OK, it still thinks I have the Kasperky program installed, but here are the results from combofix being run after CFScript is placed over commy.exe. Again, thank you very much for the help with this!
ComboFix 09-11-01.04 - Steve 11/02/2009 20:35.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.578 [GMT -5]
Running from: c:\documents and settings\Steve\Desktop\commy.exe
Command switches used :: c:\documents and settings\Steve\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Created a new restore point
FILE ::
"C:\cobch.exe"
"C:\nmswcnsf.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\cobch.exe
C:\nmswcnsf.exe
c:\program files\centipede
c:\program files\centipede\changes.rtf
c:\program files\centipede\Languages\albanian.lng
c:\program files\centipede\Languages\arabic.lng
c:\program files\centipede\Languages\bosnian.lng
c:\program files\centipede\Languages\bulgarian.lng
c:\program files\centipede\Languages\catalan.lng
c:\program files\centipede\Languages\chineseSI.lng
c:\program files\centipede\Languages\chineseTR.lng
c:\program files\centipede\Languages\croatian.lng
c:\program files\centipede\Languages\czech.lng
c:\program files\centipede\Languages\danish.lng
c:\program files\centipede\Languages\dutch.lng
c:\program files\centipede\Languages\english.lng
c:\program files\centipede\Languages\estonian.lng
c:\program files\centipede\Languages\finnish.lng
c:\program files\centipede\Languages\french.lng
c:\program files\centipede\Languages\german.lng
c:\program files\centipede\Languages\greek.lng
c:\program files\centipede\Languages\hebrew.lng
c:\program files\centipede\Languages\hungarian.lng
c:\program files\centipede\Languages\italian.lng
c:\program files\centipede\Languages\korean.lng
c:\program files\centipede\Languages\latvian.lng
c:\program files\centipede\Languages\macedonian.lng
c:\program files\centipede\Languages\norwegian.lng
c:\program files\centipede\Languages\polish.lng
c:\program files\centipede\Languages\portugueseBR.lng
c:\program files\centipede\Languages\portuguesePT.lng
c:\program files\centipede\Languages\romanian.lng
c:\program files\centipede\Languages\russian.lng
c:\program files\centipede\Languages\serbian.lng
c:\program files\centipede\Languages\slovak.lng
c:\program files\centipede\Languages\slovenian.lng
c:\program files\centipede\Languages\spanish.lng
c:\program files\centipede\Languages\swedish.lng
c:\program files\centipede\Languages\turkish.lng
c:\program files\centipede\Languages\ukrainian.lng
c:\program files\centipede\license.txt
c:\program files\centipede\mbam.chm
c:\program files\centipede\mbam.dll
c:\program files\centipede\mbamext.dll
c:\program files\centipede\mbamgui.exe
c:\program files\centipede\mbamservice.exe
c:\program files\centipede\ssubtmr6.dll
c:\program files\centipede\unins000.dat
c:\program files\centipede\unins000.exe
c:\program files\centipede\unins000.msg
c:\program files\centipede\vbalsgrid6.ocx
c:\program files\centipede\zlib.dll
C:\SafetyCenter
c:\safetycenter\main.ico
c:\safetycenter\new.exe
c:\safetycenter\protector.exe
c:\safetycenter\sound.wav
c:\safetycenter\start.exe
c:\safetycenter\tst.exe
c:\safetycenter\uninstall.exe
.
((((((((((((((((((((((((( Files Created from 2009-10-03 to 2009-11-03 )))))))))))))))))))))))))))))))
.
2009-11-02 19:38 . 2009-11-02 19:50 -------- d-----w- C:\commy17334c
2009-11-02 04:21 . 2009-11-02 04:51 -------- d-----w- C:\commy
2009-11-02 01:54 . 2009-11-02 02:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-02 01:53 . 2009-11-02 01:53 -------- d-----w- C:\Malwarebytes_Anti-Malware_1.41
2009-11-02 01:53 . 2009-11-02 01:53 7171690 ----a-w- C:\Malwarebytes_Anti-Malware_1.41.zip
2009-11-02 01:42 . 2009-11-02 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\msca
2009-10-26 06:11 . 2009-10-26 06:11 -------- d-----w- c:\documents and settings\Steve\Application Data\Malwarebytes
2009-10-26 06:11 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-26 06:11 . 2009-10-26 06:11 -------- d-----w- c:\program files\maw
2009-10-26 06:11 . 2009-10-26 06:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-26 06:11 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 02:32 . 2009-08-25 00:07 0 ----a-r- c:\windows\win32k.sys
2009-10-26 06:21 . 2007-03-08 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\1Click DVD Copy Pro
2009-10-26 05:16 . 2007-01-03 23:14 -------- d-----w- c:\documents and settings\Steve\Application Data\1clickPro
2009-10-26 04:41 . 2008-05-16 01:30 -------- d-----w- c:\program files\Yahoo!
2009-10-26 04:40 . 2007-07-01 05:01 -------- d-----w- c:\program files\Real
2009-10-26 04:40 . 2006-06-23 10:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-26 04:25 . 2007-11-26 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-10-25 23:20 . 2007-11-29 02:49 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2009-10-25 23:20 . 2007-11-29 02:49 -------- d-----w- c:\program files\dvd43
2009-10-25 23:18 . 2007-01-03 22:51 -------- d-----w- c:\documents and settings\Steve\Application Data\Vso
2009-10-20 13:04 . 2007-03-09 22:44 -------- d-----w- c:\program files\IrfanView
2009-10-19 11:35 . 2006-07-26 21:11 -------- d-----w- c:\program files\Thumbs7
2009-10-16 03:22 . 2006-06-23 02:13 28232 ----a-w- c:\documents and settings\Steve\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-18 18:58 . 2007-03-10 02:12 -------- d-----w- c:\program files\PasswordSafe
2009-09-11 14:33 . 2002-06-25 21:42 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2002-06-25 21:41 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-01-08 19:23 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2002-06-25 21:37 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:16 . 2002-06-25 21:47 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 19:09 . 2009-08-20 19:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:11 . 2002-06-25 21:42 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 02:05 . 2009-08-02 02:05 39424 --sha-w- c:\windows\system32\maligoha.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tracks Eraser Pro"="c:\program files\Acesoft\Tracks Eraser Pro\te.exe" [2009-06-24 1437504]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-21 148776]
"BTCLiveUpdate"="c:\program files\LiveUpdate\LiveUpdate.exe" [2004-03-08 430080]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-10-06 49152]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-20 20480]
"iRiver Updater"="\Updater.exe" [2004-07-01 212992]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-07-01 185632]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-16 1169776]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-16 1945960]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-06-11 153136]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2006-01-06 348160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-10-06 741376]
c:\documents and settings\Steve\Start Menu\Programs\Startup\
PGPtray.exe [2004-6-9 339968]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-1-1 114688]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2006-8-14 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R2 BT848;AVerMedia, AVerTV WDM Video Capture;c:\windows\system32\drivers\BT848.sys [6/23/2006 5:02 AM 260072]
R2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [6/23/2006 5:05 AM 22016]
R2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [6/23/2006 5:05 AM 13312]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 4:45 AM 13088]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [4/1/2008 7:41 PM 598856]
S3 EraserUtilDrv10741;EraserUtilDrv10741;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [3/27/2006 5:53 PM 167808]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-10-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.10tv.com/mWindow Title =
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab.
- - - - ORPHANS REMOVED - - - -
AddRemove-Malwarebytes' Anti-Malware_is1 - c:\program files\centipede\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-11-02 20:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\RtlGina2.dll
- - - - - - - > 'lsass.exe'(864)
c:\windows\system32\relog_ap.dll
.
Completion time: 2009-11-03 20:44
ComboFix-quarantined-files.txt 2009-11-03 01:44
ComboFix2.txt 2009-11-02 19:50
ComboFix3.txt 2009-11-02 04:51
Pre-Run: 26,686,025,728 bytes free
Post-Run: 26,671,898,624 bytes free
- - End Of File - - 834F45C1618DEC258D25200A598EB451
EDITED TO ADD:
I just tried to reinstall the malwarebyte's anti-malware again. It allowed me to reinstall it over the existing installation & actually allowed me to update it and run it! (I did not take any action after it was done with the scan.) So far, I am able to get to my homepage, etc. It SEEMS to be OK now, but I'll leave that up to you to decide!
The following is the log file that the malwarebyte program created:
Malwarebytes' Anti-Malware 1.41
Database version: 3090
Windows 5.1.2600 Service Pack 2
11/2/2009 9:51:24 PM
mbam-log-2009-11-02 (21-51-17).txt
Scan type: Quick Scan
Objects scanned: 126893
Time elapsed: 4 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{051c9a06-fb08-486f-b09b-8b33b261637d} (Rogue.AntiVirus1) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{29256442-2c14-48ca-b756-3ee0f8bdc774} (Rogue.AntiVirus1) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{459b6bf8-5320-4c41-8833-85baedf31086} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086} (Trojan.FakeAlert) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\maligoha.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\win32k.sys (Trojan.Dropper) -> No action taken.
Last edited by squidboy on 3rd November 2009, 3:01 am; edited 2 times in total (Reason for editing : Able to run malwarebyte program & get to internet)