resolved

**jkusano** · 2011-08-20, 22:36

Bill: The SASfix ran successfully.

Since my original post I have fixed the Windows Update problem using:

Register the file wuaueng.dll:
Click Start, select Run
Type: regsvr32 wuaueng.dll
Press OK.
FROM: http://www.tomshardware.com/forum/13...pdate-disabled

**jkusano** · 2011-08-20, 22:45

Also I ran SAS after the SASfix, and I no longer have the System.Broken.File.Association (HKCR\exe) coming up. So I think I'm good. Thanks for all your help.

**redcar92** · 2011-08-20, 22:47

Jkusno, please don't go yet, there is still more to do to make sure you are as clean as possible and we still need to clean up our tools.

**redcar92** · 2011-08-21, 00:19

Greetings jkusano
You have done an awesome job so far, just a little bit more.
P2P - I see you have P2P software VUZE & Conduit installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It likely contributed to your current situation.
This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Please see this topic for more information:
Perils of P2P File Sharing.
I would strongly recommend that you uninstall this/these now. You can do so via Control Panel >> Add or Remove Programs.

Next
Your Adobe appears to be down level
Please visit this site Click on the Adobe Reader icon on the right side and you will be presented with the correct Adobe for your system.
Down load and install this Adobe please.

Next
I see in your logs that you have Malwarebytes installed on your system.

Double click on MalwareBytes, mbam.exe to run it.
If Malwarebytes asks to update click on yes, if you are not asked.
Click on the Update tab then click on Check for updates.
After updates finish, click on the Scanner tab. Select Perform quick scan.
Click on Scan button.
When finished copy/paste the contents of mbam.txt into your next post please.

Next
Please use Internet Explorer to download and run the following scan: Eset Online Scanner

Place a check mark in the box YES, I accept the Terms Of Use
Click the Start button.
Now click the Install button.
Click Start. The scanner engine will initialize and update.
Do Not place a check mark in the box beside Remove found threats.
Click the Scan button. The scan will now run, please be patient.
When the scan finishes if there are any infections you will see a List of found threats.
Click Export to text file
Copy and paste the contents of the C:\Program Files\ESET\log.txt into your next reply.
If no threats are found there will be no list, this is good, just tell me that no threats were found.

Logs to post:

mbam.txt
results of ESET scan.

**jkusano** · 2011-08-21, 22:51

Bill: Here's the 2 logs you requested:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7529

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/21/2011 4:47:39 PM
mbam-log-2011-08-21 (16-47-39).txt

Scan type: Quick scan
Objects scanned: 186543
Time elapsed: 4 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

EST Log

C:\Documents and Settings\jkusano\My Documents\My Downloads\Setup_FreeBurner.exe Win32/Adware.Toolbar.Dealio application
C:\Documents and Settings\jkusano\My Documents\Setup Files\Setup_FreeBurnerN.exe Win32/Adware.Toolbar.Dealio application
F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetSpeedMonitor.zip Win32/Bagle.gen.zip worm
F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentamyy.zip Win32/Bagle.gen.zip worm

**redcar92** · 2011-08-22, 02:13

Greetings jkusano
There are a couple of file that there may still be a problem, so we shall continue.
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***
Download Combofix from any of the links below. Save it to your desktop.

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

**redcar92** · 2011-08-25, 02:46

Hey jkusano are you still with me, do you need assist with Combofix?

**jkusano** · 2011-08-26, 02:48

Bill: I plan to run it FRI. I got tied up, sorry

**redcar92** · 2011-08-26, 02:53

Thanks for the heads up.

**jkusano** · 2011-08-26, 16:42

Bill: ComboFix ran OK. Here's the log:

ComboFix 11-08-26.04 - jkusano 08/26/2011 10:14:43.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1403 [GMT -4:00]
Running from: c:\documents and settings\jkusano\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\jkusano\Templates\ackr.exe
c:\documents and settings\jkusano\Templates\fsyx.exe
c:\documents and settings\jkusano\Templates\sccw.exe
c:\documents and settings\jkusano\Templates\wqif.exe
c:\windows\system32\comct332.ocx
.
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\atapi.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-07-26 to 2011-08-26 )))))))))))))))))))))))))))))))
.
.
2011-08-24 19:39 . 2011-08-24 19:39 388096 ----a-r- c:\documents and settings\jkusano\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-24 19:39 . 2011-08-24 19:39 -------- d-----w- c:\program files\HJThis
2011-08-21 19:19 . 2011-08-21 19:19 -------- d-----w- c:\program files\ESET
2011-08-20 18:07 . 2011-08-20 19:24 -------- d-----w- c:\program files\Monkey's Audio
2011-08-20 18:07 . 2011-04-17 01:08 446464 ----a-w- c:\windows\system32\MACDll.dll
2011-08-19 22:03 . 2011-08-19 22:03 -------- d-----w- C:\_OTL
2011-08-13 20:32 . 2011-08-13 20:32 -------- d-----w- c:\program files\Microsoft Reader
2011-08-13 20:32 . 2003-06-05 21:15 57436 ----a-w- c:\windows\DASShp.dll
2011-08-13 20:32 . 2003-05-23 04:15 217174 ----a-w- c:\program files\Common Files\Microsoft Shared\ClearType\ctras.dll
2011-08-12 20:42 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-12 20:42 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-12 20:23 . 2011-08-12 20:23 -------- d-----w- c:\documents and settings\jkusano\Application Data\SUPERAntiSpyware.com
2011-08-12 20:22 . 2011-08-19 19:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-12 20:22 . 2011-08-12 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-08-07 12:13 . 2011-08-07 12:13 -------- d-----w- c:\program files\Common Files\Java
2011-08-07 12:13 . 2011-08-07 12:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-07 12:13 . 2011-08-07 12:12 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-08-07 12:13 . 2011-08-07 12:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-06 18:53 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-06 18:53 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-06 18:53 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-06 18:53 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-06 18:53 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-06 18:53 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-08-06 18:53 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-08-06 18:53 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-08-06 18:53 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-06 18:53 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-06 18:53 . 2011-08-06 18:53 -------- d-----w- c:\program files\AVAST Software
2011-08-06 18:53 . 2011-08-06 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-08-06 15:30 . 2011-08-06 15:30 -------- d-----w- c:\program files\ERUNT
2011-07-31 15:02 . 2011-07-31 15:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-07-31 14:10 . 2011-07-31 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2011-07-31 12:52 . 2011-07-31 12:53 -------- d-----w- c:\documents and settings\jkusano\Application Data\FreeBurner
2011-07-31 12:52 . 2011-07-31 12:53 -------- d-----w- c:\program files\Free Easy CD DVD Burner
2011-07-31 00:55 . 2011-07-31 00:55 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-30 14:14 . 2011-07-30 14:14 -------- d-----w- c:\documents and settings\jkusano\Local Settings\Application Data\Innovative Solutions
2011-07-30 14:14 . 2011-07-30 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2011-07-30 14:14 . 2011-07-30 14:14 -------- d-----w- c:\program files\Innovative Solutions
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-04 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 23:52 . 2010-01-18 13:00 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2010-01-18 13:00 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10 . 2009-01-10 20:08 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-15 00:16 . 2011-05-18 00:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2008-11-06 23:44 . 2008-11-06 23:44 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-11-06 23:44 . 2008-11-06 23:44 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-11-06 23:46 . 2008-11-06 23:46 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2008-08-16 22:42 . 2008-08-16 22:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 22:42 . 2008-08-16 22:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 22:42 . 2008-08-16 22:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 22:42 . 2008-08-16 22:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 22:43 . 2008-08-16 22:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 22:42 . 2008-08-16 22:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 22:42 . 2008-08-16 22:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-01-26 18:23 . 2009-01-26 18:23 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2008-05-21 13:41 . 2008-05-21 13:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 13:41 . 2008-05-21 13:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 13:41 . 2008-05-21 13:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 18:58 . 2008-06-05 18:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 22:42 . 2008-08-16 22:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"nwiz"="nwiz.exe" [2008-12-26 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"EPSON Stylus C62 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE" [2002-04-10 74240]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-10 198160]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\documents and settings\jkusano\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 14:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
2002-06-03 15:38 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE\opware32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-09-30 23:01 16864768 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\ScanSoft\\OmniPageSE\\EregEng\\NAVBrowser.exe"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57945:TCP"= 57945:TCP:Pando Media Booster
"57945:UDP"= 57945:UDP:Pando Media Booster
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"50000:UDP"= 50000:UDP:IHA_MessageCenter
"58281:TCP"= 58281:TCP:Pando Media Booster
"58281:UDP"= 58281:UDP:Pando Media Booster
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [1/18/2010 5:37 PM 28552]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/6/2011 2:53 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/6/2011 2:53 PM 309848]
R1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [8/17/2009 3:30 PM 9600]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/10/2011 7:57 PM 116608]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [10/27/2008 6:03 PM 759072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/6/2011 2:53 PM 19544]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 6:06 PM 151552]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 7:06 PM 14088]
S2 gupdate1c9afe93b2de8b8;Google Update Service (gupdate1c9afe93b2de8b8);c:\program files\Google\Update\GoogleUpdate.exe [3/28/2009 5:07 PM 133104]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [5/28/2009 5:55 PM 1527900]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/28/2009 5:07 PM 133104]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2011-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-28 21:07]
.
2011-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-28 21:07]
.
2011-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-2111687655-725345543-1003Core.job
- c:\documents and settings\jkusano\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-05 00:06]
.
2011-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-2111687655-725345543-1003UA.job
- c:\documents and settings\jkusano\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-05 00:06]
.
2011-08-26 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
FF - ProfilePath - c:\documents and settings\jkusano\Application Data\Mozilla\Firefox\Profiles\koivs1g4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.startup.homepage - hxxp://us.mg4.mail.yahoo.com/dc/launch?.gx=1&.rand=f4sbqg7rr3qop|http://groups.yahoo.com/group/Herndo...e.com/ig?hl=en
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=421&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 53677
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Rikaichan: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82} - %profile%\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
FF - Ext: Names Dictionary for rikaichan: {566D6332-1439-43bf-857E-7AD5F137AD0C} - %profile%\extensions\{566D6332-1439-43bf-857E-7AD5F137AD0C}
FF - Ext: Japanese-English Dictionary for rikaichan: {6D898772-AD34-4c16-86BB-9DE787A5DEA0} - %profile%\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
FF - Ext: <![CDATA[1-ClickWeather]]>: {DCBD1271-D228-4082-9FBC-36D9B7660B03} - %profile%\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
FF - Ext: Rikaichan Japanese-English Dictionary File: rikaichan-jpen@polarcloud.com - %profile%\extensions\rikaichan-jpen@polarcloud.com
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\jkusano\Application Data\Move Networks
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-26 10:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(760)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC
.
- - - - - - - > 'explorer.exe'(3908)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Brmfrmps.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Seagate\Seagate Dashboard\MemeoDashboard.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-08-26 10:36:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-26 14:35
ComboFix2.txt 2008-12-11 00:20
.
Pre-Run: 110,677,286,912 bytes free
Post-Run: 110,745,186,304 bytes free
.
- - End Of File - - 0A2B5AA8ECCB47EE35C6D6B58A77E8D5

Thread: resolved

Thread Tools

Display

I'm Good

Posting Permissions