okay, I made the text file as instructed and dropped it into the ComboFix but then I noticed that after it finished running the scan (and after it re-booted my computer) that the text file I'd made and dropped into ComboFix had disappeared. Was it supposed to do that?
Here is the scan log it produced:
ComboFix 10-08-21.06 - Mike 08/22/2010 12:08:34.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.318 [GMT -4:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mike\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
FILE ::
"c:\windows\system32\REN73.tmp"
"c:\windows\system32\REN74.tmp"
"c:\windows\system32\REN75.tmp"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Mike\Favorites\Callaway Golf - A better game by design..url
c:\documents and settings\Mike\Favorites\eBay Forums PLEASE HELP I think I have a virus ....url
c:\documents and settings\Mike\Favorites\HubbleSite -- Out of the ordinary...out of this world..url
c:\documents and settings\Mike\Favorites\Online Application Form - Arctic Express, Inc..url
.
((((((((((((((((((((((((( Files Created from 2010-07-22 to 2010-08-22 )))))))))))))))))))))))))))))))
.
2010-08-18 01:10 . 2010-08-18 01:10 0 ----a-w- C:\settings.dat
2010-08-18 01:09 . 2009-08-13 15:14 472064 ----a-w- C:\RootRepeal.exe
2010-08-09 21:32 . 2010-08-09 21:31 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-08 05:45 . 2010-08-09 21:40 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\mgurgilcv
2010-08-06 03:38 . 2010-08-06 03:38 -------- d-----w- c:\documents and settings\Mike\Application Data\SanDisk
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-21 05:06 . 2006-05-09 13:24 -------- d-----w- c:\program files\Common Files\LightScribe
2010-08-21 05:01 . 2009-02-09 08:02 -------- d-----w- c:\program files\InterActual
2010-08-19 23:59 . 2006-05-09 13:03 -------- d-----w- c:\program files\WildTangent
2010-08-19 23:47 . 2009-12-17 17:22 -------- d-----w- c:\program files\PopCap Games
2010-08-09 21:32 . 2006-05-09 10:35 -------- d-----w- c:\program files\Common Files\Java
2010-08-09 21:29 . 2009-06-17 23:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-08 06:37 . 2008-03-16 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-11 00:45 . 2009-12-06 08:46 -------- d-----w- c:\documents and settings\Mike\Application Data\OnlineArmor
2010-07-10 12:37 . 2010-07-10 12:37 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-14 14:30 . 2004-08-04 21:00 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-01 17:37 . 2009-12-06 08:23 221568 ------w- c:\windows\system32\MpSigStub.exe
2009-03-11 19:36 . 2008-03-29 05:23 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-03-11 19:36 . 2008-03-29 05:23 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-03-11 19:36 . 2008-03-29 05:23 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-03-11 19:36 . 2008-03-29 05:23 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-03-11 19:36 . 2008-03-29 05:23 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="c:\documents and settings\Mike\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-08-06 79872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-11-26 6621384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-16 180269]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-11-26 923336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Reminder"=c:\windows\CREATOR\Remind_XP.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [12/6/2009 4:46 AM 221264]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [12/6/2009 4:46 AM 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [12/6/2009 4:46 AM 29776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
.
Contents of the 'Scheduled Tasks' folder
2010-08-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.verizon.net/central/appmanager/portal/vzcentral#Scene_1
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=presario&pf=laptop
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\ob5qjy7g.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.perezhilton.com.
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-08-22 12:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?
??
@?
??@? ???HZ?
??(?@?
@
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\Mike\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?d?i?v?>? ? ?<?/?b?o?d?y?>? ? ?<?/?h?t?m?l?>???G???]?N?D?H?d?x???T?>?<?/?T?A?G?_?E?N?D?_
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(492)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(2176)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\windows\system32\shdoclc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Tall Emu\Online Armor\OAcat.exe
c:\program files\Tall Emu\Online Armor\oasrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\fxssvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wscntfy.exe
c:\program files\Tall Emu\Online Armor\OAhlp.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
.
**************************************************************************
.
Completion time: 2010-08-22 12:37:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-22 16:37
ComboFix2.txt 2010-08-18 00:56
ComboFix3.txt 2010-08-17 00:04
Pre-Run: 954,286,080 bytes free
Post-Run: 1,040,084,992 bytes free
- - End Of File - - 3FBB34D420279F3E65C67872B6F12F63