe" [2009-07-21 638216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-05-21 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-07-30 77824]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-15 29744]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ActivDRVAutostart"="c:\program files\ACTIV Software\ACTIVdriver\ACTIVcontrol.exe" [2005-08-18 385024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-04 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-10-04 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-29 185632]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" [2009-07-15 881920]
"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" [2008-07-07 50432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
c:\users\Susan Sobczak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Hiro-Media Client.lnk - c:\program files\Hiro-Media\HiroClient\HiroClient.exe [2009-1-22 2860312]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-7-30 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-7-30 45056]
Update Agent.lnk - c:\program files\3\3Connect\AutoUpdateSrv.exe [2008-12-30 670256]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{715AA43B-CB83-4E8D-AA60-66C4FE51E171}"= UDP:c:\users\Susan Sobczak\AppData\Local\Temp\7zSDBDD.tmp\SymNRT.exe:Norton Removal Tool
"{48780ADD-4216-494A-987E-FE1CEBD03B48}"= TCP:c:\users\Susan Sobczak\AppData\Local\Temp\7zSDBDD.tmp\SymNRT.exe:Norton Removal Tool
"TCP Query User{1EF83246-4DB9-4623-A0F2-0E4F285E8E5A}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype
"UDP Query User{B42A648D-7112-408B-8305-EF0C1B683D25}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype
"TCP Query User{951752D6-6D68-48A8-8CC9-41640EC5C1FE}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{0053FE65-F731-4B42-A467-AB50333E55FD}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{2B9C58CC-BCEF-408F-A936-A88D2AA1DCA2}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{F48E8A7A-F2A2-41AD-8CF1-4DEB9B1E1111}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{FBE39A82-4511-49EB-A958-C377524D3D48}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{12488F65-F69A-4696-B95B-E70221CE7101}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7B1C9F8F-F9CE-443F-9193-3FD73146FB8D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R0 ACTIVdrv;ACTIV Device Pen Driver;c:\windows\System32\drivers\ActivDrv.sys [19/07/2005 6:16 PM 67088]
R0 pavboot;Panda boot driver;c:\windows\System32\drivers\pavboot.sys [1/03/2009 3:18 PM 28544]
R1 APPFLT;App Filter Plugin;c:\windows\System32\drivers\APPFLT.SYS [14/03/2009 9:28 AM 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\System32\drivers\dsaflt.sys [14/03/2009 9:31 AM 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\System32\drivers\fnetmon.sys [14/03/2009 9:28 AM 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\System32\drivers\idsflt.sys [14/03/2009 9:31 AM 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\System32\drivers\NETFLTDI.SYS [14/03/2009 9:28 AM 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\System32\drivers\ShlDrv51.sys [1/03/2009 3:17 PM 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\System32\drivers\wnmflt.sys [14/03/2009 9:31 AM 46720]
R2 ActivDRVcontrol;ACTIVdriver Control;c:\program files\ACTIV Software\ACTIVdriver\ActivDRVservice.exe [13/07/2005 7:15 PM 340992]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [22/10/2007 11:50 AM 73728]
R2 AmFSM;AmFSM;c:\windows\System32\drivers\amm8660.sys [1/03/2009 3:20 PM 49208]
R2 ddnt;ddnt;c:\windows\System32\drivers\ddnt.sys [1/02/2008 1:01 PM 7072]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R2 PavProc;Panda Process Protection Driver;c:\windows\System32\drivers\PavProc.sys [1/03/2009 3:17 PM 179640]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2009\psksvc.exe [1/03/2009 3:20 PM 28928]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [30/07/2007 5:49 PM 179712]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\System32\drivers\neti1634.sys [1/03/2009 3:20 PM 197888]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [10/10/2007 6:03 PM 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [30/07/2007 5:49 PM 7424]
S3 ActivDRV_USB;ActivDRV_USB.Sys USB ACTIVboard;c:\windows\System32\drivers\ActivDRV_USB.sys [20/01/2003 4:14 AM 17232]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [21/03/2009 7:59 PM 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6/02/2009 7:08 PM 533360]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [30/07/2007 10:28 AM 29744]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
panda REG_MULTI_SZ Gwmsrv
vvdsvc REG_MULTI_SZ vvdsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033013587-1366545661-483371351-1000Core.job
- c:\users\Susan Sobczak\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 18:38]
2009-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033013587-1366545661-483371351-1000UA.job
- c:\users\Susan Sobczak\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 18:38]
2009-08-10 c:\windows\Tasks\User_Feed_Synchronization-{78781EAD-6F47-4D98-A348-1027A868362E}.job
- c:\windows\system32\msfeedssync.exe [2009-07-30 20:13]
2009-08-10 c:\windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
- c:\windows\msa.exe [2009-08-05 14:38]
.
- - - - ORPHANS REMOVED - - - -
HKLM-RunOnce-AFixOldWscUnreg - c:\windows\Temp\PSPPK2\HFSetup4.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Handler: hiro - {50BA1131-168F-4c08-A69B-4012273F222E} - c:\program files\Hiro-Media\HiroClient\OldHiroProtocolHandler.dll
Handler: hirodownload - {77F2FF4C-CEDD-4c71-8ABF-DF7CC05EFC63} - c:\program files\Hiro-Media\HiroClient\HiroProtocolHandler.dll
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\users\Susan Sobczak\AppData\Roaming\Mozilla\Firefox\Profiles\koxuxlc3.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.atcomet.com/b/
FF - prefs.js: network.proxy.http - tsrproxy
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Susan Sobczak\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-11 00:28
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(900)
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
- - - - - - - > 'lsass.exe'(784)
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
.
Completion time: 2009-08-10 0:32
ComboFix-quarantined-files.txt 2009-08-10 23:32
Pre-Run: 9,218,531,328 bytes free
Post-Run: 18,934,173,696 bytes free
303 --- E O F --- 2009-07-31 08:47
-------------------------------------------
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Do NOT run 'FIXES' before helpers have analyzed the HJT log (http://forums.spybot.info/showthread.php?t=16806 )
I have run combofix.exe as instructed by a previous blog on this forum. However i now have the report and no idea how to read it or where to go from here. Can someone please help me out. :)
ComboFix 09-08-10.01 - Susan Sobczak 11/08/2009 0:14.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.2045.928 [GMT 1:00]
Running from: F:\Combo-fix.exe
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
?
c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3033013587-1366545661-483371351-500
.
((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.
2009-08-08 22:26 . 2009-08-08 22:26 -------- d-----w- c:\program files\Enigma Software Group
2009-08-08 21:04 . 2009-08-09 07:48 -------- d-----w- c:\users\Susan Sobczak\DoctorWeb
2009-08-05 14:39 . 2009-08-05 14:38 145408 ----a-w- c:\windows\msa.exe
2009-07-30 10:53 . 2009-07-30 10:53 -------- d-----w- C:\Log
2009-07-30 10:52 . 2009-07-30 10:53 -------- d-----w- c:\program files\Stellar Phoenix Windows Data Recovery
2009-07-16 18:11 . 2009-07-16 18:11 -------- d-----w- c:\program files\iPod
2009-07-16 18:11 . 2009-07-16 18:11 -------- d-----w- c:\program files\iTunes
2009-07-16 18:06 . 2009-07-16 18:06 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-15 05:10 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 05:10 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 05:10 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 05:10 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 23:07 . 2009-03-14 08:31 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-08-10 23:07 . 2009-03-14 08:31 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2009-08-09 11:33 . 2007-12-18 21:40 8268 ----a-w- c:\users\Susan Sobczak\AppData\Local\d3d9caps.dat
2009-08-09 08:46 . 2007-07-30 08:55 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-08 22:27 . 2009-03-14 08:31 281324 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-08-08 22:27 . 2009-03-14 08:31 281324 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2009-08-06 09:53 . 2007-12-22 08:47 -------- d-----w- c:\users\Susan Sobczak\AppData\Roaming\Skype
2009-08-06 07:06 . 2007-12-22 08:49 -------- d-----w- c:\users\Susan Sobczak\AppData\Roaming\skypePM
2009-08-05 11:42 . 2009-06-16 18:39 -------- d-----w- c:\users\Susan Sobczak\AppData\Roaming\Spotify
2009-07-31 08:55 . 2008-04-02 08:08 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-21 21:52 . 2009-07-30 20:40 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-30 20:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-30 20:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-30 20:40 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-16 18:11 . 2007-08-03 14:14 -------- d-----w- c:\program files\Common Files\Apple
2009-07-16 02:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-16 18:39 . 2009-06-16 18:39 -------- d-----w- c:\program files\Spotify
2009-06-15 18:37 . 2007-07-30 09:30 -------- d-----w- c:\program files\Microsoft Works
2009-06-15 18:03 . 2009-06-15 18:02 -------- d-----w- c:\program files\QuickTime
2009-06-15 17:52 . 2007-08-03 08:59 104131 ----a-w- c:\users\Susan Sobczak\AppData\Roaming\nvModes.dat
2009-06-05 10:42 . 2009-06-05 10:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 10:42 . 2009-06-05 10:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2007-08-25 03:52 . 2007-12-20 21:09 300400 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-12-15 22:18 . 2008-12-15 22:18 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-07-30 09:10 . 2007-07-30 09:10 76 --sh--r- c:\windows\CT4CET.bin
2007-07-30 16:49 . 2007-07-30 16:45 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-11 446976]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Google Update"="c:\users\Susan Sobczak\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"<NO NAME>"="c:\program files\Internet Explorer\iexplore.exe" [2009-07-21 638216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-05-21 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-07-30 77824]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-15 29744]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ActivDRVAutostart"="c:\program files\ACTIV Software\ACTIVdriver\ACTIVcontrol.exe" [2005-08-18 385024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-04 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-10-04 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-29 185632]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" [2009-07-15 881920]
"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" [2008-07-07 50432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
c:\users\Susan Sobczak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Hiro-Media Client.lnk - c:\program files\Hiro-Media\HiroClient\HiroClient.exe [2009-1-22 2860312]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-7-30 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-7-30 45056]
Update Agent.lnk - c:\program files\3\3Connect\AutoUpdateSrv.exe [2008-12-30 670256]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{715AA43B-CB83-4E8D-AA60-66C4FE51E171}"= UDP:c:\users\Susan Sobczak\AppData\Local\Temp\7zSDBDD.tmp\SymNRT.exe:Norton Removal Tool
"{48780ADD-4216-494A-987E-FE1CEBD03B48}"= TCP:c:\users\Susan Sobczak\AppData\Local\Temp\7zSDBDD.tmp\SymNRT.exe:Norton Removal Tool
"TCP Query User{1EF83246-4DB9-4623-A0F2-0E4F285E8E5A}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype
"UDP Query User{B42A648D-7112-408B-8305-EF0C1B683D25}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype
"TCP Query User{951752D6-6D68-48A8-8CC9-41640EC5C1FE}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{0053FE65-F731-4B42-A467-AB50333E55FD}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{2B9C58CC-BCEF-408F-A936-A88D2AA1DCA2}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{F48E8A7A-F2A2-41AD-8CF1-4DEB9B1E1111}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{FBE39A82-4511-49EB-A958-C377524D3D48}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{12488F65-F69A-4696-B95B-E70221CE7101}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7B1C9F8F-F9CE-443F-9193-3FD73146FB8D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R0 ACTIVdrv;ACTIV Device Pen Driver;c:\windows\System32\drivers\ActivDrv.sys [19/07/2005 6:16 PM 67088]
R0 pavboot;Panda boot driver;c:\windows\System32\drivers\pavboot.sys [1/03/2009 3:18 PM 28544]
R1 APPFLT;App Filter Plugin;c:\windows\System32\drivers\APPFLT.SYS [14/03/2009 9:28 AM 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\System32\drivers\dsaflt.sys [14/03/2009 9:31 AM 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\System32\drivers\fnetmon.sys [14/03/2009 9:28 AM 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\System32\drivers\idsflt.sys [14/03/2009 9:31 AM 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\System32\drivers\NETFLTDI.SYS [14/03/2009 9:28 AM 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\System32\drivers\ShlDrv51.sys [1/03/2009 3:17 PM 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\System32\drivers\wnmflt.sys [14/03/2009 9:31 AM 46720]
R2 ActivDRVcontrol;ACTIVdriver Control;c:\program files\ACTIV Software\ACTIVdriver\ActivDRVservice.exe [13/07/2005 7:15 PM 340992]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [22/10/2007 11:50 AM 73728]
R2 AmFSM;AmFSM;c:\windows\System32\drivers\amm8660.sys [1/03/2009 3:20 PM 49208]
R2 ddnt;ddnt;c:\windows\System32\drivers\ddnt.sys [1/02/2008 1:01 PM 7072]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R2 PavProc;Panda Process Protection Driver;c:\windows\System32\drivers\PavProc.sys [1/03/2009 3:17 PM 179640]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2009\psksvc.exe [1/03/2009 3:20 PM 28928]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [30/07/2007 5:49 PM 179712]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\System32\drivers\neti1634.sys [1/03/2009 3:20 PM 197888]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [10/10/2007 6:03 PM 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [30/07/2007 5:49 PM 7424]
S3 ActivDRV_USB;ActivDRV_USB.Sys USB ACTIVboard;c:\windows\System32\drivers\ActivDRV_USB.sys [20/01/2003 4:14 AM 17232]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [21/03/2009 7:59 PM 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6/02/2009 7:08 PM 533360]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [30/07/2007 10:28 AM 29744]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
panda REG_MULTI_SZ Gwmsrv
vvdsvc REG_MULTI_SZ vvdsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033013587-1366545661-483371351-1000Core.job
- c:\users\Susan Sobczak\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 18:38]
2009-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033013587-1366545661-483371351-1000UA.job
- c:\users\Susan Sobczak\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 18:38]
2009-08-10 c:\windows\Tasks\User_Feed_Synchronization-{78781EAD-6F47-4D98-A348-1027A868362E}.job
- c:\windows\system32\msfeedssync.exe [2009-07-30 20:13]
2009-08-10 c:\windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
- c:\windows\msa.exe [2009-08-05 14:38]
.
- - - - ORPHANS REMOVED - - - -
HKLM-RunOnce-AFixOldWscUnreg - c:\windows\Temp\PSPPK2\HFSetup4.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Handler: hiro - {50BA1131-168F-4c08-A69B-4012273F222E} - c:\program files\Hiro-Media\HiroClient\OldHiroProtocolHandler.dll
Handler: hirodownload - {77F2FF4C-CEDD-4c71-8ABF-DF7CC05EFC63} - c:\program files\Hiro-Media\HiroClient\HiroProtocolHandler.dll
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\users\Susan Sobczak\AppData\Roaming\Mozilla\Firefox\Profiles\koxuxlc3.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.atcomet.com/b/
FF - prefs.js: network.proxy.http - tsrproxy
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Susan Sobczak\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-11 00:28
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(900)
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
- - - - - - - > 'lsass.exe'(784)
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
.
Completion time: 2009-08-10 0:32
ComboFix-quarantined-files.txt 2009-08-10 23:32
Pre-Run: 9,218,531,328 bytes free
Post-Run: 18,934,173,696 bytes free
303 --- E O F --- 2009-07-31 08:47
-------------------------------------------
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Do NOT run 'FIXES' before helpers have analyzed the HJT log (http://forums.spybot.info/showthread.php?t=16806 )