Windows Update Problem

jojo2004 · 23 April 2009 at 11:39PM

Right. Malwarebytes full scan log finally complete:

Malwarebytes' Anti-Malware 1.36
Database version: 2032
Windows 6.0.6001 Service Pack 1

23/04/2009 23:37:50
mbam-log-2009-04-23 (23-37-50).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 190231
Time elapsed: 2 hour(s), 58 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

(Needless to say, I updated the programme before running). It all looks fine... Sigh.
Do you have any more ideas Rik?
xx

flossy_splodge · 24 April 2009 at 12:17AM

Did you update Malware before running? Should be version 2034 as of midnight tonight ie now.?

flossy_splodge · 24 April 2009 at 12:22AM

jojo2004 wrote: »

Hi,
I've had a similar problem with my laptop. It's a Toshiba Satellite U300, running Windows Vista. I tried to install Security Update KB 950974 - it was on the automatic thing that pops up and tells you there are updates to install - no joy, despite numerous attempts!
I tried the solution above - getting the update directly from MS - and that didn't work either!
Any other suggestions? I also have the (reasonably common?) problem with no sound ("No Audio Output Device is Installed") - which I understand (from my Mum, who's been trying to sort this out for AGES) is due to an update causing the sound card drivers not to work - I think she's nearly at the point of fixing this though, so I just mention it in case the two problems are related?
Any help gratefully received,
xx

you need to download this update to a memory stick then copy to your desktop.
When you've had a chance to do this let me know and I'll tell you the next step.

aliEnRIK · 24 April 2009 at 10:19AM

Please run COMBOFIX
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be)

If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe')

jojo2004 · 24 April 2009 at 1:21PM

ComboFix log:

ComboFix 09-04-24.01 - Jojo 24/04/2009 12:59.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2038.863 [GMT 1:00]
Running from: c:\users\Jojo\Downloads\ComboFix.exe
FW: ZoneAlarm Firewall *enabled*
.

((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-4-24 )))))))))))))))))))))))))))))))
.

2009-04-21 18:33 . 2008-04-07 04:38 22872 ----a-r c:\windows\system32\AdobePDFUI.dll
2009-04-19 17:05 . 2009-04-19 17:13

d

w c:\users\Jojo\AppData\Local\Paint.NET
2009-04-17 16:22 . 2009-04-17 16:22

d

w c:\programdata\FLEXnet
2009-04-16 15:10 . 2009-03-03 04:46 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-16 15:10 . 2009-03-03 04:46 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-16 15:10 . 2009-03-03 04:39 551424 ----a-w c:\windows\system32\rpcss.dll
2009-04-16 15:10 . 2009-03-03 03:04 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-04-16 15:10 . 2009-03-03 04:39 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-04-16 15:10 . 2009-03-03 04:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-04-16 15:10 . 2009-03-03 04:37 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-04-16 15:10 . 2009-03-03 04:37 54784 ----a-w c:\windows\system32\iasads.dll
2009-04-16 15:10 . 2009-03-03 04:37 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-04-16 15:10 . 2009-03-03 02:38 17408 ----a-w c:\windows\system32\iashost.exe
2009-04-16 15:10 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-16 15:00 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-04-16 15:00 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-16 15:00 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll
2009-04-16 15:00 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll
2009-04-16 14:59 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-16 14:59 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-14 11:41 . 2009-04-14 11:41

d

w c:\programdata\SUPERAntiSpyware.com
2009-04-14 11:41 . 2009-04-14 11:41

d

w c:\users\Jojo\AppData\Roaming\SUPERAntiSpyware.com
2009-04-08 21:15 . 2009-03-19 15:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-08 21:15 . 2008-04-17 11:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-08 21:14 . 2009-04-08 21:15

d

w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-24 12:09 . 2008-01-05 02:02

d

w c:\programdata\Kontiki
2009-04-24 11:37 . 2008-03-02 23:17 352614 ---ha-w c:\windows\system32\drivers\vsconfig.xml
2009-04-23 23:35 . 2008-12-30 04:29 268 ---ha-w C:\sqmdata02.sqm
2009-04-23 23:35 . 2008-12-30 04:29 244 ---ha-w C:\sqmnoopt02.sqm
2009-04-23 19:15 . 2008-12-30 03:23 268 ---ha-w C:\sqmdata01.sqm
2009-04-23 19:15 . 2008-12-30 03:23 244 ---ha-w C:\sqmnoopt01.sqm
2009-04-23 10:14 . 2007-05-30 13:04 319456 ----a-w c:\windows\DIFxAPI.dll
2009-04-23 10:09 . 2008-08-20 02:23 268 ---ha-w C:\sqmdata00.sqm
2009-04-23 10:09 . 2008-08-20 02:23 244 ---ha-w C:\sqmnoopt00.sqm
2009-04-23 10:04 . 2009-01-07 22:14 268 ---ha-w C:\sqmdata19.sqm
2009-04-23 10:04 . 2009-01-07 22:14 244 ---ha-w C:\sqmnoopt19.sqm
2009-04-22 23:04 . 2009-01-07 17:20 268 ---ha-w C:\sqmdata18.sqm
2009-04-22 23:04 . 2009-01-07 17:20 244 ---ha-w C:\sqmnoopt18.sqm
2009-04-21 22:13 . 2009-01-07 14:29 268 ---ha-w C:\sqmdata17.sqm
2009-04-21 22:13 . 2009-01-07 14:29 244 ---ha-w C:\sqmnoopt17.sqm
2009-04-20 23:26 . 2009-01-07 10:57 268 ---ha-w C:\sqmdata16.sqm
2009-04-20 23:26 . 2009-01-07 10:57 244 ---ha-w C:\sqmnoopt16.sqm
2009-04-20 14:33 . 2008-03-02 19:14

d

w c:\programdata\Spybot - Search & Destroy
2009-04-20 13:22 . 2008-11-19 19:01

d

w c:\program files\Malwarebytes' Anti-Malware
2009-04-19 22:00 . 2009-01-06 18:29 268 ---ha-w C:\sqmdata15.sqm
2009-04-19 22:00 . 2009-01-06 18:29 244 ---ha-w C:\sqmnoopt15.sqm
2009-04-19 17:06 . 2009-04-19 17:06

d

w c:\program files\Paint.NET
2009-04-17 22:07 . 2009-01-06 17:56 268 ---ha-w C:\sqmdata14.sqm
2009-04-17 22:07 . 2009-01-06 17:56 244 ---ha-w C:\sqmnoopt14.sqm
2009-04-17 16:21 . 2007-12-27 19:31 97696 ----a-w c:\users\Jojo\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-17 16:14 . 2008-08-30 11:39 7511846 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-04-17 16:12 . 2009-01-06 14:38 268 ---ha-w C:\sqmdata13.sqm
2009-04-17 16:12 . 2009-01-06 14:38 244 ---ha-w C:\sqmnoopt13.sqm
2009-04-17 16:11 . 2008-03-10 11:21

d

w c:\program files\Common Files\Adobe
2009-04-17 16:11 . 2009-04-17 16:11

d

w c:\program files\Common Files\Macrovision Shared
2009-04-17 16:10 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-04-17 16:10 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-17 16:10 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-04-17 15:43 . 2009-03-02 20:29

d

w c:\users\Jojo\AppData\Roaming\Download Manager
2009-04-16 22:06 . 2009-01-06 11:02 268 ---ha-w C:\sqmdata12.sqm
2009-04-16 22:06 . 2009-01-06 11:02 244 ---ha-w C:\sqmnoopt12.sqm
2009-04-16 18:18 . 2006-11-02 11:18

d

w c:\program files\Windows Mail
2009-04-16 18:17 . 2009-01-05 18:48 268 ---ha-w C:\sqmdata11.sqm
2009-04-16 18:17 . 2009-01-05 18:48 244 ---ha-w C:\sqmnoopt11.sqm
2009-04-16 15:14 . 2007-05-31 14:27

d

w c:\programdata\Microsoft Help
2009-04-16 01:05 . 2009-01-05 15:48 268 ---ha-w C:\sqmdata10.sqm
2009-04-16 01:05 . 2009-01-05 15:48 244 ---ha-w C:\sqmnoopt10.sqm
2009-04-15 17:20 . 2009-01-05 13:38 268 ---ha-w C:\sqmdata09.sqm
2009-04-15 17:20 . 2009-01-05 13:38 244 ---ha-w C:\sqmnoopt09.sqm
2009-04-15 17:03 . 2007-05-30 12:47

d

w c:\program files\Java
2009-04-14 22:41 . 2009-01-05 12:22 268 ---ha-w C:\sqmdata08.sqm
2009-04-14 22:41 . 2009-01-05 12:22 244 ---ha-w C:\sqmnoopt08.sqm
2009-04-14 13:08 . 2009-01-04 23:40 268 ---ha-w C:\sqmdata07.sqm
2009-04-14 13:08 . 2009-01-04 23:40 244 ---ha-w C:\sqmnoopt07.sqm
2009-04-14 11:41 . 2009-04-14 11:41

d

w c:\program files\SUPERAntiSpyware
2009-04-14 11:40 . 2009-04-14 11:40

d

w c:\program files\Common Files\Wise Installation Wizard
2009-04-13 15:19 . 2009-01-03 02:57 268 ---ha-w C:\sqmdata06.sqm
2009-04-13 15:19 . 2009-01-03 02:57 244 ---ha-w C:\sqmnoopt06.sqm
2009-04-11 23:01 . 2009-01-02 00:59 268 ---ha-w C:\sqmdata05.sqm
2009-04-11 23:01 . 2009-01-02 00:59 244 ---ha-w C:\sqmnoopt05.sqm
2009-04-10 23:08 . 2008-12-30 13:01 268 ---ha-w C:\sqmdata04.sqm
2009-04-10 23:08 . 2008-12-30 13:01 244 ---ha-w C:\sqmnoopt04.sqm
2009-04-10 21:22 . 2008-12-30 04:40 268 ---ha-w C:\sqmdata03.sqm
2009-04-10 21:22 . 2008-12-30 04:40 244 ---ha-w C:\sqmnoopt03.sqm
2009-04-08 21:15 . 2009-04-08 21:14

d

w c:\program files\iTunes
2009-04-08 21:14 . 2009-04-08 21:14

d

w c:\program files\iPod
2009-04-08 21:14 . 2009-03-02 14:23

d

w c:\program files\Common Files\Apple
2009-04-06 14:32 . 2008-11-19 19:01 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 14:32 . 2008-11-19 19:01 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-22 12:11 . 2008-03-02 19:14

d

w c:\program files\Spybot - Search & Destroy
2009-03-17 03:38 . 2009-04-16 15:00 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 02:49 . 2007-05-31 14:25

d

w c:\program files\Microsoft Works
2009-03-17 02:38 . 2009-03-17 02:38

d

w c:\programdata\Avira
2009-03-17 02:38 . 2009-03-17 02:38

d

w c:\program files\Avira
2009-03-17 01:42 . 2009-03-17 01:42

d

w c:\users\Mummy\AppData\Roaming\Malwarebytes
2009-03-17 01:11 . 2008-11-21 20:53

d

w c:\program files\OXXOGames
2009-03-17 01:09 . 2008-11-12 16:49

d--h--w c:\programdata\{26009715-9383-403E-996E-D70BE8109C3D}
2009-03-17 01:09 . 2008-01-08 19:25

d

w c:\program files\Creative
2009-03-17 01:08 . 2008-11-21 20:54

d

w c:\program files\SCREENSEVEN
2009-03-17 01:06 . 2009-02-18 21:27

d

w c:\program files\Inkscape
2009-03-17 01:04 . 2009-02-18 21:32

d

w c:\users\Jojo\AppData\Roaming\Inkscape
2009-03-14 12:19 . 2009-03-14 12:18 15981758 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_14_00_31_39_full.dmp.zip
2009-03-13 13:26 . 2009-03-13 13:26 9322230 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_13_03_14_56_full.dmp.zip
2009-03-12 17:55 . 2009-03-12 17:54

d

w c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-12 17:32 . 2009-03-12 17:32

d

w c:\program files\Bonjour
2009-03-12 13:53 . 2009-03-12 13:52 26230041 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_12_00_49_01_full.dmp.zip
2009-03-10 10:28 . 2009-03-10 10:27 30899303 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_10_09_49_39_full.dmp.zip
2009-03-09 10:34 . 2009-03-09 10:33 30924085 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_08_22_54_17_full.dmp.zip
2009-03-09 04:19 . 2008-11-19 19:41 410984 ----a-w c:\windows\System32\deploytk.dll
2009-03-07 10:31 . 2009-03-07 10:31 15148913 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_06_23_10_40_full.dmp.zip
2009-03-05 09:17 . 2009-03-05 09:16 30905081 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_04_22_56_05_full.dmp.zip
2009-03-04 12:20 . 2009-03-04 12:19 11965581 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_04_12_13_35_full.dmp.zip
2009-03-04 10:46 . 2009-03-04 10:45 7193467 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_03_23_53_05_full.dmp.zip
2009-03-03 21:39 . 2009-03-03 21:39 266240 ----a-w c:\windows\System32\CSHelper.exe
2009-03-03 21:39 . 2009-03-03 21:39 225280 ----a-w c:\windows\System32\CSInstru.DLL
2009-03-03 04:40 . 2009-04-16 15:05 827392 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:37 . 2009-04-16 15:05 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-03 02:28 . 2009-04-16 15:05 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-02 14:27 . 2009-03-02 14:27

d

w c:\users\Jojo\AppData\Roaming\Apple Computer
2009-03-02 14:27 . 2009-03-02 14:25

d

w c:\programdata\Apple Computer
2009-03-02 14:26 . 2009-03-02 14:25

d

w c:\program files\QuickTime
2009-03-02 14:24 . 2009-03-02 14:24

d

w c:\program files\Apple Software Update
2009-03-02 14:23 . 2009-03-02 14:23

d

w c:\programdata\Apple
2009-02-27 11:06 . 2009-02-27 11:05 594 ----a-w C:\updatedatfix.log
2009-02-25 21:13 . 2009-02-25 21:13

d

w c:\program files\Microsoft Silverlight
2008-11-19 20:07 . 2008-03-21 08:26 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-11-19 20:07 . 2008-03-21 08:26 32768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-11-19 20:07 . 2008-03-21 08:26 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-04-09 11:52 . 2008-04-09 11:52 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008040920080410\index.dat
.

jojo2004 · 24 April 2009 at 1:22PM

Rest of ComboFix log:

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-05-21 433840]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-21 171448]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-05-16 509496]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-04-26 538744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"4oD"="c:\program files\Kontiki\KHost.exe" [2008-01-25 1032376]
"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2006-05-25 40960]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 959976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-03-13 2060288]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-27 133912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-27 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-27 154392]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-27 4702208]
"NDSTray.exe"="NDSTray.exe" [BU]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2008-09-10 1826816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

c:\users\Jojo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2FDDE26F-17A2-4DB6-8CF0-1040A8127ADD}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{426FBA8C-10AC-40D4-8338-AA7023BC4F55}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8EEE4593-0A47-4462-ADCD-4B5CB488F6F5}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{279F4B37-E35A-461C-B530-88F9779603F9}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{41E918F4-6491-471C-B3A7-E94B844C6ABD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BCD6D1BB-CD65-47C6-B5D0-25203AC0938B}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{6031D1EE-F5A7-4007-B51B-ECFE970E8B10}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{3DD2CAED-52A9-4AE3-833A-9040F6974796}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{6612C609-73BC-4389-BF9B-FE210A4FD4BF}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{7FFDA97F-A172-4D71-A41B-BB9DD2B22446}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{604FF3CB-EA00-4791-A1AB-0F6EC0CC213D}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{80FAC545-3904-43E4-BAC6-28ABECD9545E}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{147D8044-D9BC-431B-9B58-F3FCD72BC8D5}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{00AAE44F-21E6-44A6-84A1-EEEAE0F2E555}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{2C9FC68A-29A1-4305-9EE3-E69B35FB6456}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{D29B3E20-E9A8-46F3-B6F9-FCEAF6FC6A77}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B5A0F134-B0F8-44AA-899B-815168E73AF3}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{61C26DB6-B911-4C86-AC65-7394209CBF1F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A30CB4A7-ED0B-4133-9955-EFD1D698AC6B}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-03-03 266240]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-03-13 24576]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2007-04-09 8192]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\shell\AutoRun\command -

\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b5f3eac-c911-11dd-8f2e-806e6f6e6963}]
\shell\AutoRun\command -

\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b5f3ec2-c911-11dd-8f2e-001cbf22ec78}]
\shell\AutoRun\command -

\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{429f15e2-c6ab-11dd-9bd3-001cbf22ec78}]
\shell\AutoRun\command -

\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{429f15ff-c6ab-11dd-9bd3-001cbf22ec78}]
\shell\AutoRun\command - G:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{609148d8-ed2d-11dd-930d-001b24c0b4fd}]
\shell\AutoRun\command -

\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf406bf2-2820-11de-8547-001b24c0b4fd}]
\shell\AutoRun\command - G:\StarterOfficeGuardian.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8abe214-f02a-11dc-b6a0-001b24c0b4fd}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-05-16 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2009-04-24 c:\windows\Tasks\User_Feed_Synchronization-{9D9621D0-81A3-4FFC-A8FE-E9F10C5D988F}.job
- c:\windows\system32\msfeedssync.exe [2008-06-04 07:33]
.
.

Supplementary Scan

.
uStart Page = hxxp://www.hotmail.com/
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: !!{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader4.cab?20080821050326
FF - ProfilePath - c:\users\Jojo\AppData\Roaming\Mozilla\Firefox\Profiles\ygwsun55.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScope42.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-24 13:18
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????!?|?D??8???`????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

LOCKED REGISTRY KEYS

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{004c3776-7fa7-4885-a24d-81a9ba9c70ac}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0a001cbf
"Dhcpv6State"=dword:00000000
"Dhcpv6InterfaceOptions"=hex:02,00,00,00,00,00,00,00,0e,00,00,00,00,00,00,00,
ff,ff,ff,7f,00,01,00,01,0d,73,f8,33,00,19,7d,39,83,f6,00,00,17,00,00,00,00,\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{8595e907-0c99-4dd2-9b9d-36d150b7433b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001b24
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{acc6d66a-45dc-4d3b-a644-7e20fe357adc}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07020054
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
Completion time: 2009-04-24 13:20
ComboFix-quarantined-files.txt 2009-04-24 12:20

Pre-Run: 32,398,512,128 bytes free
Post-Run: 31,869,300,736 bytes free

352 --- E O F --- 2009-04-22 16:08

jojo2004 · 24 April 2009 at 1:25PM

So - I don't know if I have any renaming errors in there - all I do notice is that Inkscape and Creative still seem to be mentioned, even though I've tried to remove both programmes. Is this right?

Cheers!

jojo2004 · 24 April 2009 at 1:25PM

flossy_splodge wrote: »

Did you update Malware before running? Should be version 2034 as of midnight tonight ie now.?

I did mama. I well-trained by you...

jojo2004 · 24 April 2009 at 1:26PM

flossy_splodge wrote: »

you need to download this update to a memory stick then copy to your desktop.
When you've had a chance to do this let me know and I'll tell you the next step.

I've got a copy on the desktop - do I need to go through the stage of putting it onto a memory stick first?
I tried calling you just now, btw.:j

aliEnRIK · 24 April 2009 at 1:55PM

run a KASPERSKY ONLINE SCAN (click to scan 'MY COMPUTER')
http://www.kaspersky.co.uk/virusscanner
Please post the complete log it creates

Windows Update Problem

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free