Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus/infection


  • Please log in to reply
11 replies to this topic

#1 sonialisa1

sonialisa1

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 14 August 2010 - 10:58 PM

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
no icons on pc, only windows scenery background. i placed pc in safe mode, downloaded rkill and malwarebytes to flash drive and ran.
on the initial run of malwarebytes, viruses/trojans were deleted with the exception of 3 remaining. i've run the rkill/malwarebytes several times and the 3 keep popping up in the scans. msg says i have to restart pc to delete but since i am unable to run the pc in regular windows, i am at a loss as to what i need to do next.

please keep in mind that i am a neophyte as far as computer tech is concerned.

any advice and suggestions are more welcomed than you know.

grazie!!! wacko.gif










nnIF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/17/2008 12:50:56 PM
System Uptime: 8/14/2010 8:34:18 PM (1 hours ago)

Motherboard: Dell Inc. | | 0M3918
Processor: Intel® Pentium® 4 CPU 3.40GHz | Microprocessor | 3391/800mhz
Processor: Intel® Pentium® 4 CPU 3.40GHz | Microprocessor | 3391/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 65.106 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP245: 4/27/2010 11:06:52 AM - System Checkpoint
RP246: 4/28/2010 5:50:38 PM - System Checkpoint
RP247: 4/29/2010 6:13:35 PM - System Checkpoint
RP248: 4/30/2010 6:16:17 PM - System Checkpoint
RP249: 5/1/2010 6:28:12 PM - System Checkpoint
RP250: 5/2/2010 7:28:15 PM - System Checkpoint
RP251: 5/3/2010 11:16:10 PM - System Checkpoint
RP252: 5/5/2010 1:30:41 AM - System Checkpoint
RP253: 5/6/2010 2:28:15 AM - System Checkpoint
RP254: 5/7/2010 3:31:00 AM - System Checkpoint
RP255: 5/8/2010 4:30:37 AM - System Checkpoint
RP256: 5/9/2010 5:30:37 AM - System Checkpoint
RP257: 5/10/2010 5:47:03 AM - System Checkpoint
RP258: 5/11/2010 6:18:39 AM - System Checkpoint
RP259: 5/12/2010 3:00:17 AM - Software Distribution Service 3.0
RP260: 5/13/2010 3:18:39 AM - System Checkpoint
RP261: 5/14/2010 3:30:37 AM - System Checkpoint
RP262: 5/15/2010 4:06:14 AM - System Checkpoint
RP263: 5/16/2010 5:06:14 AM - System Checkpoint
RP264: 5/17/2010 8:16:06 AM - System Checkpoint
RP265: 5/18/2010 9:25:07 AM - System Checkpoint
RP266: 5/19/2010 9:50:26 AM - System Checkpoint
RP267: 5/20/2010 10:36:25 AM - System Checkpoint
RP268: 5/21/2010 11:26:28 AM - System Checkpoint
RP269: 5/22/2010 3:00:49 PM - System Checkpoint
RP270: 5/23/2010 3:19:03 PM - System Checkpoint
RP271: 5/24/2010 4:45:43 PM - System Checkpoint
RP272: 5/25/2010 5:20:09 PM - System Checkpoint
RP273: 5/26/2010 3:00:17 AM - Software Distribution Service 3.0
RP274: 5/27/2010 3:19:03 AM - System Checkpoint
RP275: 5/28/2010 4:19:04 AM - System Checkpoint
RP276: 5/29/2010 5:18:41 AM - System Checkpoint
RP277: 5/30/2010 6:18:41 AM - System Checkpoint
RP278: 5/31/2010 7:19:46 AM - System Checkpoint
RP279: 5/31/2010 7:42:55 PM - Restore Operation
RP280: 6/1/2010 3:00:16 AM - Software Distribution Service 3.0
RP281: 6/2/2010 3:33:23 AM - System Checkpoint
RP282: 6/3/2010 4:33:24 AM - System Checkpoint
RP283: 6/4/2010 5:33:24 AM - System Checkpoint
RP284: 6/5/2010 6:09:24 AM - System Checkpoint
RP285: 6/6/2010 6:33:24 AM - System Checkpoint
RP286: 6/7/2010 8:22:46 AM - System Checkpoint
RP287: 6/8/2010 9:23:33 AM - System Checkpoint
RP288: 6/9/2010 9:32:51 AM - System Checkpoint
RP289: 6/10/2010 10:16:50 AM - System Checkpoint
RP290: 6/11/2010 3:00:18 AM - Software Distribution Service 3.0
RP291: 6/12/2010 3:34:56 AM - System Checkpoint
RP292: 6/13/2010 4:58:56 AM - System Checkpoint
RP293: 6/14/2010 5:46:55 AM - System Checkpoint
RP294: 6/15/2010 5:55:42 AM - System Checkpoint
RP295: 6/16/2010 5:58:33 AM - System Checkpoint
RP296: 6/17/2010 6:22:33 AM - System Checkpoint
RP297: 6/18/2010 8:14:57 AM - System Checkpoint
RP298: 6/19/2010 8:21:08 AM - System Checkpoint
RP299: 6/20/2010 11:13:24 AM - System Checkpoint
RP300: 6/21/2010 11:45:08 AM - System Checkpoint
RP301: 6/22/2010 12:18:19 PM - System Checkpoint
RP302: 6/23/2010 1:18:19 PM - System Checkpoint
RP303: 6/24/2010 2:18:19 PM - System Checkpoint
RP304: 6/25/2010 3:18:19 PM - System Checkpoint
RP305: 6/26/2010 4:18:19 PM - System Checkpoint
RP306: 6/27/2010 4:19:24 PM - System Checkpoint
RP307: 6/28/2010 4:25:04 PM - System Checkpoint
RP308: 6/29/2010 4:37:38 PM - System Checkpoint
RP309: 6/30/2010 4:56:07 PM - System Checkpoint
RP310: 7/1/2010 5:08:07 PM - System Checkpoint
RP311: 7/2/2010 6:13:26 PM - System Checkpoint
RP312: 7/3/2010 6:41:12 PM - System Checkpoint
RP313: 7/4/2010 6:44:07 PM - System Checkpoint
RP314: 7/5/2010 6:55:25 PM - System Checkpoint
RP315: 7/6/2010 11:12:29 PM - System Checkpoint
RP316: 7/8/2010 1:37:18 AM - System Checkpoint
RP317: 7/9/2010 2:07:25 AM - System Checkpoint
RP318: 7/9/2010 11:27:13 PM - Restore Operation
RP319: 7/11/2010 12:58:23 AM - System Checkpoint
RP320: 7/12/2010 1:34:16 AM - System Checkpoint
RP321: 7/13/2010 1:56:49 AM - System Checkpoint
RP322: 7/14/2010 2:32:49 AM - System Checkpoint
RP323: 7/14/2010 3:00:16 AM - Software Distribution Service 3.0
RP324: 7/15/2010 3:44:50 AM - System Checkpoint
RP325: 7/16/2010 4:32:49 AM - System Checkpoint
RP326: 7/17/2010 5:41:52 AM - System Checkpoint
RP327: 7/18/2010 6:32:16 AM - System Checkpoint
RP328: 7/19/2010 8:59:29 AM - Restore Operation
RP329: 7/20/2010 9:35:11 AM - Restore Operation
RP330: 7/20/2010 9:38:11 AM - Restore Operation
RP331: 7/20/2010 7:34:28 PM - Restore Operation
RP332: 7/20/2010 7:47:04 PM - Restore Operation
RP333: 7/21/2010 5:14:22 AM - Software Distribution Service 3.0
RP334: 7/24/2010 7:39:00 PM - System Checkpoint
RP335: 7/29/2010 10:47:37 AM - System Checkpoint
RP336: 7/30/2010 6:28:09 PM - System Checkpoint
RP337: 8/12/2010 6:43:12 PM - Restore Operation
RP338: 8/14/2010 8:04:43 PM - Restore Operation

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
CardRd81
CCHelp
CCScore
CR2
Easy CD & DVD Creator 6
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTUTOR
ESSvpaht
ESSvpot
Google Toolbar for Internet Explorer
HLPCCTR
HLPIndex
HLPPDOCK
HLPSFO
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® 537EP V9x DF PCI Modem
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Adapters and Drivers
Kodak EasyShare software
KSU
Malwarebytes' Anti-Malware
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Streets and Trips 2004
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Notifier
OfotoXMI
OTtBP
OTtBPSDK
PCDLNCH
QuickTime
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SFR
SFR2
Shockwave
Spybot - Search & Destroy
SUPERAntiSpyware
Trader's Little Helper 2.2.2
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VCAMCEN
VPRINTOL
W Photo Studio
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

8/9/2010 7:58:58 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
8/9/2010 7:37:35 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Installer service to connect.
8/9/2010 7:37:35 AM, error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/9/2010 7:37:21 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/9/2010 5:18:57 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified.
8/14/2010 8:02:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
8/14/2010 6:59:30 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
8/14/2010 6:48:24 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm PCIIde SASDIFSV SASKUTIL
8/14/2010 5:59:14 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SASDIFSV SASKUTIL
8/14/2010 4:53:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm PCIIde
8/13/2010 7:36:20 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
8/13/2010 7:36:20 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
8/13/2010 7:05:47 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
8/12/2010 4:47:21 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
8/12/2010 4:47:20 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/12/2010 4:47:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/12/2010 4:20:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
8/12/2010 4:19:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/11/2010 5:00:21 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
8/11/2010 5:00:21 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================


BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:11:40 AM

Posted 21 August 2010 - 02:00 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  1. Double click on RSIT.exe to run RSIT.
  2. Click Continue at the disclaimer screen.
  3. Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  1. Reply to this thread; do not start another!
  2. Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  3. Do not run any other tool until instructed to do so!
  4. Let me know if any of the links do not work or if any of the tools do not work.
  5. Tell me about problems or symptoms that occur during the fix.
  6. Do not run any other programs or open any other windows while doing a fix.
  7. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 sonialisa1

sonialisa1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 22 August 2010 - 05:55 PM

Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-08-22 17:41:39
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 67 GB (87%) free of 76 GB
Total RAM: 1014 MB (80% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{A02E79AF-3F0D-48C4-8DD0-4C6BF3B525B0}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2010-03-23 940856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-06 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-10-19 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll [2010-03-23 160056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2010-03-23 940856]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-06 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-05-06 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-05-06 118784]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-04-20 77824]
"RoxioEngineUtility"=C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [2003-05-01 65536]
"RoxioDragToDisc"=C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe [2003-09-24 868352]
"RoxioAudioCentral"=C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe [2003-07-15 319488]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]
"SysInternals AV"=C:\Program Files\SysInternals.exe []
"pbuilder"=C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\pb32.exe []
"rundll32"=C:\WINDOWS\system32\ntload.exe [2009-03-21 46594]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"rundll32"=C:\Documents and Settings\Administrator.HOME-00CF9A51D7.000\rundll32.exe [2009-03-21 46594]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-12 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-05-06 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\BitTornado\btdownloadgui.exe"="C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-08-22 17:33:58 ----D---- C:\Program Files\trend micro
2010-08-22 17:33:57 ----D---- C:\rsit
2010-08-17 05:17:23 ----SHD---- C:\WINDOWS\system32\lowsec
2010-08-14 20:39:45 ----D---- C:\Documents and Settings\Administrator.HOME-00CF9A51D7.000\Application Data\W Photo Studio
2010-08-14 20:01:23 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-14 20:01:20 ----D---- C:\Documents and Settings\Administrator.HOME-00CF9A51D7.000\Application Data\Adobe
2010-08-14 20:01:10 ----D---- C:\WINDOWS\system32\MpEngineStore
2010-08-14 19:29:07 ----A---- C:\WINDOWS\system32\drivers\fkwfp.sys
2010-08-14 19:01:46 ----A---- C:\TDSSKiller.2.4.1.1_14.08.2010_19.01.46_log.txt
2010-08-14 18:56:59 ----A---- C:\TDSSKiller.2.4.1.1_14.08.2010_18.56.59_log.txt
2010-08-14 18:30:02 ----D---- C:\TDSSKiller_Quarantine
2010-08-14 18:29:00 ----A---- C:\TDSSKiller.2.4.1.1_14.08.2010_18.29.00_log.txt
2010-08-14 17:10:38 ----D---- C:\Documents and Settings\Administrator.HOME-00CF9A51D7.000\Application Data\SUPERAntiSpyware.com
2010-08-13 18:47:47 ----D---- C:\Documents and Settings\Administrator.HOME-00CF9A51D7.000\Application Data\Malwarebytes
2010-08-13 18:47:27 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-13 18:47:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-08-13 18:47:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-13 18:47:25 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-08-12 17:45:41 ----D---- C:\Documents and Settings\Administrator.HOME-00CF9A51D7.000\Application Data\Macromedia
2010-08-12 17:45:01 ----SD---- C:\Documents and Settings\Administrator.HOME-00CF9A51D7.000\Application Data\Microsoft
2010-08-12 17:45:01 ----ASH---- C:\Documents and Settings\Administrator.HOME-00CF9A51D7.000\Application Data\desktop.ini
2010-08-12 07:40:12 ----A---- C:\WINDOWS\system32\lpe.txt
2010-08-12 07:40:04 ----A---- C:\WINDOWS\system32\dxe.txt
2010-08-06 22:09:25 ----SHD---- C:\found.000
2010-08-05 07:38:30 ----A---- C:\WINDOWS\system32\o4h.txt
2010-08-05 07:38:29 ----A---- C:\WINDOWS\system32\xef.txt
2010-08-05 07:38:29 ----A---- C:\WINDOWS\system32\qks.txt
2010-08-05 07:38:29 ----A---- C:\WINDOWS\system32\ide.txt
2010-08-05 07:38:29 ----A---- C:\WINDOWS\system32\fsc.txt

======List of files/folders modified in the last 1 months======

2010-08-22 17:33:58 ----RD---- C:\Program Files
2010-08-22 17:33:27 ----AC---- C:\WINDOWS\ntbtlog.txt
2010-08-21 20:08:26 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-17 05:17:23 ----D---- C:\WINDOWS\system32
2010-08-16 14:43:24 ----D---- C:\WINDOWS\system32\drivers
2010-08-14 23:30:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-14 22:45:58 ----AD---- C:\WINDOWS\Temp
2010-08-14 20:29:13 ----D---- C:\WINDOWS\Minidump
2010-08-14 20:01:10 ----D---- C:\WINDOWS
2010-08-14 20:01:08 ----HD---- C:\WINDOWS\inf
2010-08-14 20:01:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-14 20:01:01 ----D---- C:\Program Files\MySpace
2010-08-14 19:59:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-08-14 17:28:12 ----D---- C:\WINDOWS\Prefetch
2010-08-14 16:51:30 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2010-08-12 20:17:33 ----D---- C:\DELL
2010-08-12 20:16:37 ----SHD---- C:\RECYCLER
2010-08-12 17:45:00 ----D---- C:\Documents and Settings
2010-08-11 22:08:51 ----SHD---- C:\WINDOWS\Installer
2010-07-30 10:32:01 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [2004-05-19 20016]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2003-09-24 67024]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2003-09-24 24698]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2003-09-24 260224]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2004-05-20 36918]
R1 DVDVRRdr_xp;DVDVRRdr_xp; C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys [2003-09-24 146560]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2003-09-24 118409]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2003-09-24 213120]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-12 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-12 12160]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-12 20480]
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2004-06-02 151985]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-12 36096]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-12 14848]
S1 MpKsld7ed2f31;MpKsld7ed2f31; \??\C:\WINDOWS\system32\MpEngineStore\MpKsld7ed2f31.sys []
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
S2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2004-06-02 38705]
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2004-05-20 61564]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2004-05-20 8022]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2004-05-20 68950]
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2003-09-24 21993]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-05-06 711005]
S3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
S3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929]
S3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-15 61157]
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2003-09-24 22777]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-12 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2004-05-24 322104]
S2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2001-05-01 53248]
S2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-23 182768]

-----------------EOF-----------------


#4 sonialisa1

sonialisa1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 22 August 2010 - 05:57 PM

urproblems i've encountered during the fix is not all the infections have been purged. i now cannot scan malwarebytes, before program is shut down.

#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:11:40 AM

Posted 25 August 2010 - 11:19 AM

  1. Please download Trend Micro - HijackThis.
  2. Double click HJTInstall.exe to begin installation.
  3. Accept the installation location, which by default is C:\Program Files\Trend Micro\HijackThis or click the Browse... button if you want to save it in another location.
  4. Click Install.
  5. A shortcut will be created on your Desktop and HijackThis will run automatically.
  6. You will need to accept the EULA, if it appears, to be able to use the tool.
  7. When HijackThis opens, click on the Do a system scan and save a log file button.
  8. When HijackThis has finished scanning, a window entitled hijackthis.log will open. When you close this window, the log will be saved into the HijackThis folder.
  9. If needed, see TrendMicro™ HijackThis™ Quick Start Guide
  10. Copy and paste this log into your next reply.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#6 sonialisa1

sonialisa1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 26 August 2010 - 07:47 AM

"administrator" wont let me install hijack this. what now? not...i downloaded to a flash drive from a clean pc...even changed file name to hijak.exe...but no luck in installing.

Edited by sonialisa1, 26 August 2010 - 08:13 AM.


#7 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:11:40 AM

Posted 28 August 2010 - 06:10 PM

See if you can download and run this program.

Please download ComboFix.
Alternate Link 1
Alternate Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop.
  1. Double click on ComboFix and follow the prompts.
  2. As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  3. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  4. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.
  5. After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    QUOTE
    The Recovery Console was successfully installed. Click 'Yes' to continue scanning for malware.
    Click 'No' to exit.
  6. Click Yes, to continue scanning for malware.
  7. When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  8. Notes:
    • Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    • ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
    • ComboFix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal and increase security. If this is an issue or makes it difficult for you -- please tell me.
    • ComboFix disconnects your machine from the Internet. The connection is automatically restored before ComboFix completes its run. If ComboFix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Please post:
  • C:\ComboFix.txt (the log from ComboFix)
  • a new HijackThis log

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#8 sonialisa1

sonialisa1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 29 August 2010 - 05:46 PM

omboFix 10-08-28.02 - Administrator 08/29/2010 17:34:02.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.699 [GMT -5:00]
Running from: E:\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator.HOME-00CF9A51D7.000\ntload.dll
c:\documents and settings\Administrator.HOME-00CF9A51D7.000\rundll32.exe
c:\windows\mdll.dl
c:\windows\system32\Drivers\fkwfp.sys
c:\windows\system32\dxe.txt
c:\windows\system32\fsc.txt
c:\windows\system32\ide.txt
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lpe.txt
c:\windows\system32\ntload.exe
c:\windows\system32\qks.txt
c:\windows\system32\sdra64.exe
c:\windows\system32\xef.txt

.
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-29 )))))))))))))))))))))))))))))))
.

2010-08-23 19:58 . 2010-08-23 19:58 -------- d-----w- c:\documents and settings\Administrator.HOME-00CF9A51D7.000\Application Data\Yahoo!
2010-08-22 22:33 . 2010-08-22 22:41 -------- d-----w- c:\program files\trend micro
2010-08-22 22:33 . 2010-08-22 22:34 -------- d-----w- C:\rsit
2010-08-17 10:17 . 2010-08-17 10:17 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-08-15 01:39 . 2010-08-15 04:22 -------- d-----w- c:\documents and settings\Administrator.HOME-00CF9A51D7.000\Application Data\W Photo Studio
2010-08-14 23:30 . 2010-08-14 23:30 -------- d-----w- C:\TDSSKiller_Quarantine
2010-08-14 22:10 . 2010-08-14 22:10 -------- d-----w- c:\documents and settings\Administrator.HOME-00CF9A51D7.000\Application Data\SUPERAntiSpyware.com
2010-08-13 23:47 . 2010-08-13 23:47 -------- d-----w- c:\documents and settings\Administrator.HOME-00CF9A51D7.000\Application Data\Malwarebytes
2010-08-13 23:47 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-13 23:47 . 2010-08-13 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-13 23:47 . 2010-08-16 19:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-13 23:47 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-13 01:53 . 2010-08-13 01:53 59408 ----a-w- c:\documents and settings\Administrator.HOME-00CF9A51D7.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-12 22:45 . 2010-08-12 22:45 -------- d-sh--w- c:\documents and settings\Administrator.HOME-00CF9A51D7.000\PrivacIE
2010-08-12 22:45 . 2010-08-12 22:45 -------- d-sh--w- c:\documents and settings\Administrator.HOME-00CF9A51D7.000\IETldCache
2010-08-12 22:45 . 2010-08-15 00:57 -------- d-----w- c:\documents and settings\Administrator.HOME-00CF9A51D7.000\Local Settings\Application Data\Microsoft
2010-08-12 22:45 . 2010-08-29 22:36 -------- d-----w- c:\documents and settings\Administrator.HOME-00CF9A51D7.000
2010-08-12 22:09 . 2010-08-12 22:09 -------- d-sh--w- c:\documents and settings\Administrator.HOME-00CF9A51D7\PrivacIE
2010-08-12 22:08 . 2010-08-12 22:08 -------- d-sh--w- c:\documents and settings\Administrator.HOME-00CF9A51D7\IETldCache
2010-08-12 22:08 . 2010-08-15 00:57 -------- d-----w- c:\documents and settings\Administrator.HOME-00CF9A51D7
2010-08-12 21:38 . 2010-08-12 21:38 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-08-12 21:37 . 2010-08-12 21:37 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-08-12 21:37 . 2010-08-15 00:57 -------- d-----w- c:\documents and settings\Administrator
2010-08-07 03:09 . 2010-08-07 03:09 -------- d-----w- C:\found.000

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 01:42 . 2010-08-15 06:21 163932 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
2010-08-15 01:01 . 2010-08-15 01:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-15 01:01 . 2010-01-30 03:30 -------- d-----w- c:\program files\MySpace
2010-08-14 23:59 . 2004-08-12 14:07 360320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-14 22:11 . 2010-08-14 22:11 63488 ----a-w- c:\documents and settings\Administrator.HOME-00CF9A51D7.000\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-14 22:11 . 2010-08-14 22:11 52224 ----a-w- c:\documents and settings\Administrator.HOME-00CF9A51D7.000\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-14 22:11 . 2010-08-14 22:11 117760 ----a-w- c:\documents and settings\Administrator.HOME-00CF9A51D7.000\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-11 23:44 . 2010-07-28 22:14 27591840 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
2010-07-19 14:00 . 2008-04-17 19:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-19 12:05 . 2010-07-19 03:04 120 ----a-w- c:\windows\Eromuyebi.dat
2010-07-19 12:05 . 2010-07-19 03:04 0 ----a-w- c:\windows\Phitihosozidohu.bin
2010-06-14 14:30 . 2008-04-17 17:47 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-05-06 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-05-06 118784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-04-21 77824]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-09-24 868352]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-07-15 319488]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 8\PostUpdate.exe" [2010-08-14 53248]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-8-11 757760]
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:bit
"6882:TCP"= 6882:TCP:bit
"6883:TCP"= 6883:TCP:bit
"6884:TCP"= 6884:TCP:bit
"6885:TCP"= 6885:TCP:bit
"6886:TCP"= 6886:TCP:bit
"6887:TCP"= 6887:TCP:bit
"6888:TCP"= 6888:TCP:bit
"6889:TCP"= 6889:TCP:bit

S1 MpKsld7ed2f31;MpKsld7ed2f31;c:\windows\system32\MpEngineStore\MpKsld7ed2f31.sys [7/21/2010 9:38 PM 28752]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/13/2010 6:47 PM 38224]
.
Contents of the 'Scheduled Tasks' folder

2010-08-12 c:\windows\Tasks\User_Feed_Synchronization-{A02E79AF-3F0D-48C4-8DD0-4C6BF3B525B0}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 10:31]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-rundll32 - c:\documents and settings\Administrator.HOME-00CF9A51D7.000\rundll32.exe
HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKLM-Run-SysInternals AV - c:\program files\SysInternals.exe
HKLM-Run-pbuilder - c:\documents and settings\Owner\Application Data\Microsoft\Internet Explorer\pb32.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
SafeBoot-klmdb.sys
AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe
AddRemove-{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} - c:\program files\SUPERAntiSpyware\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-29 17:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-838170752-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,e2,ed,01,e0,83,02,45,96,84,18,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,e2,ed,01,e0,83,02,45,96,84,18,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1140)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-08-29 17:44:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-29 22:44

Pre-Run: 69,270,773,760 bytes free
Post-Run: 69,876,387,840 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect


#9 sonialisa1

sonialisa1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 29 August 2010 - 06:01 PM

however, am still unable to install hijack this.

#10 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:11:40 AM

Posted 30 August 2010 - 05:29 PM

Please rename HijackThis.exe to HijackThis2010.exe and post a fresh HJT log. The reason you need to rename HijackThis.exe is because certain malware can hide from that filename.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#11 sonialisa1

sonialisa1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 03 September 2010 - 07:12 AM

Renamed as you suggested and still unable to install. Once again the msg pops up that the "administror" won't allow installation.

I appreciate all the advice you've given so far. Is there something else I can try or something else i need to do?

#12 sonialisa1

sonialisa1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 07 September 2010 - 07:49 AM

ComboFix 10-09-06.04 - Administrator 09/07/2010 7:39.2.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.824 [GMT -5:00]
Running from: E:\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\NetworkService\Application Data\wcenr.exe
c:\documents and settings\Owner\Application Data\wcenr.exe
c:\documents and settings\Owner\Local Settings\Application Data\{33FFAD9C-720F-434F-902E-DCF098C50495}
c:\documents and settings\Owner\Local Settings\Application Data\{33FFAD9C-720F-434F-902E-DCF098C50495}\chrome\content\_cfg.js
c:\documents and settings\Owner\Local Settings\Application Data\{33FFAD9C-720F-434F-902E-DCF098C50495}\chrome\content\overlay.xul
c:\documents and settings\Owner\Local Settings\Application Data\{33FFAD9C-720F-434F-902E-DCF098C50495}\install.rdf

.
((((((((((((((((((((((((( Files Created from 2010-08-07 to 2010-09-07 )))))))))))))))))))))))))))))))
.

2010-08-30 00:23 . 2010-08-30 00:23 -------- d-----w- c:\documents and settings\Administrator.HOME-00CF9A51D7.000\Local Settings\Application Data\Yahoo
2010-08-23 19:58 . 2010-08-23 19:58 -------- d-----w- c:\documents and settings\Administrator.HOME-00CF9A51D7.000\Application Data\Yahoo!
2010-08-22 22:33 . 2010-08-22 22:41 -------- d-----w- c:\program files\trend micro
2010-08-22 22:33 . 2010-08-22 22:34 -------- d-----w- C:\rsit
2010-08-17 10:17 . 2010-08-17 10:17 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-08-15 01:39 . 2010-08-15 04:22 -------- d-----w- c:\documents and settings\Administrator.HOME-00CF9A51D7.000\Application Data\W Photo Studio
2010-08-14 23:30 . 2010-08-14 23:30 -------- d-----w- C:\TDSSKiller_Quarantine
2010-08-14 22:11 . 2010-08-14 22:11 63488 ----a-w- c:\documents and settings\Administrator.HOME-00CF9A51D7.000\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-14 22:11 . 2010-08-14 22:11 52224 ----a-w- c:\documents and settings\Administrator.HOME-00CF9A51D7.000\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-14 22:11 . 2010-08-14 22:11 117760 ----a-w- c:\documents and settings\Administrator.HOME-00CF9A51D7.000\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-14 22:10 . 2010-08-14 22:10 -------- d-----w- c:\documents and settings\Administrator.HOME-00CF9A51D7.000\Application Data\SUPERAntiSpyware.com
2010-08-13 23:47 . 2010-08-13 23:47 -------- d-----w- c:\documents and settings\Administrator.HOME-00CF9A51D7.000\Application Data\Malwarebytes
2010-08-13 23:47 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-13 23:47 . 2010-08-13 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-13 23:47 . 2010-08-16 19:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-13 23:47 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-13 01:53 . 2010-08-13 01:53 59408 ----a-w- c:\documents and settings\Administrator.HOME-00CF9A51D7.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-12 22:45 . 2010-08-12 22:45 -------- d-sh--w- c:\documents and settings\Administrator.HOME-00CF9A51D7.000\PrivacIE
2010-08-12 22:45 . 2010-08-12 22:45 -------- d-sh--w- c:\documents and settings\Administrator.HOME-00CF9A51D7.000\IETldCache
2010-08-12 22:45 . 2010-08-15 00:57 -------- d-----w- c:\documents and settings\Administrator.HOME-00CF9A51D7.000\Local Settings\Application Data\Microsoft
2010-08-12 22:45 . 2010-08-29 22:36 -------- d-----w- c:\documents and settings\Administrator.HOME-00CF9A51D7.000
2010-08-12 22:09 . 2010-08-12 22:09 -------- d-sh--w- c:\documents and settings\Administrator.HOME-00CF9A51D7\PrivacIE
2010-08-12 22:08 . 2010-08-12 22:08 -------- d-sh--w- c:\documents and settings\Administrator.HOME-00CF9A51D7\IETldCache
2010-08-12 22:08 . 2010-08-15 00:57 -------- d-----w- c:\documents and settings\Administrator.HOME-00CF9A51D7
2010-08-12 21:38 . 2010-08-12 21:38 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-08-12 21:37 . 2010-08-12 21:37 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-08-12 21:37 . 2010-08-15 00:57 -------- d-----w- c:\documents and settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 01:42 . 2010-08-15 06:21 163932 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
2010-08-15 01:01 . 2010-08-15 01:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-15 01:01 . 2010-01-30 03:30 -------- d-----w- c:\program files\MySpace
2010-08-14 23:59 . 2004-08-12 14:07 360320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-11 23:44 . 2010-07-28 22:14 27591840 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
2010-07-19 14:00 . 2008-04-17 19:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-19 12:05 . 2010-07-19 03:04 120 ----a-w- c:\windows\Eromuyebi.dat
2010-07-19 12:05 . 2010-07-19 03:04 0 ----a-w- c:\windows\Phitihosozidohu.bin
2010-06-14 14:30 . 2008-04-17 17:47 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-05-06 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-05-06 118784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-04-21 77824]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-09-24 868352]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-07-15 319488]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 8\PostUpdate.exe" [2010-08-14 53248]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-8-11 757760]
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:bit
"6882:TCP"= 6882:TCP:bit
"6883:TCP"= 6883:TCP:bit
"6884:TCP"= 6884:TCP:bit
"6885:TCP"= 6885:TCP:bit
"6886:TCP"= 6886:TCP:bit
"6887:TCP"= 6887:TCP:bit
"6888:TCP"= 6888:TCP:bit
"6889:TCP"= 6889:TCP:bit

S1 MpKsld7ed2f31;MpKsld7ed2f31;c:\windows\system32\MpEngineStore\MpKsld7ed2f31.sys [7/21/2010 9:38 PM 28752]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/13/2010 6:47 PM 38224]
.
Contents of the 'Scheduled Tasks' folder

2010-08-12 c:\windows\Tasks\User_Feed_Synchronization-{A02E79AF-3F0D-48C4-8DD0-4C6BF3B525B0}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 10:31]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-07 07:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-838170752-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,e2,ed,01,e0,83,02,45,96,84,18,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,e2,ed,01,e0,83,02,45,96,84,18,\
.
Completion time: 2010-09-07 07:46:53
ComboFix-quarantined-files.txt 2010-09-07 12:46
ComboFix2.txt 2010-08-29 22:44

Pre-Run: 69,788,332,032 bytes free
Post-Run: 70,826,459,136 bytes free





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users