I was unable to load the script via dragging and dropping because of the same error. I manually rebooted to see if that would fix the problem. (My computer was set using msconfig to always boot in Minimal Safemode. From now on I will run all programs from the desktop, not the flash drive.) After rebooting, dragging and dropping the script worked and combo-fix ran. Combo-fix has requested that I connect to the internet before pressing OK. I cannot connect to the internet in safemode because the network drivers appear to be disabled. I left this dialogue open.
ComboFix 09-09-14.02 - Admin 09/16/2009 14:29.2.2 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3582.3112 [GMT -7:00]
Running from: c:\users\Admin\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Admin\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
FILE ::
"c:\windows\System32\dasakebe.exe"
"c:\windows\System32\lutokujo.dll"
"c:\windows\System32\wukahuro.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\System32\dasakebe.exe
c:\windows\System32\lutokujo.dll
c:\windows\System32\wukahuro.dll
.
((((((((((((((((((((((((( Files Created from 2009-08-16 to 2009-09-16 )))))))))))))))))))))))))))))))
.
2009-09-16 21:36 . 2009-09-16 21:36 -------- d-----w- c:\users\Admin\AppData\Local\temp
2009-09-16 21:36 . 2009-09-16 21:36 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-16 21:36 . 2009-09-16 21:36 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-09-16 21:36 . 2009-09-16 21:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-16 20:46 . 2009-09-16 20:46 574 ----a-w- C:\cleanup.bat
2009-09-16 20:46 . 2009-09-16 20:46 135168 ----a-w- C:\zip.exe
2009-09-16 19:37 . 2009-09-16 19:37 -------- d-----w- c:\program files\ERUNT
2009-09-16 18:56 . 2009-09-16 19:00 -------- d-----w- c:\program files\Spybot2
2009-09-16 18:31 . 2009-09-16 19:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-16 18:31 . 2009-09-16 18:38 -------- d-----w- c:\program files\Spybot
2009-09-16 18:30 . 2009-09-16 18:30 -------- d-----w- c:\program files\Includes
2009-09-16 08:59 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-16 08:59 . 2009-09-16 18:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-16 08:59 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-30 03:52 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-25 02:46 . 2009-09-12 07:07 -------- d-----w- c:\program files\Heroes of Newerth
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-16 11:46 . 2009-07-29 07:07 -------- d-----w- c:\users\Admin\AppData\Roaming\vlc
2009-09-16 11:38 . 2007-09-20 05:36 1356 ----a-w- c:\users\Admin\AppData\Local\d3d9caps.dat
2009-09-16 09:31 . 2009-07-28 09:01 -------- d-----w- c:\program files\Microsoft Windows Feedback Panel
2009-09-16 09:31 . 2008-06-26 02:14 -------- d-----w- c:\programdata\WFP
2009-09-16 09:31 . 2007-09-11 19:18 -------- d-----w- c:\programdata\NVIDIA
2009-09-15 18:46 . 2007-09-11 18:59 94936 ----a-w- c:\users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-15 08:13 . 2008-07-10 00:33 -------- d-----w- c:\program files\SolidWorks
2009-09-14 15:55 . 2009-07-03 07:22 -------- d-----w- c:\users\Guest\AppData\Roaming\vlc
2009-09-12 20:45 . 2008-01-06 05:47 -------- d-----w- c:\program files\Common Files\Logishrd
2009-09-08 20:39 . 2008-01-06 05:32 -------- d-----w- c:\users\Admin\AppData\Roaming\Nero
2009-09-08 20:30 . 2008-01-06 05:30 -------- d-----w- c:\program files\Common Files\Nero
2009-09-08 20:29 . 2008-01-06 05:30 -------- d-----w- c:\program files\Nero
2009-09-08 20:28 . 2008-01-06 05:30 -------- d-----w- c:\programdata\Nero
2009-08-09 08:06 . 2007-12-21 08:25 -------- d-----w- c:\users\Admin\AppData\Roaming\U3
2009-08-06 18:08 . 2009-08-06 18:08 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2009-08-06 18:08 . 2009-08-06 18:08 -------- d-----w- c:\programdata\Malwarebytes
2009-08-06 15:47 . 2008-06-17 22:17 107016 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-04 08:47 . 2009-08-04 08:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-04 08:37 . 2007-10-25 08:21 -------- d-----w- c:\program files\WC3Banlist
2009-08-04 08:36 . 2007-06-08 15:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-03 02:32 . 2007-09-20 06:02 -------- d-----w- c:\program files\Warcraft III
2009-07-31 01:42 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-31 01:42 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-31 01:42 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-31 01:42 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-31 01:42 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-31 01:42 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-31 01:42 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-31 01:09 . 2008-08-13 23:51 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-31 01:06 . 2007-09-23 03:52 -------- d-----w- c:\programdata\Microsoft Help
2009-07-31 01:04 . 2007-06-08 15:32 -------- d-----w- c:\program files\Microsoft Works
2009-07-24 03:39 . 2009-07-24 03:39 93 ----a-w- c:\users\Admin\AppData\Local\fusioncache.dat
2009-07-21 21:52 . 2009-07-31 01:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-31 01:00 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-31 01:00 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-31 01:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-19 08:13 . 2009-07-19 08:13 -------- d-----w- c:\users\Admin\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
2009-07-17 13:54 . 2009-08-30 03:50 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-30 03:50 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-30 03:50 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-30 03:50 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-30 03:50 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 21:37 . 2009-08-07 01:36 66056 ----a-w- c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\23ne4ct2.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlus_HelperSvc.exe
2009-07-14 21:37 . 2009-08-07 01:36 32456 ----a-w- c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\23ne4ct2.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-07-14 21:37 . 2009-08-07 01:36 242272 ----a-w- c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\23ne4ct2.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe.exe
2009-07-14 21:37 . 2009-08-07 01:36 22848 ----a-w- c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\23ne4ct2.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-07-14 21:37 . 2009-08-07 01:36 18776 ----a-w- c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\23ne4ct2.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-06-30 21:26 . 2009-06-30 21:22 1915520 ----a-w- c:\users\Guest\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2007-09-11 21:24 . 2007-09-11 21:24 22 --sha-w- c:\windows\SMINST\HPCD.sys
2009-04-14 08:09 . 2009-04-14 08:09 848 --sha-w- c:\windows\System32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-09-16_21.02.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 10:33 . 2009-09-16 21:34 633102 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-09-16 20:57 633102 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-09-16 21:34 116660 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-09-16 20:57 116660 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 92704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-25 4702208]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Mouse and Keyboard Settings.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-23 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\WfpRescover\wfprescover.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WFPUser.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WFPUser.lnk
backup=c:\windows\pss\WFPUser.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"VistaSp2"=hex(b):74,32,b9,f3,80,11,ca,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{54A45CBD-8D84-4EDC-BEC8-62B9E5985BFA}"= c:\program files\HP Connections\6811507\Program\HP Connections:HP Connections
"{0784761A-E1A2-486E-8D9C-B1E863B8A10E}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{A3D7F7AC-36A4-4D45-AFCE-E0177A9BC060}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E93AE87D-76BF-4B3E-8735-3C4566B78EAB}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E236F62F-DD1B-454E-9D3B-BA6F963B15EA}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{88652854-FF22-4D2D-8912-7253A7A33944}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3BE6EBAC-0D80-4DBE-8AA5-2109389A0380}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4B2F6E24-1698-4BB9-BB28-4EF7188052D3}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{5169CE20-2540-4DD1-AF42-374EDF07B588}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{2DF9410E-9D0F-4FDB-98C0-81C94BEF4652}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"{8D911C71-A8B3-4322-AED8-34C5F1454A2D}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C9F9A0F3-E2AC-478D-B000-4A7DE1EAD4CC}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3060D9C1-0184-415F-9BC7-66FB87E4A09E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E666B6AC-7D13-4AFD-BDCD-802DD4AA5A20}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5DF87D88-914D-4F91-BE39-026CF57C7AFB}"= UDP:25901:BitComet 25901 TCP
"{A45BB9F8-FC48-4F69-A71B-209A86FB531C}"= TCP:25901:BitComet 25901 UDP
"{B1BF435B-C0F0-4372-9B36-A05B85E0F522}"= UDP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{590228EC-782B-4199-8721-8E881CA7940E}"= TCP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{6262EFBD-E435-46CC-A086-ECDD74A79C1B}"= UDP:25901:BitComet 25901 TCP
"{BCD7C386-C612-4C57-898F-308DBB92A6CE}"= TCP:25901:BitComet 25901 UDP
"{14E844FE-A113-4817-B7C2-A5FEFFF8DFB4}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{A075DB20-294C-4367-B380-5748937A8647}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{13405024-6972-458F-8318-DAD16E7EDDC1}"= UDP:8395:League of Legends Launcher
"{CC0B6D01-1E1C-4E8D-9653-150940BBE6B7}"= TCP:8395:League of Legends Launcher
"{2025FCDA-5CFC-49CE-B904-8F8142E1CA8D}"= UDP:c:\riot games\League of Legends\Air\LolClient.exe:League of Legends Lobby
"{78503524-7292-4A44-8987-2DE49A25E789}"= TCP:c:\riot games\League of Legends\Air\LolClient.exe:League of Legends Lobby
"{680191BA-EBEB-4B8E-8948-C1D2DFDF7567}"= UDP:c:\riot games\League of Legends\Game\League of Legends.exe:League of Legends Game Client
"{C433AD45-63CF-4F29-8B65-9F040D6A4C8F}"= TCP:c:\riot games\League of Legends\Game\League of Legends.exe:League of Legends Game Client
"{37F64FFF-5711-4411-B943-B49ED5E15A86}"= UDP:8396:League of Legends Launcher
"{C19E2739-E04E-4C8C-AAAE-6915F14F379D}"= TCP:8396:League of Legends Launcher
"{116DD32F-304F-42AE-B489-ED9087C2ADE1}"= UDP:8397:League of Legends Launcher
"{A40CF8AD-4023-43F2-9338-2656F766D6DD}"= TCP:8397:League of Legends Launcher
"{38CFBB17-D87E-4B9F-A72D-CBFE701FFEDA}"= UDP:8398:League of Legends Launcher
"{DF4BF06B-816E-4EEB-A2FC-C775EB201595}"= TCP:8398:League of Legends Launcher
"{B466ACE2-2925-4515-A08D-F1F6AEEC05EE}"= UDP:8399:League of Legends Launcher
"{BD5DACB7-844A-452E-A9AB-71F82705E00A}"= TCP:8399:League of Legends Launcher
"{4120B4DE-72E6-4A37-AA5D-F0DC978C1A98}"= UDP:c:\program files\Turbine\Turbine Download Manager - Lamannia\TurbineMessageService.exe:TurbineMessageService
"{0A5EB31A-9732-4387-8D82-05FF39BB1C74}"= TCP:c:\program files\Turbine\Turbine Download Manager - Lamannia\TurbineMessageService.exe:TurbineMessageService
"{5C08F94F-B5DC-4D56-8FA5-4C6919D320C4}"= UDP:c:\program files\Turbine\Turbine Download Manager - Lamannia\TurbineNetworkService.exe:TurbineNetworkService
"{640788E3-7CF4-4CAA-BEED-5CB3DEC98C9E}"= TCP:c:\program files\Turbine\Turbine Download Manager - Lamannia\TurbineNetworkService.exe:TurbineNetworkService
"{25552A7A-19F5-47E8-9BDC-EF9D7E7766FD}"= UDP:c:\program files\Turbine\Turbine Download Manager - Lamannia\TurbineNetworkService.exe:TurbineNetworkService
"{BE5DF06A-5F06-4B93-A456-90648F9CEC1F}"= TCP:c:\program files\Turbine\Turbine Download Manager - Lamannia\TurbineNetworkService.exe:TurbineNetworkService
"{489C7B77-5C6E-4F01-BDB3-E538D2DE5C7F}"= UDP:c:\windows\System32\wininit.exe:wininit
"{C2D7F6E2-B070-4BDD-94DF-D32CAE1990C7}"= TCP:c:\windows\System32\wininit.exe:wininit
"{87B79004-29C9-4136-8040-A7EBBE4BAD8D}"= UDP:c:\windows\System32\wininit.exe:wininit
"{2D5947B0-B2D3-410D-9B0B-1D96E91984A9}"= TCP:c:\windows\System32\wininit.exe:wininit
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
S2 wfpservice;Windows Feedback Panel Background Service;c:\program files\Microsoft Windows Feedback Panel\WFPService.EXE [7/9/2009 3:36 AM 248080]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [11/6/2007 1:22 PM 34064]
S3 PRSUSB;Sony Reader;c:\windows\System32\drivers\PRSUSB.sys [11/21/2006 5:52 PM 18944]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\winhelper.dll
DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} - hxxps://www.mesh.com/0.9.4014.7/TSWeb.cab
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
HKLM-RunOnce-<NO NAME> - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-16 14:36
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-511701214-598833928-2956610662-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:54,72,5e,f3,c7,a9,bb,7c,ed,c1,43,9d,ea,b2,07,f8,12,1a,c9,a2,34,3a,b3,
02,28,ba,6e,b4,84,a4,8d,21,cd,75,fe,70,4f,af,db,dc,4f,d9,c4,0d,e7,41,62,9b,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
[HKEY_USERS\S-1-5-21-511701214-598833928-2956610662-1000\Software\SecuROM\License information*]
"datasecu"=hex:64,b9,a1,70,c2,5c,7a,30,45,89,c2,88,05,04,6e,98,38,8a,98,a8,97,
69,49,3c,46,4b,ac,eb,af,ed,15,a2,11,6e,0a,f4,42,6e,0f,54,4e,46,55,7c,d6,88,\
"rkeysecu"=hex:9b,54,29,a0,89,4e,30,e7,db,26,85,97,ff,5f,2a,fa
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-09-16 14:37
ComboFix-quarantined-files.txt 2009-09-16 21:37
ComboFix2.txt 2009-09-16 21:06
Pre-Run: 116,569,800,704 bytes free
Post-Run: 116,438,888,448 bytes free
278 --- E O F --- 2009-08-30 03:52
Combo-Fix did not reboot my computer. Since your next instruction requires that I close all other programs, including combo-fix, I have not completed that step yet. What is my next step? I appreciate your amazingly fast replies.
Edit: I just pressed OK on the file submission prompt and it told me to upload it later.
I rebooted and tried to run OTS again.
, I went ahead and uninstalled + reinstalled MalwareBytes (it works!) and ran a quick scan and a full system scan. Logs are below.