Can anyone tell me if the following log has any form of virus/trojan/malware in my system please? Aslong as i know wether or not i have any on my system.
ComboFix 10-02-22.01 - Administrator 02/27/2010 17:02.1.2 - NTFSx86
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFscript.txt
AV: avast! antivirus 4.8.1351 [VPS 090928-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
FILE ::
"c:\documents and settings\Administrator\Local Settings\temp\~1E.tmp"
"c:\documents and settings\Administrator\Local Settings\temp\~9.tmp"
"c:\documents and settings\Administrator\Start Menu\Programs\Startup\XSD3XX.exe"
"c:\windows\System32\Drivers\azparsbm.SYS"
"c:\windows\system32\Msdirectx.exe"
"c:\windows\system32\WinUpdateMan.exe"
"c:\windows\TEMP\pn266.tmp"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Local Settings\temp\~1E.tmp
c:\documents and settings\Administrator\Local Settings\temp\~9.tmp
c:\documents and settings\Administrator\Local Settings\temp\Rar$EX00.656
c:\documents and settings\Administrator\Local Settings\temp\Rar$EX00.656\RootRepeal.exe
c:\documents and settings\Administrator\Local Settings\temp\Rar$EX00.656\settings.dat
c:\windows\system32\Msdirectx.exe
c:\windows\system32\wlsrvc.dll
c:\windows\system32\WinUpdateMan.exe
.
((((((((((((((((((((((((( Files Created from 2009-01-28 to 2010-02-27 )))))))))))))))))))))))))))))))
.
2009-09-23 01:48 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-23 01:48 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-23 01:48 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-23 01:48 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-23 01:48 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-23 01:48 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-23 01:48 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-23 01:48 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-23 01:48 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-23 01:48 . 2009-09-23 01:48 -------- d-----w- c:\program files\Alwil Software
2009-09-23 01:08 . 2009-09-29 01:52 -------- d-----w- C:\MGtools
2009-09-23 01:08 . 2009-09-23 01:08 127470 ----a-w- C:\MGlogs.zip
2009-09-22 12:33 . 2009-09-22 12:33 -------- d-----w- c:\windows\ServicePackFiles
2009-09-22 12:31 . 2009-09-22 12:31 -------- d-----w- C:\c70c4c3dfda9e5d0dc4db1f4e9b64c96
2009-09-22 12:31 . 2009-09-23 00:47 -------- d-----w- c:\windows\SxsCaPendDel
2009-09-22 11:30 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-22 11:30 . 2009-09-22 11:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-22 11:30 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-22 02:44 . 2009-09-22 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-22 02:44 . 2009-09-22 02:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-22 02:44 . 2009-09-22 02:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-09-22 02:43 . 2009-09-22 02:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-22 01:20 . 2009-09-22 01:20 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-09-16 11:47 . 2009-09-16 11:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-16 11:47 . 2009-09-16 11:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-16 04:05 . 2009-09-16 04:05 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2009-09-13 00:42 . 2009-09-15 22:17 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-13 00:42 . 2009-09-16 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-09-13 00:42 . 2009-09-13 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-31 04:17 . 2009-08-31 04:17 -------- d-----w- c:\windows\Sun
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-23 00:48 . 2007-12-10 20:34 191600 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-22 01:42 . 2009-07-20 09:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-16 10:55 . 2008-08-26 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-16 04:09 . 2008-08-26 17:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2009-09-16 01:58 . 2007-12-12 02:53 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-16 01:57 . 2007-12-12 02:53 -------- d-----w- c:\program files\Symantec
2009-09-16 01:57 . 2007-12-12 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-16 01:57 . 2007-12-12 02:53 -------- d-----w- c:\program files\Symantec AntiVirus
2009-09-15 22:15 . 2008-08-26 17:18 -------- d-----w- c:\program files\Google
2009-09-11 01:28 . 2008-01-01 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-09-08 12:27 . 2009-05-15 15:22 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-03 23:11 . 2007-12-16 03:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\NewsBin
2009-09-02 23:42 . 2008-02-01 15:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Canon
2009-08-11 21:50 . 2007-12-16 03:16 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-08-05 09:11 . 2007-12-10 21:17 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2007-12-10 21:17 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:53 . 2007-12-10 21:17 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 18:55 . 2007-12-10 21:16 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2007-12-10 21:18 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-12-18 868352]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2009-03-01 153136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-29 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-10-29 81920]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2009-01-11 623992]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2009-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2009-02-07 54832]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2009-11-04 866584]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2009-10-04 163840]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2009-03-21 69632]
"SSP Notifier"="c:\program files\Fisher-Price\FP3 Player\sspnotifier.exe" [2009-07-12 20480]
"iPodVideoConverter_upgrade"="c:\program files\E-Zsoft\iPodVideoConverter\iPodVideoConverter.exe" [2009-11-03 495616]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2009-05-01 131072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-04-09 648504]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-22 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-10-29 1626112]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
[email protected] - c:\program files\Apple Computer\DVD@ccess\DVDAccess.exe [2010-2-27 888832]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2010-02-27 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-02-27 17:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroad
cast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\ASUS\\ASUSUpdate\\Update.exe"=
"c:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"67:UDP"= 67:UDP:DHCP Discovery Service
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-04-18 204800]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2010-02-27 13592]
S1 aswSP;avast! Self Protection;
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-27 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-02-27 74480]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2010-02-27 20560]
S2 DVDAccss;DVDAccss;c:\windows\system32\drivers\DVDAccss.sys [2010-02-27 29156]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-27 7408]
.
Contents of the 'Scheduled Tasks' folder
2010-02-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-09-28 22:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1801674531-879983540-839522115-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f4,d1,4d,3e,f6,60,18,4a,70,1a,e1,cf,84,02,56,c1,e9,ae,e6,a7,ca,f3,94,
fb,af,73,6b,53,cb,93,a8,cf,c5,5b,d2,5d,d9,06,ad,02,ea,d9,e0,43,cd,c9,d9,38,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(600)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(2272)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-09-29 22:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-29 02:13
ComboFix2.txt 2009-09-22 11:45
ComboFix3.txt 2009-09-16 12:09
ComboFix4.txt 2009-09-16 03:34
Pre-Run: 322,625,392,640 bytes free
Post-Run: 322,665,660,416 bytes free
228 --- E O F --- 2009-09-22 12:34
