Please check htj log and others details

[jezlove]

ComboFix 10-04-12.01 - Jezzay 04/18/2010 15:33:50.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.295 [GMT -5:00]
Running from: c:\documents and settings\Jezzay\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Guest\Application Data\twex.exe
c:\documents and settings\Guest\Desktop\Security Tool.lnk
c:\documents and settings\Guest\Start Menu\Programs\Security Tool.lnk
c:\windows\34rdft.bat
c:\windows\Downloaded Program Files\Install.inf
c:\windows\ld12.exe
c:\windows\system32\drivers\svchost.exe
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcevpphqxwromrqrimiqakdmijfumesrbw.dll
c:\windows\system32\twain32
c:\windows\system32\twain32\local.ds
c:\windows\system32\twain32\user.ds
c:\windows\system32\twain32\user.ds.cla
c:\windows\system32\twex.exe

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\i386\proquota.exe

.
((((((((((((((((((((((((( Files Created from 2010-03-18 to 2010-04-18 )))))))))))))))))))))))))))))))
.

2010-04-18 20:40 . 2004-08-04 11:00 50176 ----a-w- c:\windows\system32\proquota.exe
2010-04-18 20:40 . 2004-08-04 11:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2010-04-15 22:06 . 2010-04-15 22:06 -------- d-----w- c:\windows\system32\MpEngineStore
2010-04-12 20:13 . 2010-04-12 20:14 -------- d-----w- C:\32788R22FWJFW.3.tmp
2010-04-12 20:10 . 2010-04-12 20:13 -------- d-----w- C:\32788R22FWJFW.2.tmp
2010-04-12 20:10 . 2010-04-12 20:10 -------- d-----w- C:\32788R22FWJFW.1.tmp
2010-04-12 16:46 . 2010-04-12 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-12 16:46 . 2010-03-30 05:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-12 16:00 . 2010-04-12 17:22 -------- d-----w- c:\program files\Defraggler
2010-04-08 13:48 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-07 14:55 . 2010-04-07 14:55 -------- d-----w- C:\4793981c73d53fa4c052fd3637449031
2010-03-29 17:42 . 2010-03-29 17:42 -------- d-----w- c:\program files\Common Files\Skype
2010-03-29 17:16 . 2010-04-11 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-03-29 15:51 . 2010-03-29 17:37 -------- d-----w- C:\5bac5cda9a43bf9f60afc95f
2010-03-29 15:45 . 2010-03-29 17:37 -------- d-----w- C:\2a64815fabe14f7ddcf85c
2010-03-29 15:42 . 2010-03-29 15:43 52770576 ----a-w- c:\documents and settings\Jezzay\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe
2010-03-26 15:40 . 2010-03-26 15:40 -------- d-----w- C:\5b8a945586a260caa1364d02
2010-03-25 21:29 . 2010-03-25 21:29 -------- d-----w- C:\7b891cc88d58d0c96a9741ee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-18 20:13 . 2009-12-25 20:12 -------- d-----w- c:\documents and settings\Jezzay\Application Data\Skype
2010-04-18 19:41 . 2009-12-25 20:15 -------- d-----w- c:\documents and settings\Jezzay\Application Data\skypePM
2010-04-18 19:40 . 2010-03-13 06:44 117760 ----a-w- c:\documents and settings\Jezzay\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-15 22:06 . 2009-12-12 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\27519933
2010-04-12 16:54 . 2009-07-22 15:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-12 16:49 . 2007-09-01 16:58 -------- d-----w- c:\program files\Norton Security Scan
2010-04-12 15:59 . 2005-12-12 16:48 -------- d-----w- c:\program files\WordPerfect Office 12
2010-04-12 15:58 . 2008-09-12 19:17 -------- d-----w- c:\program files\support.com
2010-04-12 15:58 . 2008-03-21 23:39 -------- d-----w- c:\program files\Serif
2010-04-12 15:58 . 2010-02-02 16:26 -------- d-----w- c:\program files\Oberon Media
2010-04-12 15:58 . 2005-12-12 16:41 -------- d-----w- c:\program files\Modem Helper
2010-04-12 15:58 . 2005-12-12 16:41 -------- d-----w- c:\program files\InstallShield Installation Information
2010-04-12 15:58 . 2005-12-12 16:41 -------- d-----w- c:\program files\Intel
2010-04-12 15:58 . 2007-12-26 17:21 -------- d-----w- c:\program files\DV TS
2010-04-12 15:58 . 2005-12-12 16:24 -------- d-----w- c:\program files\Dell
2010-04-12 15:58 . 2005-12-12 16:44 -------- d-----w- c:\program files\Common Files\aolshare
2010-04-12 15:58 . 2005-12-31 01:07 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-12 15:58 . 2005-12-12 16:44 -------- d-----w- c:\program files\America Online 9.0
2010-04-12 15:58 . 2006-04-11 02:32 -------- d-----w- c:\program files\Acoustica Shared Effects
2010-04-12 15:57 . 2009-05-14 01:54 -------- d-----w- c:\program files\u-he
2010-03-28 21:55 . 2009-06-10 10:55 304160 ----a-w- C:\PA207.DAT
2010-03-17 17:49 . 2010-03-11 18:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-17 17:30 . 2010-03-11 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-17 17:12 . 2010-03-13 06:46 52224 ----a-w- c:\documents and settings\Jezzay\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-12 22:42 . 2010-03-12 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-03-12 22:42 . 2010-03-12 22:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-12 22:41 . 2010-03-12 22:41 -------- d-----w- c:\documents and settings\Jezzay\Application Data\SUPERAntiSpyware.com
2010-03-12 22:40 . 2010-03-12 22:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-10 08:02 . 2004-08-10 18:51 417792 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 12:58 . 2010-03-08 12:58 137216 ----a-w- c:\documents and settings\All Users\Application Data\WorldWinner\shared\fmod.dll
2010-03-08 12:58 . 2010-03-08 12:58 339968 ----a-w- c:\documents and settings\All Users\Application Data\WorldWinner\dealornodeal\dealornodeal.dll
2010-03-08 12:58 . 2010-03-08 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\WorldWinner
2010-02-26 06:12 . 2004-08-10 18:51 662016 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 06:12 . 2004-08-10 18:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 12:31 . 2005-12-12 16:22 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 13:19 . 2004-08-10 18:51 2181376 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2004-08-04 04:59 2058368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2004-08-10 18:50 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2004-08-10 18:51 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2009-12-07 11:42 . 2009-12-07 11:42 426560 ----a-w- c:\program files\Mc
2008-04-03 23:20 . 2008-04-03 23:20 979 -c--a-w- c:\program files\CProgram FilesMovie MakerSharedAddOnTFX.xml
2009-12-12 19:06 . 2005-12-31 01:24 104 -csh--r- c:\windows\system32\A8AA93C315.sys
2009-12-12 19:06 . 2005-12-31 01:24 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\7f2c5805-b100-45b4-87f3-59153ce6c0ad.exe" [2009-01-15 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-12-12 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-12 98304]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-09 110592]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-09 151552]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-07-13 1117184]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-07-13 110592]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 163840]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-08-18 999424]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"HostManager"="c:\program files\Common Files\AOL\1170963268\ee\AOLSoftware.exe" [2006-09-26 50736]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"MRT"="c:\windows\system32\MRT.exe" [2010-04-06 31971272]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-12-12 156784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-12-12 24576]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-4 176128]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
Monitor.lnk - c:\program files\ArcSoft\Media Card Companion\MCC Monitor.exe [2007-12-26 110592]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\AOL\\1170963268\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/15/2009 5:17 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 5:17 PM 55024]
R3 PAC207;Webcam 1200;c:\windows\system32\drivers\PFC027.SYS [6/10/2009 5:46 AM 611584]
S1 pvpdnsqn;pvpdnsqn;\??\c:\windows\system32\drivers\pvpdnsqn.sys --> c:\windows\system32\drivers\pvpdnsqn.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 5:17 PM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-04-18 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (JESSI-Jezzay).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2005-12-12 00:18]

2010-04-09 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-04-20 21:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*Yahoo!
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: musicmatch.com\online
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-04-18 15:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-04-18 15:45:58
ComboFix-quarantined-files.txt 2010-04-18 20:45

Pre-Run: 22,376,325,120 bytes free
Post-Run: 22,921,023,488 bytes free

- - End Of File - - DC7084AB4F25D95F8B9D6AA0A585285E

 

[Osiris]

Looks good so far. Now disable system restore, reboot, then run combofix again, post its log, then malwarebytes and post its log and then a new hijackthis log.