combofix log part 2
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19
202240]
"Eraser"="c:\program files\Eraser\Eraser.exe" [2007-12-22 916240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
[2009-10-13 2000112]
"UnHackMe Monitor"="c:\program files\UnHackMe\hackmon.exe" [2008-12-22 231648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19
1008184]
"Google Desktop Search"="c:\program files\Google\Google Desktop
Search\GoogleDesktop.exe" [2009-11-05 30192]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-10
-03 221184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-
Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-07
149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-17 4907008]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE
[1999-2-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explore
r]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer
]
"NoStartMenuMyGames"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"RestrictWelcomeCenter"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellEx
ecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program
files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program
files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefen
d]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start
Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):b2,a7,f0,4b,14,52,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-
2887468060-1512202398-357854717-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [11/5/2009 14:41
28552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys
[10/12/2009 21:24 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS
[10/12/2009 21:24 74480]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe
[12/5/2007 06:17 77824]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program
files\Avira\AntiVir Desktop\sched.exe [11/5/2009 14:51 108289]
R3 Partizan;Partizan;c:\windows\System32\drivers\Partizan.sys [11/7/2009 01:50
34760]
S2 gupdate1c9b66b2b5dc010;Google Update Service
(gupdate1c9b66b2b5dc010);c:\program files\Google\Update\GoogleUpdate.exe
[4/5/2009 22:52 133104]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager
5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[2/21/2008 18:43 30192]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009
21:24 7408]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder
2009-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-06 03:52]
2009-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-06 03:52]
2009-11-05 c:\windows\Tasks\Wise Registry Cleaner 4.job
- c:\program files\Wise Registry Cleaner\WiseRegistryCleaner.exe [2009-08-14
21:45]
.
.
------- Supplementary Scan -------
.
TCP: {7245DEAA-8917-4D48-8AD1-71CE34C402B5} = 208.67.222.222,208.67.222.220
FF - ProfilePath -
c:\users\ERIC\AppData\Roaming\Mozilla\Firefox\Profiles\kbtwiwys.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.kitco.com/
FF - component: c:\program files\Mozilla
Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed
-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows
Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref
("security.ssl3.rsa_seed_sha", true);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-11-07 01:13
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-
BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-11-07 1:15
ComboFix-quarantined-files.txt 2009-11-07 06:15
ComboFix2.txt 2009-11-07 14:57
Pre-Run: 229,217,439,744 bytes free
Post-Run: 229,180,481,536 bytes free
- - End Of File - - 0A9DCB4C66A42925CBC86B5A2631F3D3