ComboFix Log attached.......
ComboFix 12-02-11.02 - flabuski 02/11/2012 14:00:17.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1546 [GMT -5:00]
Running from: c:\documents and settings\flabuski\My Documents\Downloads\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\flabuski.dat
c:\data\testflag.dat
c:\documents and settings\flabuski\Start Menu\Programs\System Check
c:\documents and settings\flabuski\Start Menu\Programs\System Check\System Check.lnk
c:\documents and settings\flabuski\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\documents and settings\flabuski\WINDOWS
c:\windows\_ds3162.tmp
c:\windows\bwUnin-6.1.4.36-8876480L.exe
c:\windows\system32\SET77.tmp
c:\windows\system32\SET7C.tmp
c:\windows\system32\SET83.tmp
c:\windows\system32\setb0.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))
.
.
2012-02-11 15:32 . 2012-02-11 15:32 -------- d-----w- c:\documents and settings\flabuski\Application Data\Malwarebytes
2012-02-11 15:32 . 2012-02-11 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-11 15:32 . 2012-02-11 16:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-11 15:32 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-10 22:40 . 2012-02-10 22:40 9604712 ---ha-w- C:\mc.exe
2012-02-10 19:54 . 2012-02-10 19:54 -------- d--h--w- c:\documents and settings\flabuski\Application Data\SUPERAntiSpyware.com
2012-02-10 19:52 . 2012-02-10 19:54 -------- d--h--w- c:\program files\SUPERAntiSpyware
2012-02-10 19:52 . 2012-02-10 19:52 -------- d--h--w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-02-10 19:47 . 2012-02-10 19:47 -------- d-----w- C:\_OTL
2012-02-10 19:14 . 2012-02-10 22:46 -------- d--h--w- c:\documents and settings\Administrator
2012-02-10 18:44 . 2012-02-10 18:44 879700 ---ha-w- C:\SecurityCheck.exe
2012-02-10 18:34 . 2012-02-10 18:35 4733440 ---ha-w- C:\aswMBR.exe
2012-02-10 18:16 . 2012-02-10 18:16 584192 ---ha-w- C:\OTL.com
2012-01-27 23:42 . 2011-12-21 07:24 121816 ---ha-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-01-27 23:42 . 2011-12-21 07:24 97240 ---ha-w- c:\program files\Mozilla Firefox\libEGL.dll
2012-01-27 23:42 . 2011-12-21 07:24 814040 ---ha-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2012-01-27 23:42 . 2011-12-21 07:24 486360 ---ha-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2012-01-27 23:42 . 2011-12-21 07:24 43992 ---ha-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-27 23:42 . 2011-12-21 07:24 2124760 ---ha-w- c:\program files\Mozilla Firefox\mozjs.dll
2012-01-27 23:42 . 2011-12-21 07:24 15832 ---ha-w- c:\program files\Mozilla Firefox\mozalloc.dll
2012-01-27 23:42 . 2011-12-21 04:30 626688 ---ha-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-27 23:42 . 2011-12-21 04:30 548864 ---ha-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-27 23:42 . 2011-12-21 04:30 479232 ---ha-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-27 23:42 . 2011-12-21 04:30 2106216 ---ha-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-01-27 23:42 . 2011-12-21 04:30 1998168 ---ha-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-01-27 23:36 . 2011-12-21 07:24 16856 ---ha-w- c:\program files\Mozilla Firefox\plugin-container.exe
2012-01-24 09:38 . 2012-01-24 09:38 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-20 23:59 . 2012-01-20 23:59 -------- d--h--w- c:\documents and settings\flabuski\Local Settings\Application Data\Temp
2012-01-20 23:59 . 2012-01-20 23:59 -------- d--h--w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2012-01-20 23:55 . 2012-01-20 23:55 -------- d--h--w- c:\program files\Defraggler
2012-01-20 23:54 . 2012-01-20 23:54 -------- d--h--w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2012-01-20 16:57 . 2012-01-20 16:57 -------- d--h--w- c:\documents and settings\flabuski\Local Settings\Application Data\PCHealth
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2001-08-23 12:00 293376 ---ha-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2001-08-23 12:00 1859584 ---ha-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-06-04 15:40 60416 ---ha-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-07-14 11:44 354816 ---ha-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2001-08-23 12:00 152064 ---ha-w- c:\windows\system32\schannel.dll
2011-12-21 07:24 . 2012-01-27 23:42 121816 ---ha-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-09-29 12:07 . 2009-05-04 11:44 22576 ---ha-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-03-30 1721192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2008-05-26 1630208]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-26 8523776]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2003-09-01 1200178]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2008-05-13 136512]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 28160]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-26 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
.
c:\documents and settings\flabuski\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk - c:\windows\system32\RunDll32.exe [2001-8-23 33280]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ---ha-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1004336348-2077806209-725345543-2924\Scripts\Logoff\0\0]
"Script"=lo1.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1004336348-2077806209-725345543-2924\Scripts\Logon\0\0]
"Script"=li1.cmd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Netlogon"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\SkyGolf\\SkyCaddie Desktop\\SkyCaddieDesktop.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25374:TCP"= 25374:TCP:SNL Inbound
"25375:TCP"= 25375:TCP:SNL Outbound
"52311:UDP"= 52311:UDP:BES Client
.
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [8/19/2005 7:00 AM 4064]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [9/29/2008 7:07 AM 19456]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [5/4/2009 6:44 AM 67904]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/20/2012 6:54 PM 136176]
S3 DVXUSBKS;DVXCEL Streaming Class Driver;c:\windows\system32\drivers\DVXUSBKS.sys [8/29/2003 11:26 AM 46397]
S3 DVXUSBLD;DVXUSBLD;c:\windows\system32\drivers\DVXUSBLD.SYS [8/28/2003 12:34 PM 65241]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/20/2012 6:54 PM 136176]
S3 lredbooo;lredbooo;\??\c:\docume~1\flabuski\LOCALS~1\Temp\lredbooo.sys --> c:\docume~1\flabuski\LOCALS~1\Temp\lredbooo.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [5/4/2009 6:44 AM 64432]
S3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\Drivers\Pcouffin.sys --> c:\windows\system32\Drivers\Pcouffin.sys [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 6:01 AM 2799808]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2012-02-10 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-03-30 22:48]
.
2012-02-11 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-03-30 22:48]
.
2012-02-10 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-03-30 22:48]
.
2012-02-10 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-03-30 22:48]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-20 23:54]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-20 23:54]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.cnn.com/uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant =
hxxp://www.google.com/ieuSearchURL,(Default) =
hxxp://www.google.com/search?q=%sIE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cabDPF: {1ED48504-8834-11D5-AC75-0008C73FD642} -
file://c:\program files\proeWildfire 2.0\i486_nt\obj\pvx_install.exe
DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} -
hxxp://www.techsmith.com/codec/tsccinst.cabFF - ProfilePath - c:\documents and settings\flabuski\Application Data\Mozilla\Firefox\Profiles\89ohh2zp.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.drudgereport.com/.
- - - - ORPHANS REMOVED - - - -
.
Notify-NavLogon - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2012-02-11 14:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F9E7FB8A-7FC0-F5C6-C2C005BCC6E52A75}\{38D64012-6403-EA81-41E60280EAB79558}\{8D4E630B-001F-4733-DF87B943421629E7}*]
"63AUOURV1X6YIYB2ELIFO4LTRC1"=hex:01,00,01,00,00,00,00,00,87,da,ad,38,2b,26,f8,
c3,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(612)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-02-11 14:14:21
ComboFix-quarantined-files.txt 2012-02-11 19:14
.
Pre-Run: 46,040,678,400 bytes free
Post-Run: 46,122,287,104 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut
.
- - End Of File - - 267D1AA246F99546ED21017144D4A272