Thread: cannot install any spyware removing software
View Single Post
Old 05-12-2007, 12:26 PM   #10 (permalink)
j1477
Registered User
 
Join Date: May 2007
Posts: 27
OS: win XP


Re: cannot install any spyware removing software
log from comFixIT

"Laura" - 2007-05-13 1:23:08 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\Laura\Desktop\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-13 ))))))))))))))))))))))))))))))))))


2007-05-12 22:28 <DIR> d-------- C:\DOCUME~1\Laura\DoctorWeb
2007-05-12 22:15 26,112 --a------ C:\WINDOWS\system32\nircmd.exe
2007-05-11 14:49 <DIR> d--hs---- C:\FOUND.001
2007-05-09 20:58 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-09 01:50 <DIR> d-------- C:\Program Files\CCleaner
2007-05-07 20:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-05-05 23:28 <DIR> d--hs---- C:\FOUND.000
2007-05-05 22:56 <DIR> d-------- C:\WINDOWS\Prefetch
2007-05-05 22:18 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-05-05 22:16 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-05-05 22:16 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-05-05 19:07 <DIR> d-------- C:\DOCUME~1\Asraf\APPLIC~1\SUPERAntiSpyware.com
2007-05-05 16:58 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-05-05 16:58 <DIR> d-------- C:\DOCUME~1\Laura\APPLIC~1\SUPERAntiSpyware.com
2007-05-05 16:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-05-05 15:57 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-05-05 15:34 <DIR> d-------- C:\Program Files\Greatis
2007-04-30 09:46 414,272 --a------ C:\WINDOWS\system32\DivXc32f.dll
2007-04-30 09:46 414,272 --a------ C:\WINDOWS\system32\DivXc32.dll
2007-04-30 09:46 <DIR> d-------- C:\temp\DivX_311alpha
2007-04-28 20:11 <DIR> d-------- C:\WINDOWS\exefld
2007-04-19 21:57 <DIR> d-------- C:\download
2007-04-19 21:57 <DIR> d-------- C:\DOCUME~1\Laura\APPLIC~1\Offline Explorer
2007-04-19 21:55 <DIR> d-------- C:\Program Files\Offline Explorer Pro
2007-04-16 02:21 <DIR> d-------- C:\mysqldriver
2007-04-15 19:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo!
2007-04-13 19:49 8,704 --a------ C:\WINDOWS\system32\Sf_scsi.dll
2007-04-13 19:49 16,896 --a------ C:\WINDOWS\system32\Sf_utl.dll
2007-04-13 19:49 114,688 --a------ C:\WINDOWS\system32\Sf_osu.dll
2007-04-13 19:49 <DIR> d-------- C:\WINDOWS\system32\COLOR
2007-04-13 19:49 <DIR> d-------- C:\temp\Disk2
2007-04-13 19:49 <DIR> d-------- C:\temp\Disk1
2007-04-13 19:49 <DIR> d-------- C:\Program Files\Canon
2007-04-13 19:48 <DIR> d-------- C:\temp\Disk3
2007-04-13 12:53 <DIR> d-------- C:\Program Files\MSECache


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-05 15:23:04 22,748 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-04-08 11:16:52 -------- d-----w C:\Program Files\Norton AntiVirus
2007-04-08 11:15:26 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-04-08 10:41:30 -------- d-----w C:\Program Files\Microsoft ActiveSync
2007-04-06 17:43:32 -------- d-----w C:\Program Files\NimoCodec Pack
2007-04-06 07:16:46 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-04-06 06:39:08 -------- d-----w C:\Program Files\Cheetah Burner
2007-04-05 16:18:02 -------- d-----w C:\Program Files\Hero3000
2007-04-05 16:09:34 -------- d-----w C:\Program Files\OrionStudiosX
2007-04-05 13:01:32 -------- d-----w C:\DOCUME~1\Laura\APPLIC~1\Help
2007-04-05 06:15:04 -------- d-----w C:\Program Files\BanglaSoftwareGroup
2007-04-03 13:09:14 -------- d-----w C:\Program Files\Emule Speed Booster
2007-04-03 06:08:54 -------- d-----w C:\Program Files\Webshots
2007-04-03 06:08:54 -------- d-----w C:\DOCUME~1\Laura\APPLIC~1\Webshots
2007-04-03 03:16:52 -------- d-----w C:\DOCUME~1\Laura\APPLIC~1\vlc
2007-04-03 03:09:58 -------- d-----w C:\Program Files\VideoLAN
2007-04-02 19:59:28 -------- d-----w C:\Program Files\TuneUp Utilities 2006
2007-04-02 19:59:28 -------- d-----w C:\DOCUME~1\Laura\APPLIC~1\TuneUp Software
2007-04-02 19:58:30 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-03-30 17:12:46 0 ----a-w C:\CONFIG.SYS
2007-03-30 17:12:46 0 ----a-w C:\AUTOEXEC.BAT
2007-03-29 20:11:04 -------- d-----w C:\Program Files\iMesh
2007-03-29 19:52:54 -------- d-----w C:\Program Files\WinMX Music
2007-03-29 19:30:40 -------- d-----w C:\Program Files\Proxifier
2007-03-29 15:41:22 -------- d-----w C:\Program Files\eMule
2007-03-29 11:12:20 -------- d-----w C:\Program Files\eMule.de
2007-03-29 11:08:44 -------- d-----w C:\DOCUME~1\Laura\APPLIC~1\Google
2007-03-28 14:00:54 -------- d-----w C:\Program Files\WordWeb
2007-03-27 16:48:56 -------- d-----w C:\Program Files\Google
2007-03-27 06:16:52 -------- d-----w C:\Program Files\Alwil Software
2007-03-26 16:28:08 -------- d--h--r C:\DOCUME~1\Laura\APPLIC~1\yahoo!
2007-03-25 20:53:56 -------- d-----w C:\Program Files\Yahoo!
2007-03-25 19:45:04 -------- d-----w C:\Program Files\DAP
2007-03-24 20:46:26 -------- d-----w C:\Program Files\directx
2007-03-24 20:45:22 -------- d-----w C:\Program Files\Multimedia V3.08
2007-03-24 18:43:24 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-03-24 18:43:00 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-03-23 09:34:12 65,536 --sh--w C:\VIDEOROM.BIN
2007-03-23 09:23:46 1,663 --sh--r C:\MSDOS.SYS
2007-03-19 04:20:08 -------- d-----w C:\DOCUME~1\Laura\APPLIC~1\AdobeUM
2007-03-19 04:02:38 -------- d-----w C:\Program Files\Winamp
2007-03-19 04:00:36 -------- d-----w C:\Program Files\Creative
2007-03-19 03:56:58 -------- d-----w C:\Program Files\TC PowerPack
2007-03-18 0520 -------- d-----w C:\Program Files\microsoft frontpage
2007-03-18 05:03:10 -------- d--h--w C:\Program Files\WindowsUpdate
2007-03-18 05:01:54 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-03-18 05:01:40 -------- d-----w C:\Program Files\Movie Maker
2007-03-18 04:59:46 -------- d-----w C:\Program Files\Online Services
2007-03-18 04:59:34 -------- d-----w C:\Program Files\Messenger
2007-03-18 04:59:30 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-03-18 04:58:42 -------- d-----w C:\Program Files\Windows NT
2007-03-18 04:49:16 -------- d-----w C:\Program Files\Common Files\ODBC
2007-03-18 04:49:12 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-03-06 08:50:54 1,101,824 ----a-w C:\WINDOWS\system32\NMSDVDXU.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{0096CC0A-623C-4829-AD9C-19AF0DC9D8FE}"="C:\Program Files\DAP\DAPIEBar.dll"
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"="C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll"
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SiS Tray"="C:\\WINDOWS\\system32\\sistray.exe"
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"
"D066UUtility"="C:\\WINDOWS\\TWAIN_32\\D66U\\D066UUTY.EXE"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Regrun2"="C:\\PROGRA~1\\Greatis\\REGRUN~1\\WatchDog.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL"


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

SafeBoot registry key needs to be repaired. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64dc6280-d544-11db-975b-806d6172696f}]
Shell\AutoRun\command RavMon.exe
Shell\explore\Command RavMon.exe -e
Shell\open\Command RavMon.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64dc6282-d544-11db-975b-806d6172696f}]
Shell\AutoRun\command RavMon.exe
Shell\explore\Command RavMon.exe -e
Shell\open\Command RavMon.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64dc6283-d544-11db-975b-806d6172696f}]
Shell\AutoRun\command RavMon.exe
Shell\explore\Command RavMon.exe -e
Shell\open\Command RavMon.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-13 01:26:10
Windows 5.1.2600 Service Pack 2 FAT

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-13 1:26:26
C:\ComboFix2.txt ... 2007-05-09 20:58
C:\ComboFix-quarantined-files.txt ... 2007-05-13 01:26
j1477 is offline