Downloaded ComboFix on my laptop and emailed it to myself. I was able to get it to run; however, I still believe I have a problem. I still can't download ComboFix on the infected computer. Included is the output from my combofix run.
ComboFix 09-12-27.02 - Owner 12/28/2009 12:58:35.6.2 - x86
Running from: c:\documents and settings\Owner.VICTOR\Desktop\ComboFix.exe
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-28 )))))))))))))))))))))))))))))))
.
2009-12-28 08:29 . 2009-12-28 08:29 -------- d-----w- c:\program files\CCleaner
2009-12-28 08:04 . 2009-12-28 08:04 52224 ----a-w- c:\documents and settings\Owner.VICTOR\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-28 08:04 . 2009-12-28 08:04 117760 ----a-w- c:\documents and settings\Owner.VICTOR\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-28 08:04 . 2009-12-28 08:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-28 08:04 . 2009-12-28 08:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-28 08:04 . 2009-12-28 08:04 -------- d-----w- c:\documents and settings\Owner.VICTOR\Application Data\SUPERAntiSpyware.com
2009-12-28 08:03 . 2009-12-28 08:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-28 07:57 . 2009-12-28 08:02 152576 ----a-w- c:\documents and settings\Owner.VICTOR\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-28 07:35 . 2009-12-28 07:35 -------- d-----w- c:\documents and settings\Owner.VICTOR\Application Data\Malwarebytes
2009-12-28 07:35 . 2009-12-03 21:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-28 07:35 . 2009-12-28 07:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-28 07:35 . 2009-12-28 07:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-28 07:35 . 2009-12-03 21:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-28 06:42 . 2009-12-28 06:42 -------- d--h--w- c:\windows\PIF
2009-12-28 03:31 . 2009-12-28 08:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-28 03:31 . 2009-12-28 03:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-16 04:09 . 2009-12-16 04:09 4096 ----a-w- c:\windows\d3dx.dat
2009-12-16 04:09 . 2009-12-16 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Digital Praise
2009-12-16 04:03 . 2009-12-16 04:03 -------- d-----w- c:\program files\Digital Praise
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-28 08:03 . 2009-05-04 00:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-28 08:02 . 2009-11-28 00:01 79488 ----a-w- c:\documents and settings\Owner.VICTOR\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-28 07:58 . 2009-05-04 00:34 -------- d-----w- c:\program files\Java
2009-12-28 06:03 . 2008-12-26 22:59 -------- d-----w- c:\documents and settings\Owner.VICTOR\Application Data\uTorrent
2009-12-23 22:17 . 2008-12-08 04:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-28 00:01 . 2009-03-04 03:08 111856 ----a-w- c:\windows\system32\isafprod.dll
2009-11-25 03:53 . 2009-11-25 03:50 -------- d-----w- c:\program files\Wings Over Europe
2009-11-23 00:09 . 2008-12-09 03:26 -------- d-----w- c:\program files\Sierra
2009-11-22 23:49 . 2009-11-22 23:49 -------- d-----w- c:\documents and settings\Owner.VICTOR\Application Data\Command & Conquer 3 Tiberium Wars
2009-11-13 02:36 . 2009-11-13 02:25 -------- d-----w- c:\documents and settings\Owner.VICTOR\Application Data\Juniper Networks
2009-11-13 02:25 . 2009-11-13 02:25 37021 ----a-w- c:\documents and settings\Owner.VICTOR\Application Data\Juniper Networks\setup\uninstall.exe
2009-11-13 02:25 . 2009-11-13 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks
2009-11-08 03:56 . 2009-11-08 03:56 -------- d-----w- c:\program files\Hasbro Interactive
2009-10-29 17:09 . 2009-03-04 03:08 739696 ----a-w- c:\windows\system32\drivers\vetefile.sys
2009-10-29 17:09 . 2009-03-04 03:08 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys
2009-10-29 17:09 . 2009-03-04 03:08 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys
2009-10-29 17:09 . 2009-03-04 03:08 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys
2009-10-29 17:09 . 2009-03-04 03:08 161008 ----a-w- c:\windows\system32\drivers\vetmonnt.sys
2009-10-29 17:09 . 2009-03-04 03:08 133520 ----a-w- c:\windows\system32\drivers\veteboot.sys
2009-10-29 07:45 . 2006-02-28 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2006-02-28 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-02-28 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 21:49 . 2009-03-24 02:26 68648 ----a-w- c:\documents and settings\Owner.VICTOR\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-20 16:20 . 2006-02-28 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 12:45 . 2009-03-31 23:02 1541416 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\vete_tmp.dll
2009-10-13 10:30 . 2006-02-28 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2006-02-28 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2006-02-28 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2009-11-11 374000]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-11-28 271600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"CAPPActiveProtection"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe" [2009-02-15 324848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-28 149280]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-06-06 20:46 79368 ----a-w- c:\windows\system32\UmxWNP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
S0 KmxStart;KmxStart;c:\windows\System32\DRIVERS\kmxstart.sys [2009-01-05 107512]
S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2008-11-18 72696]
S2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [2009-11-11 128240]
S3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2008-12-12 205304]
S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2009-02-15 222448]
.
------- Supplementary Scan -------
.
uStart Page =
www.yahoo.com/LSP: c:\windows\system32\VetRedir.dll
FF - ProfilePath - c:\documents and settings\Owner.VICTOR\Application Data\Mozilla\Firefox\Profiles\3fwv3dha.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-12-28 13:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1645522239-73586283-725345543-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:85,f6,c4,aa,69,14,e7,25,b1,86,3b,13,3e,ee,37,b0,03,da,26,24,67,6e,62,
7f,7a,e2,e1,fa,86,e8,9e,d7,43,b6,24,de,1d,78,ec,e7,da,21,5e,cb,be,58,45,8a,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
[HKEY_USERS\S-1-5-21-1645522239-73586283-725345543-1006\Software\SecuROM\License information*]
"datasecu"=hex:cf,87,57,42,04,39,5c,cb,64,97,27,d9,b7,9e,e3,28,ec,cf,09,18,cb,
f3,45,62,90,ed,01,17,38,61,26,88,12,ed,b1,b4,29,b2,1b,4e,93,6b,85,8f,85,97,\
"rkeysecu"=hex:14,53,cf,21,8e,0b,7b,e8,17,15,a9,b0,01,ce,5b,49
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1404)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
- - - - - - - > 'lsass.exe'(1724)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
- - - - - - - > 'explorer.exe'(2848)
c:\windows\system32\WININET.dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-12-28 13:01:41
ComboFix-quarantined-files.txt 2009-12-28 18:01
ComboFix2.txt 2009-12-28 17:52
ComboFix3.txt 2009-07-09 02:53
Pre-Run: 243,469,676,544 bytes free
Post-Run: 243,459,395,584 bytes free
- - End Of File - - FD521EC8A7D771D97A384333ED61C98F