New
#21
Resulting ComboFix.TXT ....
Thank you so much for your detailed instructions and utility to run, Jacee.
Here's my ComboFix.TXT below. I had to uninstall MSE before I ran ComboFix (because I could not open it) and I shall reinstall it now that its done.
What should be my next step?
Many Thanks...Mimi
------------------------------------------
ComboFix 10-12-14.07 - mimitam 12/15/2010 10:18:52.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2430.1422 [GMT -5:00]
Running from: c:\users\mimitam\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\data
c:\program files\Common Files\Uninstall
c:\users\mimitam\AppData\Roaming\alot
c:\users\mimitam\AppData\Roaming\completescan
c:\users\mimitam\AppData\Roaming\install
c:\users\mimitam\AppData\Roaming\Microsoft\Windows\Recent\3gppprotocol.com_blog.pif
c:\users\mimitam\AppData\Roaming\Microsoft\Windows\Recent\Baidu.pif
c:\users\mimitam\AppData\Roaming\RacRulesy.dll
c:\windows\XSxS
.
((((((((((((((((((((((((( Files Created from 2010-11-15 to 2010-12-15 )))))))))))))))))))))))))))))))
.
2010-12-15 15:26 . 2010-12-15 15:27 -------- d-----w- c:\users\mimitam\AppData\Local\temp
2010-12-15 15:26 . 2010-12-15 15:26 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2010-12-15 15:26 . 2010-12-15 15:26 -------- d-----w- c:\users\LogMeInRemoteUser.mimitam-Laptop\AppData\Local\temp
2010-12-15 15:26 . 2010-12-15 15:26 -------- d-----w- c:\users\LogMeInRemoteUser.mimitam-Laptop.000\AppData\Local\temp
2010-12-15 15:26 . 2010-12-15 15:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-12 17:44 . 2010-12-12 17:44 -------- d-----w- c:\windows\system32\BestPractices
2010-12-12 17:44 . 2010-12-12 17:44 -------- d-----w- C:\inetpub
2010-12-12 17:28 . 2010-11-16 17:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C5EC9CCB-4308-48E4-BA7F-735388E824E3}\mpengine.dll
2010-12-10 16:18 . 2010-12-10 16:18 -------- d-----w- c:\users\mimitam\AppData\Roaming\SUPERAntiSpyware.com
2010-12-10 16:18 . 2010-12-10 16:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-12-10 16:18 . 2010-12-10 16:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-10 01:58 . 2010-12-10 01:58 -------- d-----w- c:\program files\Common Files\Java
2010-12-02 23:10 . 2010-12-11 01:39 -------- d-----w- c:\users\mimitam\AppData\Roaming\vlc
2010-12-02 23:09 . 2010-12-02 23:09 -------- d-----w- c:\users\mimitam\AppData\Local\Graboid
2010-12-02 23:09 . 2010-12-02 23:09 -------- d-----w- c:\users\mimitam\AppData\Roaming\MozillaControl
2010-12-02 23:08 . 2010-12-02 23:08 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2010-12-02 23:07 . 2010-12-02 23:07 -------- d-----w- c:\program files\VideoLAN
2010-11-24 14:48 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-20 19:01 . 2010-10-20 19:01 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-20 16:10 . 2010-10-20 16:10 184 ----a-w- c:\users\mimitam\AppData\Roaming\31441.bat
2010-10-19 15:41 . 2010-01-17 19:28 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-27 18:50 . 2010-10-06 19:31 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-09-27 18:49 . 2010-10-06 19:31 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-09-27 18:49 . 2010-10-06 19:31 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-09-27 18:49 . 2010-10-06 19:31 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-09-23 04:47 . 2010-09-23 04:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-21 18:03 . 2010-09-21 18:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-07 202256]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
c:\users\mimitam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
SDK Tray Menu.lnk - c:\sun\SDK\jdk\bin\javaw.exe [2009-12-15 384000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares destiny]
2007-08-27 22:02 2973184 ----a-w- c:\program files\Ares Destiny\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2010-05-31 15:31 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=""
"FirewallOverride"=""
R2 AppServer9PE;SunJavaSystemAppserver9PE;c:\sun\SDK\lib\appservService.exe [2010-01-23 26826]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-06 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-20 691696]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-09-27 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-05-31 12856]
S2 NfsClnt;Client for NFS;c:\windows\system32\nfsclnt.exe [2009-07-14 52736]
S3 NfsRdr;Client for NFS Redirector;c:\windows\system32\drivers\nfsrdr.sys [2009-07-13 201216]
S3 RpcXdr;Server for NFS Open RPC (ONCRPC);c:\windows\system32\drivers\rpcxdr.sys [2009-07-13 86528]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2086743
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Download all by YouTube Robot - c:\program files\YouTubeRobot\downall.htm
IE: Download by YouTube Robot - c:\program files\YouTubeRobot\downlink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
Trusted Zone: qword.com
FF - ProfilePath - c:\users\mimitam\AppData\Roaming\Mozilla\Firefox\Profiles\hoyeuxwb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - CNN.com - Breaking News, U.S., World, Weather, Entertainment & Video News
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z021&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - hxxp://www.justhost.com
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-HJVZH - c:\users\mimitam\AppData\Roaming\RacRulesy.dll
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
MSConfigStartUp-Zune Launcher - c:\program files\Zune\ZuneLauncher.exe
AddRemove-SmartDraw VP - c:\smartd~1\Uninstall.exe
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-12-15 10:28:43
ComboFix-quarantined-files.txt 2010-12-15 15:28
Pre-Run: 17,263,755,264 bytes free
Post-Run: 16,948,297,728 bytes free
- - End Of File - - ACF53B083BF58A4B1D7EB4EF7D6794A5