Thank YOU touch--This is driving me NUTS-i guess my McAfee subscription isnt woth the money
ComboFix 10-04-26.05 - Mark 04/27/2010 19:12:37.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.166 [GMT -4:00]
Running from: c:\documents and settings\Mark\Desktop\alg.exe.exe
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-2178163520-2491677328-1013487000-1008
c:\windows\system32\3163681347.dat
c:\windows\system32\bpghbyyg.ini
c:\windows\system32bdn.com
c:\windows\system32h@tkeysh@@k.dll
c:\windows\system32hxiwlgpm.dat
c:\windows\system32smp
c:\windows\system32smp\msrc.exe
c:\windows\system32ssvchost.com
c:\windows\system32taack.dat
c:\windows\system32temp#01.exe
Infected copy of c:\windows\system32\drivers\serial.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WSCSVCDOT3SVC
-------\Service_wscsvcDot3svc
((((((((((((((((((((((((( Files Created from 2010-03-27 to 2010-04-27 )))))))))))))))))))))))))))))))
.
2010-04-27 21:37 . 2010-04-27 21:37 -------- d-----w- c:\documents and settings\Seany D\Tracing
2010-04-26 19:49 . 2010-04-26 19:49 -------- d-----w- c:\program files\Trend Micro
2010-04-26 17:59 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-26 17:59 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 19:37 . 2010-04-23 19:37 -------- d-----w- c:\documents and settings\Mark\Application Data\SUPERAntiSpyware.com
2010-04-23 19:37 . 2010-04-23 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-23 18:48 . 2010-04-23 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-04-23 18:43 . 2010-04-23 18:43 -------- d-----w- c:\program files\Yahoo!
2010-04-23 18:43 . 2010-04-23 18:43 -------- d-----w- c:\program files\CCleaner
2010-04-23 18:31 . 2010-04-23 18:32 -------- d-----w- c:\documents and settings\Trace\Local Settings\Application Data\Google
2010-04-23 18:17 . 2010-04-23 18:17 43456 ----a-w- c:\documents and settings\Trace\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-23 16:32 . 2010-04-23 16:32 -------- d-----w- c:\program files\Windows Defender
2010-04-19 13:39 . 2001-08-17 17:57 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys
2010-04-19 13:39 . 2001-08-17 17:57 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
2010-04-17 23:35 . 2010-04-17 23:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-15 15:47 . 2010-02-24 14:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-14 14:59 . 2010-04-14 14:59 -------- d-----w- c:\documents and settings\Mark\Application Data\Malwarebytes
2010-04-14 14:58 . 2010-04-14 14:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-14 14:58 . 2010-04-26 18:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-13 21:27 . 2010-04-13 21:27 0 ----a-w- c:\documents and settings\Seany D\jagex__preferences3.dat
2010-04-10 14:46 . 2010-04-10 14:46 -------- d-----w- c:\documents and settings\Seany D\Local Settings\Application Data\Temp
2010-04-10 14:46 . 2010-04-10 14:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-04-10 14:41 . 2010-04-10 14:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-27 22:59 . 2009-05-02 13:57 -------- d-----w- c:\program files\McAfee
2010-04-27 22:59 . 2009-05-02 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-04-27 22:58 . 2009-05-02 13:58 -------- d-----w- c:\program files\Common Files\McAfee
2010-04-26 22:18 . 2004-08-04 05:00 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2010-04-26 19:58 . 2008-01-17 23:32 -------- d-----w- c:\program files\Common Files\Apple
2010-04-26 14:33 . 2008-01-10 00:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-23 18:29 . 2005-12-06 13:25 -------- d-----w- c:\program files\Java
2010-04-16 12:45 . 2005-12-06 13:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-16 12:43 . 2005-12-06 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-16 12:43 . 2005-12-06 15:12 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-16 12:41 . 2005-12-06 13:22 -------- d-----w- c:\program files\Symantec
2010-04-13 23:48 . 2009-09-13 15:48 75 ----a-w- c:\documents and settings\Seany D\jagex_runescape_preferences2.dat
2010-04-13 21:31 . 2008-07-01 20:38 41 ----a-w- c:\documents and settings\Seany D\jagex_runescape_preferences.dat
2010-04-10 14:41 . 2008-04-12 15:59 -------- d-----w- c:\program files\Google
2010-03-20 20:48 . 2008-09-03 20:38 41 ----a-w- c:\documents and settings\Mark\jagex_runescape_preferences.dat
2010-03-19 14:35 . 2009-09-12 15:04 69 ----a-w- c:\documents and settings\Mark\jagex_runescape_preferences2.dat
2010-03-11 12:38 . 2005-07-03 02:11 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 05:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-04 05:00 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-04 05:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2005-01-19 04:26 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 13:10 . 2005-03-02 00:59 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2005-03-02 00:34 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-04 05:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 05:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2009-11-16 839168]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 90112]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 45056]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"VTTimer"="VTTimer.exe" [2005-05-13 53248]
"VTTrayp"="VTtrayp.exe" [2005-05-13 143360]
"AspireService"="c:\program files\Acer\Acer eMode Management\AspireService.exe" [2005-09-30 114688]
"MediaSync"="c:\program files\Acer\Acer eConsole\MediaSync.exe" [2005-09-21 425984]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-17 397312]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Wireless 802.11g USB Adapter.lnk - c:\program files\Wireless 802.11g USB Adapter\ZDWlan.exe [2004-11-19 425984]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S1 MpKsl61b11ac6;MpKsl61b11ac6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{77D1A38D-5CA6-4FD6-8E6F-305F6C65A9A1}\MpKsl61b11ac6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{77D1A38D-5CA6-4FD6-8E6F-305F6C65A9A1}\MpKsl61b11ac6.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Mark\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Mark\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Mark\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\Mark\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/10/2010 10:41 AM 135664]
S3 PAC7311;VGA SoC PC-Camera;c:\windows\system32\drivers\PA707UCM.SYS [10/18/2005 11:48 AM 154752]
S3 SASENUM;SASENUM;\??\c:\docume~1\Mark\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\Mark\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - INT15.SYS
.
Contents of the 'Scheduled Tasks' folder
2010-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 14:41]
2010-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 14:41]
2010-04-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-NSSSetupTemp.{3FADAA19-E595-44CA-A072-58B6B0851768} - c:\program files\Common Files\Symantec Shared\NSSSetup\{3FADAA19-E595-44CA-A072-58B6B0851768}_2_0_0\NSSSetup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
https://www.gmer.net
Rootkit scan 2010-04-27 19:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1876)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Acer\Acer eConsole\MediaServerService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\VTTimer.exe
c:\windows\system32\VTtrayp.exe
.
**************************************************************************
.
Completion time: 2010-04-27 19:28:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-27 23:28
Pre-Run: 71,371,350,016 bytes free
Post-Run: 73,127,518,208 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 3D3E311D40A8819EC93282C90FF1CAB1