Help
This topic is locked
Volume in drive C is PRESARIO
Volume Serial Number is B8A6-07B5
Directory of c:\program files
05/07/2009 11:56 PM <DIR> .
05/07/2009 11:56 PM <DIR> ..
07/06/2006 05:27 PM <DIR> Adobe
21/09/2008 08:16 PM <DIR> Apple Software Update
21/09/2008 12:02 PM <DIR> Avira
02/04/2007 11:42 AM <DIR> BearShare Applications
02/07/2009 07:02 PM <DIR> CCleaner
30/06/2009 04:34 PM <DIR> Common Files
16/01/2007 12:49 PM <DIR> Compact Wireless-G USB Adapter Wireless Network Monitor
07/06/2006 05:36 PM <DIR> Compaq Connections
11/11/2005 05:56 PM <DIR> ComPlus Applications
07/06/2006 05:11 PM <DIR> CONEXANT
07/11/2007 07:46 PM <DIR> DISC
22/08/2008 11:14 PM <DIR> DivX
07/06/2006 04:49 PM <DIR> EnglishOtto
07/06/2006 04:49 PM <DIR> GemMaster
07/06/2006 05:46 PM <DIR> Google
07/06/2006 05:43 PM <DIR> Hewlett-Packard
07/06/2006 05:26 PM <DIR> HP
07/06/2006 05:24 PM <DIR> HP Games
07/06/2006 05:19 PM <DIR> HP Rhapsody
10/09/2008 06:15 PM <DIR> InstallShield Installation Information
15/06/2009 03:26 PM <DIR> Internet Explorer
01/07/2009 05:06 PM <DIR> Java
23/08/2008 03:34 PM <DIR> Lavasoft
04/09/2008 11:37 AM <DIR> Messenger
05/08/2006 11:47 PM <DIR> Microsoft ActiveSync
08/09/2008 07:50 PM <DIR> Microsoft CAPICOM 2.1.0.2
14/11/2005 08:06 PM <DIR> microsoft frontpage
23/08/2008 05:36 PM <DIR> Microsoft Money 2006
09/04/2008 02:39 PM <DIR> Microsoft Office
24/02/2009 09:21 PM <DIR> Microsoft SDKs
17/04/2009 12:06 PM <DIR> Microsoft Silverlight
28/02/2009 06:16 PM <DIR> Microsoft SQL Server
24/02/2009 09:25 PM <DIR> Microsoft SQL Server Compact Edition
24/02/2009 09:25 PM <DIR> Microsoft Synchronization Services
07/06/2006 05:31 PM <DIR> Microsoft Visual Studio
28/02/2009 06:16 PM <DIR> Microsoft Visual Studio 9.0
07/06/2006 05:30 PM <DIR> Microsoft Works
09/04/2009 08:43 PM <DIR> Microsoft.NET
04/09/2008 11:33 AM <DIR> Movie Maker
20/01/2007 09:16 PM <DIR> Mozilla Firefox
24/02/2009 09:19 PM <DIR> MSBuild
09/04/2008 02:39 PM <DIR> MSECache
14/11/2005 08:07 PM <DIR> MSN
07/06/2006 05:18 PM <DIR> MSN Encarta Standard
14/11/2005 08:07 PM <DIR> MSN Gaming Zone
16/11/2006 09:47 AM <DIR> MSXML 4.0
24/02/2009 09:58 PM <DIR> MSXML 6.0
04/10/2008 03:49 PM <DIR> music_now
05/08/2006 11:54 PM <DIR> Nero
04/09/2008 11:31 AM <DIR> NetMeeting
07/06/2006 05:19 PM <DIR> Netscape
09/05/2007 08:52 PM <DIR> Online Services
04/09/2008 11:31 AM <DIR> Outlook Express
23/08/2008 12:56 AM <DIR> PC-Doctor 5 for Windows
07/06/2006 05:41 PM <DIR> PC-Doctor for DOS
07/06/2006 05:33 PM <DIR> Quicken
21/09/2008 08:16 PM <DIR> QuickTime
07/06/2006 05:18 PM <DIR> Real
24/02/2009 09:19 PM <DIR> Reference Assemblies
26/04/2009 10:07 PM <DIR> Research In Motion
13/01/2007 04:38 PM <DIR> Samsung
03/02/2007 02:19 AM <DIR> Serif
07/06/2006 05:25 PM <DIR> Sonic
03/05/2009 02:50 PM <DIR> Spybot - Search & Destroy
30/04/2009 12:32 AM <DIR> SUPERAntiSpyware
09/09/2008 09:11 PM <DIR> Trend Micro
11/11/2005 05:56 PM <DIR> Uninstall Information
14/08/2006 04:12 PM <DIR> ValuSoft
07/06/2006 05:24 PM <DIR> WildTangent
23/01/2007 09:15 PM <DIR> Windows Media Connect 2
23/01/2007 09:15 PM <DIR> Windows Media Player
04/09/2008 11:31 AM <DIR> Windows NT
14/11/2005 08:08 PM <DIR> Windows Plus
11/11/2005 05:56 PM <DIR> WindowsUpdate
06/09/2006 11:31 PM 251 wt3d.ini
14/11/2005 08:08 PM <DIR> xerox
17/01/2007 07:06 PM <DIR> Yahoo!
1 File(s) 251 bytes
78 Dir(s) 171,086,860,288 bytes free
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient. DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
My computer needs a lobotomy
#31
- Member
-
- Group: Members
- Posts: 109
- Joined: 23-August 08
- Gender:Female
- Location:TEXAS
Posted 06 July 2009 - 12:27 PM
If you have to sneak and do it, Then you dont need to do it!
Back to top
#32
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,810
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 06 July 2009 - 12:37 PM
- Please go on with the second part of step 3 from post # 26.
- Use the windows search advanced options:
- Go to start -> Search -> click All files and folders.
- Click More advanced options.
- Put a check mark in the box nest to search system folders, search hidden files and folders and search sub-folders.
- Make sure Case Sensitive box in not checked.
- Type Malwarebytes in the upper box and click on search.
- If it finds any folder delete it.
- Go to start -> Search -> click All files and folders.
- Then do the step 4 from post # 26 to install and update MBAM.
#33
- Member
-
- Group: Members
- Posts: 109
- Joined: 23-August 08
- Gender:Female
- Location:TEXAS
Posted 06 July 2009 - 02:49 PM
farbar, on Jul 6 2009, 12:37 PM, said:
- Please go on with the second part of step 3 from post # 26.
- Use the windows search advanced options:
- Go to start -> Search -> click All files and folders.
- Click More advanced options.
- Put a check mark in the box nest to search system folders, search hidden files and folders and search sub-folders.
- Make sure Case Sensitive box in not checked.
- Type Malwarebytes in the upper box and click on search.
- If it finds any folder delete it.
- Go to start -> Search -> click All files and folders.
- Then do the step 4 from post # 26 to install and update MBAM.
i deleted some folders, but one folder couldnt
it said
C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes: refers to a location that is unavailable, it could be on a hard drive on this computer, or on a network. check to make sure that the disk is properly inserted, or that u can connect to the internet or your network and try again. if it still cant be located, the information might be moved to a different location
If you have to sneak and do it, Then you dont need to do it!
#34
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,810
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 06 July 2009 - 03:47 PM
Well done.
- Run CCleaner (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked). Then click run cleaner.
- Repeat the search. See if the folder is still there. You might have already removed it. If it is not there proceed with the installing MBAM. If it is there and you still can remove it do the next step.
- Go to start > Run copy/paste the following line in the run box and click OK.
cmd /c dir /o:d /a "C:\Documents and Settings\Compaq_Administrator\Application Data" > log.txt&log.txt& del log.txt
A text file (log.txt) will be opened. Please post its content to your reply.
#35
- Member
-
- Group: Members
- Posts: 109
- Joined: 23-August 08
- Gender:Female
- Location:TEXAS
Posted 06 July 2009 - 06:29 PM
Volume in drive C is PRESARIO
Volume Serial Number is B8A6-07B5
Directory of C:\Documents and Settings\Compaq_Administrator\Application Data
30/08/2005 03:52 PM 62 desktop.ini
14/11/2005 08:04 PM <DIR> Identities
07/06/2006 05:33 PM <DIR> Intuit
05/08/2006 11:19 PM <DIR> Leadertech
05/08/2006 11:25 PM <DIR> Sonic
05/08/2006 11:55 PM <DIR> Ahead
06/08/2006 12:11 AM <DIR> HP
06/09/2006 10:37 PM <DIR> HPQ
08/09/2006 09:43 PM <DIR> Sun
12/09/2006 04:30 PM 0 wklnhst.dat
12/09/2006 04:30 PM <DIR> Template
01/11/2006 08:12 PM <DIR> AdobeUM
19/01/2007 12:15 PM <DIR> Macromedia
20/01/2007 09:13 PM <DIR> Talkback
20/01/2007 09:13 PM <DIR> Mozilla
02/02/2007 05:09 PM <DIR> funkitron
03/02/2007 02:43 AM <DIR> Help
10/05/2007 02:26 PM <DIR> Yahoo!
29/11/2007 04:11 PM <DIR> Move Networks
06/02/2008 09:40 PM <DIR> Adobe
23/08/2008 12:56 PM <DIR> Real
06/09/2008 09:20 PM <DIR> SUPERAntiSpyware.com
18/11/2008 12:11 PM <DIR> U3
10/03/2009 08:54 PM 52,720 GDIPFONTCACHEV1.DAT
26/04/2009 10:07 PM <DIR> Microsoft
28/04/2009 02:18 PM <DIR> Research In Motion
06/07/2009 06:26 PM <DIR> ..
06/07/2009 06:26 PM <DIR> .
06/07/2009 06:26 PM <DIR> Malwarebytes
3 File(s) 52,782 bytes
26 Dir(s) 171,153,133,568 bytes free
Volume Serial Number is B8A6-07B5
Directory of C:\Documents and Settings\Compaq_Administrator\Application Data
30/08/2005 03:52 PM 62 desktop.ini
14/11/2005 08:04 PM <DIR> Identities
07/06/2006 05:33 PM <DIR> Intuit
05/08/2006 11:19 PM <DIR> Leadertech
05/08/2006 11:25 PM <DIR> Sonic
05/08/2006 11:55 PM <DIR> Ahead
06/08/2006 12:11 AM <DIR> HP
06/09/2006 10:37 PM <DIR> HPQ
08/09/2006 09:43 PM <DIR> Sun
12/09/2006 04:30 PM 0 wklnhst.dat
12/09/2006 04:30 PM <DIR> Template
01/11/2006 08:12 PM <DIR> AdobeUM
19/01/2007 12:15 PM <DIR> Macromedia
20/01/2007 09:13 PM <DIR> Talkback
20/01/2007 09:13 PM <DIR> Mozilla
02/02/2007 05:09 PM <DIR> funkitron
03/02/2007 02:43 AM <DIR> Help
10/05/2007 02:26 PM <DIR> Yahoo!
29/11/2007 04:11 PM <DIR> Move Networks
06/02/2008 09:40 PM <DIR> Adobe
23/08/2008 12:56 PM <DIR> Real
06/09/2008 09:20 PM <DIR> SUPERAntiSpyware.com
18/11/2008 12:11 PM <DIR> U3
10/03/2009 08:54 PM 52,720 GDIPFONTCACHEV1.DAT
26/04/2009 10:07 PM <DIR> Microsoft
28/04/2009 02:18 PM <DIR> Research In Motion
06/07/2009 06:26 PM <DIR> ..
06/07/2009 06:26 PM <DIR> .
06/07/2009 06:26 PM <DIR> Malwarebytes
3 File(s) 52,782 bytes
26 Dir(s) 171,153,133,568 bytes free
If you have to sneak and do it, Then you dont need to do it!
#36
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,810
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 06 July 2009 - 06:37 PM
Close any open browsers.
Open notepad (start > All Programs > Accessories > Notepad) and copy/paste the text in the code box below into it:
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you ( "C:\ComboFix.txt"). Please copy and paste the log to your reply.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Open notepad (start > All Programs > Accessories > Notepad) and copy/paste the text in the code box below into it:
Folder:: C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes SkipFix::
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you ( "C:\ComboFix.txt"). Please copy and paste the log to your reply.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
#37
- Member
-
- Group: Members
- Posts: 109
- Joined: 23-August 08
- Gender:Female
- Location:TEXAS
Posted 06 July 2009 - 07:53 PM
ComboFix 09-07-06.02 - Compaq_Administrator 06/07/2009 19:14.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.521 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes
.
((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 )))))))))))))))))))))))))))))))
.
2009-07-06 23:26 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-06 23:26 . 2009-07-06 23:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-06 23:26 . 2009-07-06 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-06 23:26 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-01 22:05 . 2009-07-01 22:05 152576 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 22:47 . 2008-08-24 04:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-06 16:20 . 2009-04-10 02:35 117760 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-03 00:02 . 2006-08-06 04:49 -------- d-----w- c:\program files\CCleaner
2009-07-01 22:06 . 2009-01-17 18:59 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-01 22:06 . 2006-06-07 21:55 -------- d-----w- c:\program files\Java
2009-06-14 01:53 . 2008-09-21 17:02 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-07 15:32 . 2004-08-10 04:00 345600 ------w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-10 04:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-10 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-27 03:07 . 2009-04-27 03:07 26694 ----a-r- c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Installer\{C26D7EF1-A5AD-4B46-9F49-535E9255A669}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-04-17 12:26 . 2004-08-10 04:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 04:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2006-09-07 04:31 . 2006-09-07 04:31 251 ----a-w- c:\program files\wt3d.ini
2004-11-07 17:58 . 2006-08-06 04:58 94208 ----a-w- c:\program files\mozilla firefox\components\BrandRes.dll
2004-11-07 17:58 . 2006-08-06 04:58 150912 ----a-w- c:\program files\mozilla firefox\components\fullsoft.dll
2004-11-07 17:57 . 2006-08-06 04:58 41571 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2004-11-07 17:57 . 2006-08-06 04:58 48221 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2004-11-07 17:58 . 2006-08-06 04:58 8811 ----a-w- c:\program files\mozilla firefox\components\qfaservices.dll
2004-11-07 17:57 . 2006-08-06 04:58 158821 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-29_04.44.38 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-06-29 04:44 . 2009-06-29 04:44 16384 c:\windows\Temp\Perflib_Perfdata_680.dat
+ 2009-07-06 16:17 . 2009-07-06 16:17 16384 c:\windows\Temp\Perflib_Perfdata_680.dat
+ 2006-06-07 22:58 . 2006-06-07 22:58 82944 c:\windows\Installer\2f5f4.msi
+ 2006-06-07 22:32 . 2006-06-07 22:32 83968 c:\windows\Installer\2c102.msi
+ 2009-02-25 02:25 . 2009-02-25 02:25 55296 c:\windows\Installer\1fc7880.msi
+ 2009-02-25 02:25 . 2009-02-25 02:25 95232 c:\windows\Installer\1fc787a.msi
+ 2008-07-30 04:07 . 2008-07-30 04:07 23040 c:\windows\Installer\1fb7906.msp
+ 2009-02-25 02:18 . 2009-02-25 02:18 88576 c:\windows\Installer\1f92965.msi
+ 2004-08-10 04:00 . 2004-08-09 21:00 66048 c:\windows\I386\WINNT32.MSI
- 2009-01-17 18:59 . 2009-01-17 18:59 148888 c:\windows\system32\javaws.exe
+ 2009-07-01 22:06 . 2009-07-01 22:06 148888 c:\windows\system32\javaws.exe
+ 2009-07-01 22:06 . 2009-07-01 22:06 144792 c:\windows\system32\javaw.exe
- 2009-01-17 18:59 . 2009-01-17 18:59 144792 c:\windows\system32\javaw.exe
+ 2009-07-01 22:06 . 2009-07-01 22:06 144792 c:\windows\system32\java.exe
- 2009-01-17 18:59 . 2009-01-17 18:59 144792 c:\windows\system32\java.exe
+ 2008-09-02 03:07 . 2004-08-10 04:00 366080 c:\windows\ServicePackFiles\i386\digreqex.msi
+ 2008-09-02 03:07 . 2004-08-10 04:00 863232 c:\windows\ServicePackFiles\i386\digopt.msi
+ 2009-02-25 02:20 . 2009-02-25 02:20 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-09-09 00:50 . 2008-09-09 00:50 470528 c:\windows\Installer\e1b661.msi
+ 2008-04-09 19:39 . 2008-04-09 19:39 355328 c:\windows\Installer\7daf1.msi
+ 2006-06-07 21:49 . 2006-06-07 21:49 246784 c:\windows\Installer\57131.msi
+ 2006-06-07 22:26 . 2006-06-07 22:26 183296 c:\windows\Installer\2c0e9.msi
+ 2006-06-07 22:26 . 2006-06-07 22:26 492544 c:\windows\Installer\2c0e0.msi
+ 2006-06-07 22:25 . 2006-06-07 22:25 707072 c:\windows\Installer\2c0da.msi
+ 2006-06-07 22:20 . 2006-06-07 22:20 227840 c:\windows\Installer\2c05f.msi
+ 2006-06-07 22:20 . 2006-06-07 22:20 227840 c:\windows\Installer\2c057.msi
+ 2006-06-07 22:16 . 2006-06-07 22:16 304640 c:\windows\Installer\227ad.msi
+ 2006-06-07 22:16 . 2006-06-07 22:16 304128 c:\windows\Installer\227a6.msi
+ 2006-06-07 22:16 . 2006-06-07 22:16 304128 c:\windows\Installer\227a0.msi
+ 2006-06-07 22:16 . 2006-06-07 22:16 302592 c:\windows\Installer\22799.msi
+ 2006-06-07 22:16 . 2006-06-07 22:16 302592 c:\windows\Installer\22793.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 302592 c:\windows\Installer\2278d.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 302592 c:\windows\Installer\22787.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 120832 c:\windows\Installer\2277d.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 557056 c:\windows\Installer\22777.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 537088 c:\windows\Installer\2276d.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 121344 c:\windows\Installer\22758.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 609280 c:\windows\Installer\22752.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 304128 c:\windows\Installer\22663.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 304128 c:\windows\Installer\2265c.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 310272 c:\windows\Installer\22655.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 390144 c:\windows\Installer\2264e.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 314368 c:\windows\Installer\22647.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 304128 c:\windows\Installer\22641.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 314368 c:\windows\Installer\2263a.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 303104 c:\windows\Installer\22634.msi
+ 2006-06-07 22:14 . 2006-06-07 22:14 479232 c:\windows\Installer\2260d.msi
+ 2006-06-07 22:14 . 2006-06-07 22:14 489472 c:\windows\Installer\22607.msi
+ 2006-06-07 22:14 . 2006-06-07 22:14 121344 c:\windows\Installer\22601.msi
+ 2009-02-25 02:25 . 2009-02-25 02:25 828928 c:\windows\Installer\1fc7874.msi
+ 2009-02-25 02:21 . 2009-02-25 02:21 644096 c:\windows\Installer\1fc7866.msi
+ 2009-02-25 02:21 . 2009-02-25 02:21 139264 c:\windows\Installer\1fc7860.msi
+ 2009-02-25 02:21 . 2009-02-25 02:21 648192 c:\windows\Installer\1fc785a.msi
+ 2008-07-30 04:23 . 2008-07-30 04:23 250880 c:\windows\Installer\1fb790f.msp
+ 2008-07-30 04:28 . 2008-07-30 04:28 278016 c:\windows\Installer\1fb790d.msp
+ 2008-07-30 02:40 . 2008-07-30 02:40 291840 c:\windows\Installer\1fb790b.msp
+ 2009-02-25 02:20 . 2009-02-25 02:20 137728 c:\windows\Installer\1fb7905.msi
+ 2008-07-30 00:35 . 2008-07-30 00:35 553472 c:\windows\Installer\1f9296a.msp
+ 2008-07-30 00:33 . 2008-07-30 00:33 506368 c:\windows\Installer\1f92968.msp
+ 2008-07-30 00:37 . 2008-07-30 00:37 911360 c:\windows\Installer\1f92967.msp
+ 2006-11-16 14:47 . 2006-11-16 14:47 428544 c:\windows\Installer\1f0bb.msi
+ 2008-11-12 16:42 . 2008-11-12 16:42 432640 c:\windows\Installer\1b98d.msi
+ 2007-08-15 16:16 . 2007-08-15 16:16 431104 c:\windows\Installer\19c71.msi
+ 2009-02-25 00:17 . 2009-02-25 00:17 228352 c:\windows\Installer\18b4048.msi
+ 2009-07-01 22:06 . 2009-07-01 22:06 536576 c:\windows\Installer\1231b25.msi
+ 2005-08-31 04:06 . 2005-08-31 04:06 264704 c:\windows\Installer\122d9.msi
+ 2004-08-10 04:00 . 2004-08-10 04:00 1326080 c:\windows\system32\webfldrs.msi
+ 2008-09-02 03:09 . 2004-08-10 04:00 1326080 c:\windows\ServicePackFiles\i386\webfldrs.msi
+ 2008-09-02 03:08 . 2004-08-10 04:00 5080576 c:\windows\ServicePackFiles\i386\msnmsgs.msi
+ 2007-05-25 17:08 . 2007-05-25 17:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
+ 2008-10-20 16:18 . 2008-10-20 16:18 6474240 c:\windows\Installer\e4208a.msp
+ 2008-06-19 23:28 . 2008-06-19 23:28 1573376 c:\windows\Installer\e1b673.msp
+ 2008-04-18 19:56 . 2008-04-18 19:56 6215680 c:\windows\Installer\e1b65a.msp
+ 2007-07-21 18:26 . 2007-07-21 18:26 7574016 c:\windows\Installer\e1b650.msp
+ 2009-05-04 12:46 . 2009-05-04 12:46 8299008 c:\windows\Installer\dd6575.msp
+ 2006-06-07 22:43 . 2006-06-07 22:43 5576704 c:\windows\Installer\740b6.msi
+ 2006-06-07 22:42 . 2006-06-07 22:42 1327616 c:\windows\Installer\740a8.msi
+ 2009-01-15 08:35 . 2009-01-15 08:35 4830720 c:\windows\Installer\728fd7.msp
+ 2006-09-07 19:41 . 2006-09-07 19:41 5864960 c:\windows\Installer\6a6bdc.msp
+ 2009-01-15 09:35 . 2009-01-15 09:35 4830720 c:\windows\Installer\577c33.msp
+ 2006-06-07 21:48 . 2006-06-07 21:48 3443712 c:\windows\Installer\4887d.msi
+ 2006-08-06 04:54 . 2006-08-06 04:54 2893312 c:\windows\Installer\33598.msi
+ 2006-08-06 04:48 . 2006-08-06 04:48 3488768 c:\windows\Installer\33582.msi
+ 2006-06-07 22:33 . 2006-06-07 22:33 3033088 c:\windows\Installer\2c10e.msi
+ 2006-06-07 22:30 . 2006-06-07 22:30 4806656 c:\windows\Installer\2c0f7.msi
+ 2006-06-07 22:27 . 2006-06-07 22:27 3037184 c:\windows\Installer\2c0f2.msi
+ 2006-06-07 22:26 . 2006-06-07 22:26 1241600 c:\windows\Installer\2c0ec.msi
+ 2006-06-07 22:20 . 2006-06-07 22:20 1090560 c:\windows\Installer\2c050.msi
+ 2006-06-07 22:20 . 2006-06-07 22:20 1096704 c:\windows\Installer\2bfc6.msi
+ 2006-06-07 22:20 . 2006-06-07 22:20 1088512 c:\windows\Installer\2bf3c.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 3155456 c:\windows\Installer\22766.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 4443648 c:\windows\Installer\22669.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 1795584 c:\windows\Installer\2262e.msi
+ 2009-02-25 02:25 . 2009-02-25 02:25 1588224 c:\windows\Installer\1fc7893.msi
+ 2009-02-25 02:25 . 2009-02-25 02:25 1231360 c:\windows\Installer\1fc788d.msi
+ 2008-04-01 04:11 . 2008-04-01 04:11 1298432 c:\windows\Installer\1fc7887.msp
+ 2009-02-25 02:23 . 2009-02-25 02:23 4042240 c:\windows\Installer\1fc786e.msi
+ 2008-07-30 02:26 . 2008-07-30 02:26 1043456 c:\windows\Installer\1fb790e.msp
+ 2008-07-30 03:37 . 2008-07-30 03:37 2679808 c:\windows\Installer\1fb790c.msp
+ 2008-07-30 04:15 . 2008-07-30 04:15 3697664 c:\windows\Installer\1fb790a.msp
+ 2008-07-30 02:34 . 2008-07-30 02:34 1448448 c:\windows\Installer\1fb7909.msp
+ 2008-07-30 03:22 . 2008-07-30 03:22 4137984 c:\windows\Installer\1fb7908.msp
+ 2008-07-30 02:18 . 2008-07-30 02:18 3376640 c:\windows\Installer\1fb7907.msp
+ 2008-07-30 00:45 . 2008-07-30 00:45 2543616 c:\windows\Installer\1f9296e.msp
+ 2008-07-30 00:29 . 2008-07-30 00:29 2926080 c:\windows\Installer\1f9296d.msp
+ 2008-07-30 00:41 . 2008-07-30 00:41 6487040 c:\windows\Installer\1f9296c.msp
+ 2008-07-30 00:39 . 2008-07-30 00:39 3403264 c:\windows\Installer\1f9296b.msp
+ 2008-07-30 00:43 . 2008-07-30 00:43 1013248 c:\windows\Installer\1f92969.msp
+ 2008-07-30 00:31 . 2008-07-30 00:31 6083072 c:\windows\Installer\1f92966.msp
+ 2008-09-22 01:16 . 2008-09-22 01:16 8990208 c:\windows\Installer\1db474c.msi
+ 2008-09-22 01:16 . 2008-09-22 01:16 1549312 c:\windows\Installer\1db4748.msi
+ 2008-10-20 16:18 . 2008-10-20 16:18 6474240 c:\windows\Installer\1cbb738.msp
+ 2009-01-15 09:35 . 2009-01-15 09:35 4830720 c:\windows\Installer\1c811a0.msp
+ 2008-09-07 02:20 . 2008-09-07 02:20 1038848 c:\windows\Installer\18361b0.msi
+ 2009-04-24 17:31 . 2009-04-24 17:31 1425920 c:\windows\Installer\1778594.msp
+ 2009-04-24 17:30 . 2009-04-24 17:30 2583552 c:\windows\Installer\16d8b03.msp
+ 2007-01-13 21:39 . 2003-11-03 23:06 2250100 c:\windows\Cache\Adobe Reader 6.0.1\ENUBIG\Adobe Reader 6.0.1.msi
+ 2006-08-06 04:05 . 2006-06-07 21:55 11775488 c:\windows\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi
+ 2008-07-03 16:37 . 2008-07-03 16:37 11759104 c:\windows\Installer\e1b669.msp
+ 2006-06-07 22:43 . 2006-06-07 22:43 10180608 c:\windows\Installer\740c4.msi
+ 2007-10-15 04:33 . 2007-10-15 04:33 26646016 c:\windows\Installer\699078.msp
+ 2006-06-07 21:48 . 2006-06-07 21:48 19210240 c:\windows\Installer\5712b.msp
+ 2009-02-26 00:07 . 2009-02-26 00:07 11646464 c:\windows\Installer\3fe61e.msp
+ 2008-10-20 16:22 . 2008-10-20 16:22 11758592 c:\windows\Installer\3f7023.msp
+ 2008-07-30 04:20 . 2008-07-30 04:20 11767296 c:\windows\Installer\3258a2a.msp
+ 2007-07-12 16:28 . 2007-07-12 16:28 15256576 c:\windows\Installer\23eeb.msp
+ 2008-10-20 16:22 . 2008-10-20 16:22 11758592 c:\windows\Installer\1cbb741.msp
+ 2008-09-24 18:05 . 2008-09-24 18:05 16381440 c:\windows\Installer\1b995.msp
+ 2008-08-11 16:51 . 2008-08-11 16:51 15916544 c:\windows\Installer\104420.msp
+ 2008-08-11 16:49 . 2008-08-11 16:49 22457344 c:\windows\Installer\104417.msp
+ 2009-04-27 03:07 . 2009-04-27 03:07 12725248 c:\windows\Installer\102688.msi
+ 2007-10-05 18:53 . 2007-10-05 18:53 10872832 c:\windows\Downloaded Installations\{6C18AD64-052A-4B64-85CF-ED6E3F9911FA}\veoh.msi
+ 2008-02-04 22:58 . 2008-02-04 22:58 14921728 c:\windows\Downloaded Installations\{1FE40449-9403-4336-9BFF-8047EBF337E5}\veoh.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-30 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-07 180269]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-09-17 615696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-01 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-25 1519616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9e.exe" [2007-11-21 218496]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-02-18 07:33 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Compact Wireless-G USB Adapter Wireless Network Monitor\\WUSB54GC.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [03/09/2008 2:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [03/09/2008 2:07 PM 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [03/09/2008 2:07 PM 7408]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2007-01-31 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-09 02:23]
.
- - - - ORPHANS REMOVED - - - -
BHO-{6D1DCBB6-7458-4117-BC88-5C0B2A41AD77} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PRESARIO&pf=desktop
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm090YYUS&fl=0&ptb=RhgotXNAwFhgyKGBirchhA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: microsoft.com\office
Trusted Zone: trymedia.com
TCP: {F63B2331-3C65-40C8-BC93-B6F7EC694905} = 64.136.173.5 64.136.164.77
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\l9fiv7zv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\components\qfaservices.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromString", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromStream", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("advanced.always_load_images", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.version",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.build_id",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.severity", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 19:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\GTGina.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'explorer.exe'(2572)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-07-07 19:16
ComboFix-quarantined-files.txt 2009-07-07 00:16
ComboFix2.txt 2009-06-29 04:48
Pre-Run: 171,136,110,592 bytes free
Post-Run: 171,128,418,304 bytes free
332 --- E O F --- 2009-07-01 20:51
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.521 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes
.
((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 )))))))))))))))))))))))))))))))
.
2009-07-06 23:26 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-06 23:26 . 2009-07-06 23:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-06 23:26 . 2009-07-06 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-06 23:26 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-01 22:05 . 2009-07-01 22:05 152576 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 22:47 . 2008-08-24 04:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-06 16:20 . 2009-04-10 02:35 117760 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-03 00:02 . 2006-08-06 04:49 -------- d-----w- c:\program files\CCleaner
2009-07-01 22:06 . 2009-01-17 18:59 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-01 22:06 . 2006-06-07 21:55 -------- d-----w- c:\program files\Java
2009-06-14 01:53 . 2008-09-21 17:02 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-07 15:32 . 2004-08-10 04:00 345600 ------w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-10 04:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-10 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-27 03:07 . 2009-04-27 03:07 26694 ----a-r- c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Installer\{C26D7EF1-A5AD-4B46-9F49-535E9255A669}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-04-17 12:26 . 2004-08-10 04:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 04:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2006-09-07 04:31 . 2006-09-07 04:31 251 ----a-w- c:\program files\wt3d.ini
2004-11-07 17:58 . 2006-08-06 04:58 94208 ----a-w- c:\program files\mozilla firefox\components\BrandRes.dll
2004-11-07 17:58 . 2006-08-06 04:58 150912 ----a-w- c:\program files\mozilla firefox\components\fullsoft.dll
2004-11-07 17:57 . 2006-08-06 04:58 41571 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2004-11-07 17:57 . 2006-08-06 04:58 48221 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2004-11-07 17:58 . 2006-08-06 04:58 8811 ----a-w- c:\program files\mozilla firefox\components\qfaservices.dll
2004-11-07 17:57 . 2006-08-06 04:58 158821 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-29_04.44.38 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-06-29 04:44 . 2009-06-29 04:44 16384 c:\windows\Temp\Perflib_Perfdata_680.dat
+ 2009-07-06 16:17 . 2009-07-06 16:17 16384 c:\windows\Temp\Perflib_Perfdata_680.dat
+ 2006-06-07 22:58 . 2006-06-07 22:58 82944 c:\windows\Installer\2f5f4.msi
+ 2006-06-07 22:32 . 2006-06-07 22:32 83968 c:\windows\Installer\2c102.msi
+ 2009-02-25 02:25 . 2009-02-25 02:25 55296 c:\windows\Installer\1fc7880.msi
+ 2009-02-25 02:25 . 2009-02-25 02:25 95232 c:\windows\Installer\1fc787a.msi
+ 2008-07-30 04:07 . 2008-07-30 04:07 23040 c:\windows\Installer\1fb7906.msp
+ 2009-02-25 02:18 . 2009-02-25 02:18 88576 c:\windows\Installer\1f92965.msi
+ 2004-08-10 04:00 . 2004-08-09 21:00 66048 c:\windows\I386\WINNT32.MSI
- 2009-01-17 18:59 . 2009-01-17 18:59 148888 c:\windows\system32\javaws.exe
+ 2009-07-01 22:06 . 2009-07-01 22:06 148888 c:\windows\system32\javaws.exe
+ 2009-07-01 22:06 . 2009-07-01 22:06 144792 c:\windows\system32\javaw.exe
- 2009-01-17 18:59 . 2009-01-17 18:59 144792 c:\windows\system32\javaw.exe
+ 2009-07-01 22:06 . 2009-07-01 22:06 144792 c:\windows\system32\java.exe
- 2009-01-17 18:59 . 2009-01-17 18:59 144792 c:\windows\system32\java.exe
+ 2008-09-02 03:07 . 2004-08-10 04:00 366080 c:\windows\ServicePackFiles\i386\digreqex.msi
+ 2008-09-02 03:07 . 2004-08-10 04:00 863232 c:\windows\ServicePackFiles\i386\digopt.msi
+ 2009-02-25 02:20 . 2009-02-25 02:20 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-09-09 00:50 . 2008-09-09 00:50 470528 c:\windows\Installer\e1b661.msi
+ 2008-04-09 19:39 . 2008-04-09 19:39 355328 c:\windows\Installer\7daf1.msi
+ 2006-06-07 21:49 . 2006-06-07 21:49 246784 c:\windows\Installer\57131.msi
+ 2006-06-07 22:26 . 2006-06-07 22:26 183296 c:\windows\Installer\2c0e9.msi
+ 2006-06-07 22:26 . 2006-06-07 22:26 492544 c:\windows\Installer\2c0e0.msi
+ 2006-06-07 22:25 . 2006-06-07 22:25 707072 c:\windows\Installer\2c0da.msi
+ 2006-06-07 22:20 . 2006-06-07 22:20 227840 c:\windows\Installer\2c05f.msi
+ 2006-06-07 22:20 . 2006-06-07 22:20 227840 c:\windows\Installer\2c057.msi
+ 2006-06-07 22:16 . 2006-06-07 22:16 304640 c:\windows\Installer\227ad.msi
+ 2006-06-07 22:16 . 2006-06-07 22:16 304128 c:\windows\Installer\227a6.msi
+ 2006-06-07 22:16 . 2006-06-07 22:16 304128 c:\windows\Installer\227a0.msi
+ 2006-06-07 22:16 . 2006-06-07 22:16 302592 c:\windows\Installer\22799.msi
+ 2006-06-07 22:16 . 2006-06-07 22:16 302592 c:\windows\Installer\22793.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 302592 c:\windows\Installer\2278d.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 302592 c:\windows\Installer\22787.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 120832 c:\windows\Installer\2277d.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 557056 c:\windows\Installer\22777.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 537088 c:\windows\Installer\2276d.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 121344 c:\windows\Installer\22758.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 609280 c:\windows\Installer\22752.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 304128 c:\windows\Installer\22663.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 304128 c:\windows\Installer\2265c.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 310272 c:\windows\Installer\22655.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 390144 c:\windows\Installer\2264e.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 314368 c:\windows\Installer\22647.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 304128 c:\windows\Installer\22641.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 314368 c:\windows\Installer\2263a.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 303104 c:\windows\Installer\22634.msi
+ 2006-06-07 22:14 . 2006-06-07 22:14 479232 c:\windows\Installer\2260d.msi
+ 2006-06-07 22:14 . 2006-06-07 22:14 489472 c:\windows\Installer\22607.msi
+ 2006-06-07 22:14 . 2006-06-07 22:14 121344 c:\windows\Installer\22601.msi
+ 2009-02-25 02:25 . 2009-02-25 02:25 828928 c:\windows\Installer\1fc7874.msi
+ 2009-02-25 02:21 . 2009-02-25 02:21 644096 c:\windows\Installer\1fc7866.msi
+ 2009-02-25 02:21 . 2009-02-25 02:21 139264 c:\windows\Installer\1fc7860.msi
+ 2009-02-25 02:21 . 2009-02-25 02:21 648192 c:\windows\Installer\1fc785a.msi
+ 2008-07-30 04:23 . 2008-07-30 04:23 250880 c:\windows\Installer\1fb790f.msp
+ 2008-07-30 04:28 . 2008-07-30 04:28 278016 c:\windows\Installer\1fb790d.msp
+ 2008-07-30 02:40 . 2008-07-30 02:40 291840 c:\windows\Installer\1fb790b.msp
+ 2009-02-25 02:20 . 2009-02-25 02:20 137728 c:\windows\Installer\1fb7905.msi
+ 2008-07-30 00:35 . 2008-07-30 00:35 553472 c:\windows\Installer\1f9296a.msp
+ 2008-07-30 00:33 . 2008-07-30 00:33 506368 c:\windows\Installer\1f92968.msp
+ 2008-07-30 00:37 . 2008-07-30 00:37 911360 c:\windows\Installer\1f92967.msp
+ 2006-11-16 14:47 . 2006-11-16 14:47 428544 c:\windows\Installer\1f0bb.msi
+ 2008-11-12 16:42 . 2008-11-12 16:42 432640 c:\windows\Installer\1b98d.msi
+ 2007-08-15 16:16 . 2007-08-15 16:16 431104 c:\windows\Installer\19c71.msi
+ 2009-02-25 00:17 . 2009-02-25 00:17 228352 c:\windows\Installer\18b4048.msi
+ 2009-07-01 22:06 . 2009-07-01 22:06 536576 c:\windows\Installer\1231b25.msi
+ 2005-08-31 04:06 . 2005-08-31 04:06 264704 c:\windows\Installer\122d9.msi
+ 2004-08-10 04:00 . 2004-08-10 04:00 1326080 c:\windows\system32\webfldrs.msi
+ 2008-09-02 03:09 . 2004-08-10 04:00 1326080 c:\windows\ServicePackFiles\i386\webfldrs.msi
+ 2008-09-02 03:08 . 2004-08-10 04:00 5080576 c:\windows\ServicePackFiles\i386\msnmsgs.msi
+ 2007-05-25 17:08 . 2007-05-25 17:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
+ 2008-10-20 16:18 . 2008-10-20 16:18 6474240 c:\windows\Installer\e4208a.msp
+ 2008-06-19 23:28 . 2008-06-19 23:28 1573376 c:\windows\Installer\e1b673.msp
+ 2008-04-18 19:56 . 2008-04-18 19:56 6215680 c:\windows\Installer\e1b65a.msp
+ 2007-07-21 18:26 . 2007-07-21 18:26 7574016 c:\windows\Installer\e1b650.msp
+ 2009-05-04 12:46 . 2009-05-04 12:46 8299008 c:\windows\Installer\dd6575.msp
+ 2006-06-07 22:43 . 2006-06-07 22:43 5576704 c:\windows\Installer\740b6.msi
+ 2006-06-07 22:42 . 2006-06-07 22:42 1327616 c:\windows\Installer\740a8.msi
+ 2009-01-15 08:35 . 2009-01-15 08:35 4830720 c:\windows\Installer\728fd7.msp
+ 2006-09-07 19:41 . 2006-09-07 19:41 5864960 c:\windows\Installer\6a6bdc.msp
+ 2009-01-15 09:35 . 2009-01-15 09:35 4830720 c:\windows\Installer\577c33.msp
+ 2006-06-07 21:48 . 2006-06-07 21:48 3443712 c:\windows\Installer\4887d.msi
+ 2006-08-06 04:54 . 2006-08-06 04:54 2893312 c:\windows\Installer\33598.msi
+ 2006-08-06 04:48 . 2006-08-06 04:48 3488768 c:\windows\Installer\33582.msi
+ 2006-06-07 22:33 . 2006-06-07 22:33 3033088 c:\windows\Installer\2c10e.msi
+ 2006-06-07 22:30 . 2006-06-07 22:30 4806656 c:\windows\Installer\2c0f7.msi
+ 2006-06-07 22:27 . 2006-06-07 22:27 3037184 c:\windows\Installer\2c0f2.msi
+ 2006-06-07 22:26 . 2006-06-07 22:26 1241600 c:\windows\Installer\2c0ec.msi
+ 2006-06-07 22:20 . 2006-06-07 22:20 1090560 c:\windows\Installer\2c050.msi
+ 2006-06-07 22:20 . 2006-06-07 22:20 1096704 c:\windows\Installer\2bfc6.msi
+ 2006-06-07 22:20 . 2006-06-07 22:20 1088512 c:\windows\Installer\2bf3c.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 3155456 c:\windows\Installer\22766.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 4443648 c:\windows\Installer\22669.msi
+ 2006-06-07 22:15 . 2006-06-07 22:15 1795584 c:\windows\Installer\2262e.msi
+ 2009-02-25 02:25 . 2009-02-25 02:25 1588224 c:\windows\Installer\1fc7893.msi
+ 2009-02-25 02:25 . 2009-02-25 02:25 1231360 c:\windows\Installer\1fc788d.msi
+ 2008-04-01 04:11 . 2008-04-01 04:11 1298432 c:\windows\Installer\1fc7887.msp
+ 2009-02-25 02:23 . 2009-02-25 02:23 4042240 c:\windows\Installer\1fc786e.msi
+ 2008-07-30 02:26 . 2008-07-30 02:26 1043456 c:\windows\Installer\1fb790e.msp
+ 2008-07-30 03:37 . 2008-07-30 03:37 2679808 c:\windows\Installer\1fb790c.msp
+ 2008-07-30 04:15 . 2008-07-30 04:15 3697664 c:\windows\Installer\1fb790a.msp
+ 2008-07-30 02:34 . 2008-07-30 02:34 1448448 c:\windows\Installer\1fb7909.msp
+ 2008-07-30 03:22 . 2008-07-30 03:22 4137984 c:\windows\Installer\1fb7908.msp
+ 2008-07-30 02:18 . 2008-07-30 02:18 3376640 c:\windows\Installer\1fb7907.msp
+ 2008-07-30 00:45 . 2008-07-30 00:45 2543616 c:\windows\Installer\1f9296e.msp
+ 2008-07-30 00:29 . 2008-07-30 00:29 2926080 c:\windows\Installer\1f9296d.msp
+ 2008-07-30 00:41 . 2008-07-30 00:41 6487040 c:\windows\Installer\1f9296c.msp
+ 2008-07-30 00:39 . 2008-07-30 00:39 3403264 c:\windows\Installer\1f9296b.msp
+ 2008-07-30 00:43 . 2008-07-30 00:43 1013248 c:\windows\Installer\1f92969.msp
+ 2008-07-30 00:31 . 2008-07-30 00:31 6083072 c:\windows\Installer\1f92966.msp
+ 2008-09-22 01:16 . 2008-09-22 01:16 8990208 c:\windows\Installer\1db474c.msi
+ 2008-09-22 01:16 . 2008-09-22 01:16 1549312 c:\windows\Installer\1db4748.msi
+ 2008-10-20 16:18 . 2008-10-20 16:18 6474240 c:\windows\Installer\1cbb738.msp
+ 2009-01-15 09:35 . 2009-01-15 09:35 4830720 c:\windows\Installer\1c811a0.msp
+ 2008-09-07 02:20 . 2008-09-07 02:20 1038848 c:\windows\Installer\18361b0.msi
+ 2009-04-24 17:31 . 2009-04-24 17:31 1425920 c:\windows\Installer\1778594.msp
+ 2009-04-24 17:30 . 2009-04-24 17:30 2583552 c:\windows\Installer\16d8b03.msp
+ 2007-01-13 21:39 . 2003-11-03 23:06 2250100 c:\windows\Cache\Adobe Reader 6.0.1\ENUBIG\Adobe Reader 6.0.1.msi
+ 2006-08-06 04:05 . 2006-06-07 21:55 11775488 c:\windows\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi
+ 2008-07-03 16:37 . 2008-07-03 16:37 11759104 c:\windows\Installer\e1b669.msp
+ 2006-06-07 22:43 . 2006-06-07 22:43 10180608 c:\windows\Installer\740c4.msi
+ 2007-10-15 04:33 . 2007-10-15 04:33 26646016 c:\windows\Installer\699078.msp
+ 2006-06-07 21:48 . 2006-06-07 21:48 19210240 c:\windows\Installer\5712b.msp
+ 2009-02-26 00:07 . 2009-02-26 00:07 11646464 c:\windows\Installer\3fe61e.msp
+ 2008-10-20 16:22 . 2008-10-20 16:22 11758592 c:\windows\Installer\3f7023.msp
+ 2008-07-30 04:20 . 2008-07-30 04:20 11767296 c:\windows\Installer\3258a2a.msp
+ 2007-07-12 16:28 . 2007-07-12 16:28 15256576 c:\windows\Installer\23eeb.msp
+ 2008-10-20 16:22 . 2008-10-20 16:22 11758592 c:\windows\Installer\1cbb741.msp
+ 2008-09-24 18:05 . 2008-09-24 18:05 16381440 c:\windows\Installer\1b995.msp
+ 2008-08-11 16:51 . 2008-08-11 16:51 15916544 c:\windows\Installer\104420.msp
+ 2008-08-11 16:49 . 2008-08-11 16:49 22457344 c:\windows\Installer\104417.msp
+ 2009-04-27 03:07 . 2009-04-27 03:07 12725248 c:\windows\Installer\102688.msi
+ 2007-10-05 18:53 . 2007-10-05 18:53 10872832 c:\windows\Downloaded Installations\{6C18AD64-052A-4B64-85CF-ED6E3F9911FA}\veoh.msi
+ 2008-02-04 22:58 . 2008-02-04 22:58 14921728 c:\windows\Downloaded Installations\{1FE40449-9403-4336-9BFF-8047EBF337E5}\veoh.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-30 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-07 180269]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-09-17 615696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-01 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-25 1519616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9e.exe" [2007-11-21 218496]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-02-18 07:33 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Compact Wireless-G USB Adapter Wireless Network Monitor\\WUSB54GC.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [03/09/2008 2:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [03/09/2008 2:07 PM 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [03/09/2008 2:07 PM 7408]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2007-01-31 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-09 02:23]
.
- - - - ORPHANS REMOVED - - - -
BHO-{6D1DCBB6-7458-4117-BC88-5C0B2A41AD77} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PRESARIO&pf=desktop
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm090YYUS&fl=0&ptb=RhgotXNAwFhgyKGBirchhA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: microsoft.com\office
Trusted Zone: trymedia.com
TCP: {F63B2331-3C65-40C8-BC93-B6F7EC694905} = 64.136.173.5 64.136.164.77
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\l9fiv7zv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\components\qfaservices.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromString", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromStream", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("advanced.always_load_images", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.version",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.build_id",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.severity", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 19:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\GTGina.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'explorer.exe'(2572)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-07-07 19:16
ComboFix-quarantined-files.txt 2009-07-07 00:16
ComboFix2.txt 2009-06-29 04:48
Pre-Run: 171,136,110,592 bytes free
Post-Run: 171,128,418,304 bytes free
332 --- E O F --- 2009-07-01 20:51
If you have to sneak and do it, Then you dont need to do it!
#38
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,810
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 07 July 2009 - 03:08 AM
I see still some leftovers from Malwarebytes on the log. Please make sure you still have mbam-setup.exe on your desktop to install it later on.
Close any open browsers.
Open notepad (start > All Programs > Accessories > Notepad) and copy/paste the text in the code box below into it:
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you ( "C:\ComboFix.txt"). Please copy and paste the log to your reply.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Close any open browsers.
Open notepad (start > All Programs > Accessories > Notepad) and copy/paste the text in the code box below into it:
File:: c:\windows\system32\drivers\mbamswissarmy.sys c:\windows\system32\drivers\mbam.sys Folder:: c:\program files\Malwarebytes' Anti-Malware c:\documents and settings\All Users\Application Data\Malwarebytes Registry:: Driver:: mbamswissarmy mbam
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you ( "C:\ComboFix.txt"). Please copy and paste the log to your reply.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
#39
- Member
-
- Group: Members
- Posts: 109
- Joined: 23-August 08
- Gender:Female
- Location:TEXAS
Posted 07 July 2009 - 03:24 PM
i had re-installed MBAM yesterday like the instructions said in post#32. so do u still want me to do what u instructed in the above post
If you have to sneak and do it, Then you dont need to do it!
#40
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,810
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 07 July 2009 - 03:31 PM
I thought you have not been able to delete the folders, and you didn't told me you have installed it.
Were you able to update it?
Were you able to update it?
This post has been edited by farbar: 07 July 2009 - 03:33 PM
#41
- Member
-
- Group: Members
- Posts: 109
- Joined: 23-August 08
- Gender:Female
- Location:TEXAS
Posted 07 July 2009 - 11:52 PM
i wasnt but in post 34. u said to search for it again and if its not there go ahead and install it
but unfortunately its still not updating...it did that one time when u told me to do it manually...but its not doing it from MBAM updates...does that make sense??
but unfortunately its still not updating...it did that one time when u told me to do it manually...but its not doing it from MBAM updates...does that make sense??
This post has been edited by MyComputerIsSick: 07 July 2009 - 11:56 PM
If you have to sneak and do it, Then you dont need to do it!
#42
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,810
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 08 July 2009 - 05:18 AM
MyComputerIsSick, on Jul 8 2009, 06:52 AM, said:
.but its not doing it from MBAM updates...does that make sense??
Yes it does, my instruction was not clear and you didn't give me feedback about installing MBAM. Then I let you remove the folder again assuming you could not remove the folder.
When you install it did you try to update it right way?
Anyway please go to Add/Remove Programs and uninstall MBAM from there. Then install it again and update it.
#43
- Member
-
- Group: Members
- Posts: 109
- Joined: 23-August 08
- Gender:Female
- Location:TEXAS
Posted 08 July 2009 - 01:53 PM
no i didnt update it right away
but i just uninstalled MBAM from add/remove
do i need to check for the folder again
but i just uninstalled MBAM from add/remove
do i need to check for the folder again
If you have to sneak and do it, Then you dont need to do it!
#44
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,810
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 08 July 2009 - 03:23 PM
No not this time.
#45
- Member
-
- Group: Members
- Posts: 109
- Joined: 23-August 08
- Gender:Female
- Location:TEXAS
Posted 08 July 2009 - 05:01 PM
ok i installed it and the last update
date 5/26/09
version 2182
so when i click on the update tab to check for updates...its still saying error code 732
date 5/26/09
version 2182
so when i click on the update tab to check for updates...its still saying error code 732
This post has been edited by MyComputerIsSick: 08 July 2009 - 05:04 PM
If you have to sneak and do it, Then you dont need to do it!
