Hi,
Here are the logs you wanted posted. First one is ComboFix, second one is Malewarebytes. The ComboFix only took like 15-20 minutes this time, so that's good. So far, the computer is running good. Is there anything else you would like me to do to further fix the problem?
Thanks.
ComboFix 09-09-09.09 - UPSAIR 09/10/2009 14:24.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.39 [GMT -4:00]
Running from: c:\documents and settings\UPSAIR\Desktop\cmf.com
Command switches used :: c:\docume~1\UPSAIR\Desktop\CFScript.txt
AV: Trend Micro Internet Security Pro *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
FILE ::
"c:\windows\svchasts.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\test.txt
c:\windows\svchasts.exe
c:\windows\system32\kdfinj.dll
.
((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 )))))))))))))))))))))))))))))))
.
2009-09-10 16:14 . 2009-09-10 16:14 -------- d-----w- c:\documents and settings\Emma\Application Data\Skinux
2009-09-10 16:12 . 2009-09-10 16:12 -------- d-----w- c:\documents and settings\Emma\Local Settings\Application Data\Identities
2009-09-10 16:12 . 2009-09-10 16:12 -------- d-----w- c:\documents and settings\Emma\Local Settings\Application Data\ArcSoft
2009-09-10 16:12 . 2009-09-10 16:12 -------- d-----w- c:\documents and settings\Emma\Application Data\Windows Desktop Search
2009-09-10 16:11 . 2009-09-10 16:11 -------- d-----w- c:\documents and settings\Emma\Application Data\ArcSoft
2009-09-10 02:20 . 2009-09-10 02:20 104400 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-09 23:24 . 2009-09-09 23:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\Uniblue
2009-09-08 02:42 . 2009-09-08 02:42 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\KodakGallery
2009-09-08 02:42 . 2009-09-08 02:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skinux
2009-08-22 20:27 . 2009-08-22 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 16:43 . 2008-12-31 03:15 77824 ----a-w- c:\windows\system32\kdfapi.dll
2009-09-10 16:43 . 2008-12-31 03:15 192512 ----a-w- c:\windows\system32\kdfvmgr.exe
2009-09-10 16:43 . 2008-12-31 03:14 53248 ----a-w- c:\windows\system32\Kdfhok.dll
2009-09-10 16:43 . 2008-12-31 03:14 387288 ----a-w- c:\windows\system32\kdfmgr.exe
2009-09-10 16:23 . 2007-12-11 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-10 02:26 . 2004-08-11 22:00 56320 ------w- c:\windows\system32\eventlog.dll
2009-09-09 23:27 . 2009-05-25 18:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-07 12:25 . 2009-08-10 20:08 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-21 01:39 . 2006-09-13 12:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-16 14:36 . 2004-08-11 22:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-11 22:00 81920 ----a-w- c:\windows\system32\fontsub.dll
.
(((((((((((((((((((((((((((((
SnapShot@2009-09-10_09.27.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-16 14:36 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll
- 2007-12-11 22:41 . 2009-06-14 07:01 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-12-11 22:41 . 2009-09-10 16:23 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-12-11 22:41 . 2009-06-14 07:01 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-12-11 22:41 . 2009-09-10 16:23 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-12-11 22:41 . 2009-06-14 07:01 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
+ 2007-12-11 22:41 . 2009-09-10 16:23 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-01-07 01:31 . 2009-01-07 01:31 48512 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\PUBTRAP.DLL
+ 2009-09-10 16:22 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971633\update\spcustom.dll
+ 2009-09-10 16:22 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971633\spmsg.dll
+ 2009-09-10 16:16 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB961371\update\spcustom.dll
+ 2009-09-10 16:16 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB961371\spmsg.dll
+ 2009-06-16 14:43 . 2009-06-16 14:43 81920 c:\windows\$hf_mig$\KB961371\SP3QFE\fontsub.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2007-12-11 22:41 . 2009-09-10 16:23 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-12-11 22:41 . 2009-06-14 07:01 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-12-11 22:41 . 2009-09-10 16:23 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
- 2007-12-11 22:41 . 2009-06-14 07:01 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
- 2007-12-11 22:41 . 2009-06-14 07:01 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-12-11 22:41 . 2009-09-10 16:23 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-12-11 22:41 . 2009-09-10 16:23 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
- 2007-12-11 22:41 . 2009-06-14 07:01 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
- 2007-12-11 22:41 . 2009-06-14 07:01 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
+ 2007-12-11 22:41 . 2009-09-10 16:23 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
+ 2009-03-06 07:41 . 2009-03-06 07:41 589704 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\PUBCONV.DLL
+ 2009-01-08 14:59 . 2009-01-08 14:59 624520 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\PTXT9.DLL
+ 2008-10-25 10:21 . 2008-10-25 10:21 136072 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\PRTF9.DLL
+ 2008-11-04 04:04 . 2008-11-04 04:04 498072 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MORPH9.DLL
+ 2009-09-10 16:22 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB971633\update\updspapi.dll
+ 2009-09-10 16:22 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB971633\update\update.exe
+ 2009-09-10 16:22 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971633\spuninst.exe
+ 2009-09-10 16:16 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB961371\update\updspapi.dll
+ 2009-09-10 16:16 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB961371\update\update.exe
+ 2009-09-10 16:16 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB961371\spuninst.exe
+ 2009-06-16 14:43 . 2009-06-16 14:43 119808 c:\windows\$hf_mig$\KB961371\SP3QFE\t2embed.dll
+ 2004-08-11 22:00 . 2009-06-03 19:09 1291264 c:\windows\system32\quartz.dll
+ 2008-05-07 05:12 . 2009-06-03 19:09 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2009-05-26 22:54 . 2009-05-26 22:54 4192768 c:\windows\Installer\b8a52.msp
+ 2009-07-02 20:23 . 2009-07-02 20:23 5027328 c:\windows\Installer\b8a3a.msp
- 2007-12-11 22:41 . 2009-06-14 07:01 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-12-11 22:41 . 2009-09-10 16:23 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-12-11 22:41 . 2009-09-10 16:23 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
- 2007-12-11 22:41 . 2009-06-14 07:01 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-03-06 07:41 . 2009-03-06 07:41 9589096 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MSPUB.EXE
+ 2009-06-03 19:12 . 2009-06-03 19:12 1291264 c:\windows\$hf_mig$\KB971633\SP3QFE\quartz.dll
+ 2006-10-17 13:40 . 2009-07-07 15:10 24539592 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-08 68856]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-12-31 497008]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-04-01 995528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-12-31 497008]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-13 24576]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/25/2009 2:40 PM 130936]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/8/2005 8:46 PM 61440]
R2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [12/30/2008 8:36 PM 181584]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [12/30/2008 8:29 PM 36368]
R2 WUSB300NSvc;WUSB300NSvc;c:\program files\Linksys\WUSB300N\WLService.exe [12/27/2007 8:45 PM 53307]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [12/30/2008 8:29 PM 335376]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [10/18/2007 10:04 AM 50192]
S2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [12/30/2008 8:34 PM 497008]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [12/30/2008 8:35 PM 677128]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/25/2009 2:40 PM 348752]
.
Contents of the 'Scheduled Tasks' folder
2009-07-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://hgtv.com/uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: foxnews.com\www
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com\download
FF - ProfilePath - c:\documents and settings\UPSAIR\Application Data\Mozilla\Firefox\Profiles\56j0aow5.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.facebook.com/|http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:officialFF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFTMUFEHelper.dll
FF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFToolbarComm.dll
FF - plugin: c:\documents and settings\UPSAIR\Application Data\Mozilla\Firefox\Profiles\56j0aow5.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npImgCtl.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-09-10 14:34
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-09-10 14:37
ComboFix-quarantined-files.txt 2009-09-10 18:37
ComboFix2.txt 2009-09-10 09:37
Pre-Run: 45,009,371,136 bytes free
Post-Run: 45,003,481,088 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
201 --- E O F --- 2009-09-10 16:23
Malwarebytes' Anti-Malware 1.40
Database version: 2773
Windows 5.1.2600 Service Pack 3
9/10/2009 4:02:34 PM
mbam-log-2009-09-10 (16-02-34).txt
Scan type: Full Scan (C:\|)
Objects scanned: 184890
Time elapsed: 58 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\svchasts.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hjgruicqjnqygx.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\desote.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\winhelper.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\winupdate.exe.vir (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP990\A0085998.dll (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP991\A0086286.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.