how-to block ads
|
Syco C
join:2009-05-19
Nicholasville, KY
| reply to CalamityJane
Re: Cant run SYSTEM RESTORE, NO SOUND, no ADMIN PRIVILEGES, etc.
omg im about to shoot myself.. LOL I ran the combofix in safemode and it acted like it went through, I have the log Ill post at the end to be looked at.
well I restarted.. ISH is still not working.. I go to run it again.. and it started scanning and then pops up saying blah blah is not a valid win32 application..
I mean.. are u serious.. the malwarebytes removed one file.. the supertrashware deleted 39 cookies
I have used hostxpert and put the host file back to ms host file.. here is the log from trash combo fix in safe mode
ComboFix 09-05-21.01 - Owner 05/21/2009 23:51.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.805 [GMT -4:00]
Running from: C:\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
D:\Desktop.ini
.
((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.
2009-05-22 03:42 . 2009-05-22 03:44 -------- d-----w C:\32788R22FWJFW.0.tmp
2009-05-22 01:35 . 2009-05-22 01:36 2969300 ----a-r C:\ComboFix.exe
2009-05-22 01:26 . 2009-05-22 01:26 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-05-22 01:26 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-22 01:25 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-22 01:25 . 2009-05-22 01:25 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-22 01:25 . 2009-05-22 01:26 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-22 01:21 . 2009-05-22 01:23 117760 ----a-w c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-22 01:19 . 2009-05-22 01:19 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-22 01:18 . 2009-05-22 01:18 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-22 01:18 . 2009-05-22 01:18 -------- d-----w c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-05-22 01:07 . 2009-05-22 01:07 57344 ----a-w c:\documents and settings\SYCO C\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-4998b368-n\Decora-SSE.dll
2009-05-22 01:07 . 2009-05-22 01:07 24064 ----a-w c:\documents and settings\SYCO C\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-3405c4c5-n\Decora-D3D.dll
2009-05-22 00:56 . 2009-05-22 01:05 -------- d-----w c:\documents and settings\SYCO C\Local Settings\Application Data\Microsoft
2009-05-22 00:17 . 2004-05-13 05:29 128 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2009-05-20 22:59 . 2009-05-20 22:59 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\ESET
2009-05-20 22:26 . 2009-05-20 22:26 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-05-05 23:03 . 2009-05-05 23:03 57344 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-26558d44-n\Decora-SSE.dll
2009-05-05 23:03 . 2009-05-05 23:03 24064 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-6a3dd334-n\Decora-D3D.dll
2009-05-05 23:02 . 2009-05-05 23:02 315392 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-2f5ca279-n\jogl.dll
2009-05-05 23:02 . 2009-05-05 23:02 20480 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-2f5ca279-n\jogl_awt.dll
2009-05-05 23:02 . 2009-05-05 23:02 114688 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-2f5ca279-n\jogl_cg.dll
2009-05-05 23:02 . 2009-05-05 23:02 20480 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-67bb9bf9-n\gluegen-rt.dll
2009-05-05 23:02 . 2009-05-05 23:02 348160 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-607cef66-n\msvcr71.dll
2009-05-05 23:02 . 2009-05-05 23:02 499712 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-607cef66-n\msvcp71.dll
2009-05-05 23:02 . 2009-05-05 23:02 499712 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-607cef66-n\jmc.dll
2009-05-05 23:02 . 2009-05-05 22:57 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-05 22:56 . 2009-05-05 22:56 152576 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-22 03:38 . 2008-06-25 03:11 -------- d-----w c:\documents and settings\Owner\Application Data\SlimBrowser
2009-05-22 02:24 . 2008-12-10 08:00 148 ---ha-w c:\windows\winshell.dat
2009-05-22 02:24 . 2001-10-17 22:09 66 ----a-w c:\windows\anticrash.dat
2009-05-22 01:17 . 2008-12-02 17:40 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-22 01:09 . 2001-10-17 22:09 61 ----a-w c:\windows\hare.dat
2009-05-22 01:07 . 2009-05-22 01:07 315392 ----a-w c:\documents and settings\SYCO C\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-7839e53a-n\jogl.dll
2009-05-22 01:07 . 2009-05-22 01:07 20480 ----a-w c:\documents and settings\SYCO C\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-7839e53a-n\jogl_awt.dll
2009-05-22 01:07 . 2009-05-22 01:07 114688 ----a-w c:\documents and settings\SYCO C\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-7839e53a-n\jogl_cg.dll
2009-05-22 01:07 . 2009-05-22 01:07 20480 ----a-w c:\documents and settings\SYCO C\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-4c1889e7-n\gluegen-rt.dll
2009-05-22 01:07 . 2009-05-22 01:07 499712 ----a-w c:\documents and settings\SYCO C\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-45a2be4b-n\msvcp71.dll
2009-05-22 01:07 . 2009-05-22 01:07 348160 ----a-w c:\documents and settings\SYCO C\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-45a2be4b-n\msvcr71.dll
2009-05-22 01:07 . 2009-05-22 01:07 499712 ----a-w c:\documents and settings\SYCO C\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-45a2be4b-n\jmc.dll
2009-05-22 01:02 . 2008-02-19 16:52 -------- d-----w c:\program files\Microsoft LifeCam
2009-05-22 01:02 . 2009-05-22 01:02 -------- d-----w c:\documents and settings\SYCO C\Application Data\Comodo
2009-05-22 01:00 . 2009-05-22 01:00 38736 ----a-w c:\documents and settings\SYCO C\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-20 22:37 . 2008-10-18 05:44 -------- d-----w c:\program files\ESET
2009-05-20 22:27 . 2008-06-30 02:39 -------- d-----w c:\documents and settings\Owner\Application Data\uTorrent
2009-05-19 05:14 . 2008-07-20 16:24 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-19 05:14 . 2007-03-18 21:19 -------- d-----w c:\program files\SpywareBlaster
2009-05-19 03:52 . 2007-08-28 19:49 -------- d-----w c:\documents and settings\Owner\Application Data\U3
2009-05-05 22:57 . 2004-05-13 03:14 -------- d-----w c:\program files\Java
2009-04-29 14:01 . 2009-04-15 15:34 -------- d-----w c:\program files\AskBarDis
2009-04-18 03:26 . 2009-01-08 03:47 -------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2009-04-18 03:24 . 2009-02-07 02:01 -------- d-----w c:\program files\TechSmith
2009-04-17 22:15 . 2009-04-17 22:15 156672 ----a-w c:\windows\system32\rmc_fixasf.exe
2009-04-17 22:15 . 2009-04-17 22:15 237568 ----a-w c:\windows\system32\rmc_rtspdl.dll
2009-04-17 22:14 . 2009-04-17 22:14 323584 ----a-w c:\windows\system32\AUDIOGENIE2.DLL
2009-04-15 15:34 . 2009-04-15 15:34 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-04-15 15:34 . 2009-04-15 15:34 -------- d-----w c:\program files\DVDVideoSoft
2009-04-07 18:56 . 2007-03-19 07:15 38736 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-07 18:47 . 2009-04-07 18:47 -------- d-----w c:\program files\Common Files\Adobe Systems Shared
2009-04-07 18:47 . 2008-03-09 00:55 -------- d-----w c:\program files\Common Files\Adobe
2009-04-02 04:27 . 2009-02-24 23:42 -------- d-----w c:\documents and settings\Owner\Application Data\Ahead
2009-03-26 21:04 . 2009-03-31 03:57 110592 ----a-w c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\lsr6ao7t.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
2009-03-19 15:45 . 2009-03-19 15:45 93848 ----a-w c:\windows\system32\drivers\epfwtdir.sys
2009-03-19 15:44 . 2009-03-19 15:44 107256 ----a-w c:\windows\system32\drivers\ehdrv.sys
2009-03-19 15:41 . 2009-03-19 15:41 113960 ----a-w c:\windows\system32\drivers\eamon.sys
2009-03-06 14:22 . 2004-08-11 23:28 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2006-06-23 16:33 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-25 00:58 . 2001-10-13 18:11 78 ----a-w c:\windows\battery.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-01-28 2387968]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-28 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-05 148888]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-11-02 126976]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-05-13 151597]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-11-02 155648]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2008-12-11 1481984]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640]
"LTMSG"="LTMSG.exe" - c:\windows\ltmsg.exe [2003-07-14 40960]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2006-05-24 17920]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2006-05-24 18944]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
AntiCrash.lnk - c:\program files\Dachshund Software\AntiCrash\AntiCrash.exe [2002-12-17 2301798]
Hare.lnk - c:\program files\Dachshund Software\Hare\Hare.exe [2002-9-21 1874381]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"aux"= ctwdm32.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Battery Doubler.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Battery Doubler.lnk
backup=c:\windows\pss\Battery Doubler.lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Dream\\Yahaven!\\Yahaven!.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/19/2009 11:45 AM 93848]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [12/11/2008 11:09 AM 79096]
S1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [12/11/2008 11:09 AM 23672]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/19/2009 11:44 AM 107256]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [3/19/2009 11:44 AM 731840]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 6:06 AM 21632]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-05-22 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-VTTimer - VTTimer.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Add to Windows &Live Favorites - »favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: adobe.com\www
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\lsr6ao7t.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - www.letsbeef.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13161&gct=&gc=1&q=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\lsr6ao7t.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2009-05-21 23:57
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~�*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(468)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-05-22 0:01
ComboFix-quarantined-files.txt 2009-05-22 04:00
Pre-Run: 5,356,564,480 bytes free
Post-Run: 6,306,299,904 bytes free
214 --- E O F --- 2009-05-22 00:06 | |
Syco C
join:2009-05-19
Nicholasville, KY
| here is the log from normal startup.. that I thought crashed cause when I came in 3 boxes were up saying that "is not a valid win32 application" but here it is if it helps.. im going to bed.. tomorrow im goign to follow the guide u posted and post back with all the details of how that went.. this other process took all night, and I didnt get anything fixed.
appreciate the help | |
Syco C
join:2009-05-19
Nicholasville, KY
| LOL my bad.. here it is
Start Time= Fri 05/22/2009 0:24:59.35
QuickScan did not find any signs of infected files
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2009-05-22 00:20:06 389120 ( A.... ) "C:\WINDOWS\system32\cmd.execf"
2009-05-22 00:06:36 64512 ( A..H. ) "C:\Documents and Settings\Owner\Application Data\dach100.dll"
2009-05-21 21:37:00 2969300 ( A...R ) "C:\ComboFix.exe"
2009-05-21 21:26:42 ( .D... ) "C:\Documents and Settings\Owner\Application Data\Malwarebytes"
2009-05-21 21:25:22 ( .D... ) "C:\Program Files\Malwarebytes' Anti-Malware"
2009-05-21 21:18:20 ( .D... ) "C:\Program Files\SUPERAntiSpyware"
2009-05-21 21:18:20 ( .D... ) "C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com"
2009-05-20 20:37:04 130048 ( A.... ) "C:\WINDOWS\PEV.exe"
2009-05-05 18:57:52 148888 ( A.... ) "C:\WINDOWS\system32\javaws.exe"
2009-05-05 18:57:52 144792 ( A.... ) "C:\WINDOWS\system32\javaw.exe"
2009-05-05 18:57:52 144792 ( A.... ) "C:\WINDOWS\system32\java.exe"
2009-05-05 18:57:50 410984 ( A.... ) "C:\WINDOWS\system32\deploytk.dll"
2009-04-20 12:56:28 31232 ( A.... ) "C:\WINDOWS\NIRCMD.exe"
2009-04-17 18:15:12 156672 ( A.... ) "C:\WINDOWS\system32\rmc_fixasf.exe"
2009-04-17 18:15:10 237568 ( A.... ) "C:\WINDOWS\system32\rmc_rtspdl.dll"
2009-04-17 18:14:06 323584 ( A.... ) "C:\WINDOWS\system32\AUDIOGENIE2.DLL"
2009-04-15 11:34:56 ( .D... ) "C:\Program Files\AskBarDis"
2009-04-15 11:34:10 ( .D... ) "C:\Program Files\DVDVideoSoft"
2009-04-15 11:34:10 ( .D... ) "C:\Program Files\Common Files\DVDVideoSoft"
2009-04-07 14:47:54 ( .D... ) "C:\Program Files\Common Files\Adobe Systems Shared"
2009-04-06 10:57:24 24921544 ( A.... ) "C:\WINDOWS\system32\MRT.exe"
2009-03-21 10:06:58 989696 ( A.... ) "C:\WINDOWS\system32\kernel32.dll"
2009-03-16 15:38:20 2528 ( A.... ) "C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc"
2009-03-06 10:22:18 284160 ( A.... ) "C:\WINDOWS\system32\pdh.dll"
2009-03-02 20:18:26 826368 ( A.... ) "C:\WINDOWS\system32\wininet.dll"
((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"LTMSG"="LTMSG.exe 7"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"AlcxMonitor"="ALCXMNTR.EXE"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"VolPanel"="\"C:\\Program Files\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanlu.exe\" /r"
"AudioDrvEmulator"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""
"CTHelper"="CTHELPER.EXE"
"CTxfiHlp"="CTXFIHLP.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"LifeCam"="\"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe\""
"COMODO Firewall Pro"="\"C:\\Program Files\\COMODO\\Firewall\\cfp.exe\" -s"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"egui"="\"C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe\" /hide /waitservice"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\SOFTWARE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\SOFTWARE\Microsoft]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\SOFTWARE\Microsoft\Windows]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\SOFTWARE\Microsoft\Windows\CurrentVersion]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"=dword:00000001
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:00000143
"NoDrives"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"LightScribe Control Panel"="C:\\Program Files\\Common Files\\LightScribe\\LightScribeControlPanel.exe -hidden"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=dword:00000000
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000143
"NoDriveAutoRun"=dword:03ffffff
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000143
"NoDriveAutoRun"=dword:03ffffff
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Battery Doubler.lnk]
"path"="C:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\Battery Doubler.lnk"
"backup"="C:\\WINDOWS\\pss\\Battery Doubler.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\DACHSH~1\\BATTER~1\\BATTER~1.EXE "
"item"="Battery Doubler"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
Completion time: Fri 05/22/2009 0:29:03.25
ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt | |
-
|
