i ran combo fix, and near the end of it's run a window popped up saying this:
Windows - No Disk
Exception Processing Message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c
it gave me the option to cancel, try again, or continue, so i hit continue, and combofix finshed up and gave me a log. should i be worried about this error window?
anyway, here's the log:
ComboFix 09-03-13.02 - Owner 2009-03-15 1:03:24.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.216 [GMT -4:00]
Running from: c:\documents and settings\Owner.STEVE\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
Manual Fix is required for restoring CommonStartup.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\drivers\fad.sys
.
((((((((((((((((((((((((( Files Created from 2009-02-15 to 2009-03-15 )))))))))))))))))))))))))))))))
.
2009-03-14 22:19 . 2009-03-14 22:17 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-14 21:28 . 2009-03-14 21:28 <DIR> d-------- c:\documents and settings\Owner.STEVE\Application Data\Malwarebytes
2009-03-14 21:27 . 2009-03-14 21:28 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-14 21:27 . 2009-03-14 21:27 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-03-14 21:27 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-14 21:27 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-14 18:21 . 2009-03-14 18:21 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-14 18:21 . 2009-03-14 18:21 <DIR> d-------- c:\documents and settings\Owner.STEVE\Application Data\SUPERAntiSpyware.com
2009-03-14 18:21 . 2009-03-14 18:21 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-03-14 18:10 . 2009-03-14 18:10 <DIR> d-------- c:\program files\CCleaner
2009-03-14 09:10 . 2009-03-14 10:04 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-13 15:27 . 2009-03-13 15:27 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-13 15:27 . 2009-03-13 15:27 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-13 15:26 . 2009-03-14 08:42 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-13 15:26 . 2009-03-13 15:26 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-13 15:25 . 2009-03-13 15:25 <DIR> d-------- c:\program files\AVG
2009-03-13 15:25 . 2009-03-13 15:25 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-02-18 18:42 . 2009-02-18 23:51 74 --a------ c:\windows\ViewNX.INI
2009-02-18 17:43 . 2009-02-18 17:57 <DIR> d-------- c:\documents and settings\Owner.STEVE\Application Data\Nikon
2009-02-18 17:39 . 2009-02-18 21:53 20 ---h----- c:\documents and settings\All Users.WINDOWS\Application Data\PKP_DLdw.DAT
2009-02-18 17:37 . 2009-02-18 17:40 <DIR> d-------- c:\program files\Nikon
2009-02-18 17:37 . 2009-02-18 17:42 <DIR> d-------- c:\program files\Common Files\Nikon
2009-02-18 17:37 . 2009-02-18 17:37 <DIR> d-------- c:\program files\Common Files\muvee Technologies
2009-02-18 17:37 . 2009-02-18 17:37 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Nikon
2009-02-18 17:36 . 2009-02-18 17:39 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Ultima_T15
2009-02-18 17:36 . 2009-02-18 17:39 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\EnterNHelp
2009-02-18 17:36 . 2009-02-18 17:46 20 ---h----- c:\documents and settings\All Users.WINDOWS\Application Data\PKP_DLdu.DAT
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 03:36 --------- d-----w c:\documents and settings\Owner.STEVE\Application Data\LimeWire
2009-03-15 02:22 --------- d-----w c:\program files\Java
2009-03-14 22:19 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-11 21:02 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-02-18 21:36 106,496 ----a-w c:\windows\system32\ATL71.DLL
2009-02-18 21:35 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2009-02-10 16:18 --------- d-----w c:\documents and settings\Owner.STEVE\Application Data\U3
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 03:00 --------- d-----w c:\documents and settings\Owner.STEVE\Application Data\Move Networks
2009-02-03 06:20 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\WinZip
2009-02-02 05:03 --------- d-----w c:\program files\WM Converter
2009-02-02 05:01 --------- d-----w c:\program files\Video Editor
2009-01-28 19:41 --------- d-----w c:\documents and settings\Owner.STEVE\Application Data\Xilisoft Corporation
2009-01-28 19:40 --------- d-----w c:\program files\Xilisoft
2009-01-19 08:57 1,060,864 ----a-w c:\windows\system32\MFC71.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="c:\windows\KHALMNPR.EXE" [2008-02-29 76304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-13 1932568]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-14 148888]
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-07-28 805392]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2009-01-07 1261568]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-13 15:27 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\My Games\\Worms 2\\frontend.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-08-09 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-13 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-13 107912]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-13 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-13 298264]
R2 tcaicchg;tcaicchg;c:\windows\system32\TCAICCHG.SYS [2007-11-06 21233]
R2 TCAITDI;TCAITDI Protocol;c:\windows\system32\drivers\TCAITDI.SYS [2007-11-06 19534]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-01-07 272128]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S4 hpdj00;hpdj00;c:\docume~1\OWNER~1.STE\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=hp psc 1400 series -product=aio --> c:\docume~1\OWNER~1.STE\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=hp psc 1400 series -product=aio [?]
.
Contents of the 'Scheduled Tasks' folder
2009-03-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-03-13 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 16:04]
2009-03-13 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 16:04]
2009-03-13 c:\windows\Tasks\wrSpySweeperFullSweep.job
- A:\ []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner.STEVE\Application Data\Mozilla\Firefox\Profiles\ael2xack.default\
FF - prefs.js: browser.startup.homepage - hotmail.com
FF - plugin: c:\documents and settings\Owner.STEVE\Application Data\Mozilla\Firefox\Profiles\ael2xack.default\extensions\
[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-03-15 01:33:50
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1417001333-2077806209-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:24,42,a6,c6,90,d5,09,83,56,71,4a,c1,6c,ae,ff,cc,d0,e8,76,79,e0,97,50,
11,f7,76,f5,0e,89,30,62,22,66,0e,27,a8,a1,ad,e3,b9,de,0d,62,96,19,aa,6e,2c,\
"??"=hex:bc,dc,a7,72,80,37,df,2e,5f,9f,d9,e9,74,d0,31,5d
[HKEY_USERS\S-1-5-21-1417001333-2077806209-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:c2,3b,12,7b,6f,0f,39,ac,55,21,15,31,76,65,ad,3d,78,6f,0f,0a,4e,
dc,fb,a3,f0,99,8d,f7,55,e7,39,3b,eb,77,e9,05,8e,91,69,50,48,1b,3c,b9,87,25,\
"rkeysecu"=hex:b2,b0,ea,ca,ed,ef,98,ba,72,a6,e3,d0,8b,87,ff,80
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(608)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(2908)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-03-15 8:15:21
ComboFix-quarantined-files.txt 2009-03-15 12:14:54
Pre-Run: 33,799,467,008 bytes free
Post-Run: 33,787,035,648 bytes free
176 --- E O F --- 2009-03-13 21:02:11