Solved: Browser keeps redirecting - Page 2

cybertech · 10-Jul-2009, 09:24 AM **#16**

Open Notepad and copy and paste the text in the code box below into it:

Code:

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kava]
Driver::
ASKUpgrade
npggsvc

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

This will start ComboFix again. It may ask to reboot. Post the contents of c:\Combofix.txt in your next reply.

BakaTana · 11-Jul-2009, 06:38 AM **#17**

ComboFix 09-07-09.06 - Bakazor 07/11/2009 1:48.2.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1412 [GMT -8:00]
Running from: c:\documents and settings\Bakazor\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bakazor\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASKUPGRADE
-------\Legacy_NPGGSVC
-------\Service_ASKUpgrade
-------\Service_npggsvc

((((((((((((((((((((((((( Files Created from 2009-06-11 to 2009-07-11 )))))))))))))))))))))))))))))))
.

2009-07-10 03:50 . 2009-07-10 03:50 -------- d-----w- c:\program files\PopCap Games
2009-07-04 10:01 . 2009-07-04 10:01 -------- d-----w- c:\documents and settings\Bakazor\Local Settings\Application Data\Opera
2009-07-04 10:00 . 2009-07-04 10:00 -------- d-----w- c:\program files\Opera
2009-07-03 20:06 . 2009-06-17 19:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-03 20:06 . 2009-07-03 20:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-03 20:06 . 2009-06-17 19:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-29 07:18 . 2009-06-29 07:18 -------- d-----w- c:\program files\AskBarDis
2009-06-29 07:09 . 2009-06-29 07:09 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-29 07:08 . 2009-06-29 07:08 -------- d-----w- c:\documents and settings\Bakazor\Application Data\vlc
2009-06-29 07:04 . 2009-06-29 07:08 -------- d-----w- c:\program files\DriverCleanerDotNET
2009-06-29 00:46 . 2009-06-29 07:08 -------- d-----w- c:\documents and settings\Bakazor\Application Data\vlc(2)
2009-06-27 21:46 . 2009-06-28 06:46 -------- d-----w- C:\Copy of World of Warcraft
2009-06-27 09:17 . 2009-06-27 09:17 -------- d-----w- c:\program files\alaplaya
2009-06-24 22:38 . 2009-06-24 22:38 -------- d-sh--w- c:\documents and settings\Guest\IETldCache
2009-06-24 22:38 . 2009-06-24 22:38 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Apple
2009-06-14 04:43 . 2009-05-19 09:36 2884832 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\vwpt.exe
2009-06-14 04:43 . 2009-05-19 09:36 28 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\unregister.bat
2009-06-14 04:43 . 2009-05-19 09:36 30512 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\Uninstaller.exe
2009-06-14 04:43 . 2009-05-19 09:35 376568 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\unagi3.exe
2009-06-14 04:43 . 2009-05-19 09:35 172840 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\setup.exe
2009-06-12 07:34 . 2009-06-12 07:34 -------- d-----w- c:\documents and settings\Bakazor\Application Data\dota-allstars.71E01812711E1682B196CE418CDA466F24682743.1
2009-06-12 07:34 . 2009-06-12 07:34 38208 ----a-w- c:\documents and settings\Bakazor\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-06-12 07:34 . 2009-06-12 07:34 -------- d-----w- c:\documents and settings\Bakazor\Application Data\dota_allstars
2009-06-12 07:34 . 2009-06-12 07:34 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-12 07:34 . 2009-06-12 07:34 -------- d-----w- C:\Games
2009-06-12 03:46 . 2009-06-12 03:46 -------- d-----w- c:\documents and settings\Bakazor\Application Data\ESET
2009-06-12 03:35 . 2009-06-12 03:35 -------- d-----w- c:\program files\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 09:59 . 2009-05-28 04:38 117760 ----a-w- c:\documents and settings\Bakazor\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-10 07:41 . 2008-05-10 03:02 -------- d-----w- c:\documents and settings\Bakazor\Application Data\uTorrent
2009-07-08 07:01 . 2007-12-30 19:28 -------- d--ha-w- c:\documents and settings\Bakazor\Application Data\foobar2000
2009-07-06 07:00 . 2009-05-16 08:41 25 ----a-w- c:\windows\popcinfot.dat
2009-06-29 07:08 . 2008-05-18 06:46 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-06-27 20:14 . 2008-07-30 22:49 -------- d-----w- c:\program files\ASUS
2009-06-27 20:14 . 2007-12-27 08:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-27 20:13 . 2009-06-09 04:22 -------- d-----w- c:\program files\NCH Swift Sound
2009-06-25 22:23 . 2009-06-25 22:23 -------- d-----w- c:\program files\ANI
2009-06-25 22:23 . 2009-06-25 22:23 -------- d-----w- c:\program files\D-Link
2009-06-18 06:50 . 2007-12-27 08:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-14 04:44 . 2009-04-20 05:58 -------- d-----w- c:\program files\AIM6
2009-06-14 04:44 . 2009-04-20 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore
2009-06-14 04:43 . 2008-04-22 06:04 -------- d-----w- c:\program files\Common Files\AOL
2009-06-14 04:42 . 2009-06-14 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-06-12 03:23 . 2008-07-31 18:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-11 03:59 . 2009-02-13 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-06-10 01:04 . 2009-06-10 01:04 -------- d-----w- c:\documents and settings\Bakazor\Application Data\Recordpad
2009-06-09 04:23 . 2009-06-09 04:22 -------- d-----w- c:\documents and settings\Bakazor\Application Data\NCH Swift Sound
2009-06-09 04:23 . 2009-06-09 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-06-09 04:23 . 2009-06-09 04:23 -------- d-----w- c:\program files\NCH Software
2009-06-07 07:24 . 2009-05-28 04:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-04 06:02 . 2009-06-04 06:02 390664 ----a-w- c:\documents and settings\Bakazor\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-06-04 03:36 . 2009-06-04 03:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-06-04 03:25 . 2009-04-19 05:29 -------- d-----w- c:\program files\Uniblue
2009-06-04 03:21 . 2008-06-24 04:50 -------- d-----w- c:\program files\Common Files\BitDefender
2009-06-04 03:21 . 2008-06-24 04:52 -------- d-----w- c:\program files\BitDefender
2009-06-04 03:20 . 2008-07-02 00:07 81984 ----a-w- c:\windows\system32\bdod.bin
2009-06-03 04:10 . 2009-06-03 04:10 10134 ----a-r- c:\documents and settings\Bakazor\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-03 04:10 . 2009-06-03 04:10 -------- d-----w- c:\program files\Microsoft WSE
2009-06-03 04:04 . 2008-09-05 03:53 -------- d-----w- c:\program files\Electronic Arts
2009-05-31 06:04 . 2009-05-31 06:03 -------- d-----w- c:\program files\Ventrilo
2009-05-31 06:02 . 2007-12-28 03:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-29 04:47 . 2009-05-26 04:29 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-29 04:47 . 2008-02-04 05:17 -------- d-----w- c:\program files\Java
2009-05-28 05:15 . 2008-08-10 03:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-28 04:38 . 2009-05-28 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-28 04:38 . 2009-05-28 04:38 -------- d-----w- c:\documents and settings\Bakazor\Application Data\SUPERAntiSpyware.com
2009-05-26 05:20 . 2008-11-01 20:44 -------- d-----w- c:\program files\Winamp
2009-05-26 04:28 . 2009-05-26 04:28 152576 ----a-w- c:\documents and settings\Bakazor\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-26 04:03 . 2009-05-23 18:34 271784 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-05-26 04:03 . 2009-05-23 18:34 23011360 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-05-26 03:59 . 2009-05-13 06:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-24 05:33 . 2009-05-24 05:33 -------- d-----w- c:\program files\Curse
2009-05-23 04:33 . 2007-12-27 08:38 62419 ----a-w- c:\windows\War3Unin.dat
2009-05-19 09:36 . 2009-06-14 04:42 25 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\register.bat
2009-05-19 09:36 . 2009-06-14 04:42 1484856 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\toolbar.exe
2009-05-19 09:36 . 2009-06-14 04:42 97072 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\bsetutil.exe
2009-05-19 09:36 . 2009-06-14 04:42 142040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\alsetup.exe
2009-05-19 09:36 . 2009-06-14 04:42 111920 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\AOLSearch.dll
2009-05-19 08:09 . 2009-04-19 10:44 737984 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-18 07:47 . 2009-04-19 04:25 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-05-15 04:31 . 2009-05-15 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games
2009-05-14 02:55 . 2008-01-20 02:01 -------- d---a-w- c:\documents and settings\Bakazor\Application Data\mIRC
2009-05-14 02:55 . 2008-09-13 20:21 -------- d-----w- c:\program files\mIRC
2009-05-13 05:15 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 08:31 . 2009-05-01 08:31 1657376 ----a-w- c:\windows\system32\nwiz.exe
2009-05-01 08:31 . 2009-05-01 08:31 449056 ----a-w- c:\windows\system32\nvappbar.exe
2009-05-01 08:31 . 2009-05-01 08:31 436768 ----a-w- c:\windows\system32\keystone.exe
2009-05-01 08:31 . 2009-05-01 08:31 466944 ----a-w- c:\windows\system32\nvshell.dll
2009-05-01 08:31 . 2009-05-01 08:31 1724416 ----a-w- c:\windows\system32\nvwdmcpl.dll
2009-05-01 08:31 . 2009-05-01 08:31 1507328 ----a-w- c:\windows\system32\nview.dll
2009-05-01 08:31 . 2009-05-01 08:31 1101824 ----a-w- c:\windows\system32\nvwimg.dll
2009-05-01 06:02 . 2009-05-11 07:57 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-01 06:02 . 2009-05-09 06:09 1579630 ----a-w- c:\windows\system32\nvdata.bin
2009-05-01 06:02 . 2009-05-01 06:02 9994240 ----a-w- c:\windows\system32\nvoglnt.dll
2009-05-01 06:02 . 2009-05-01 06:02 806912 ----a-w- c:\windows\system32\nvapi.dll
2009-05-01 06:02 . 2009-05-01 06:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-05-01 06:02 . 2009-05-01 06:02 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-05-01 06:02 . 2009-05-01 06:02 143360 ----a-w- c:\windows\system32\nvcodins.dll
2009-05-01 06:02 . 2009-05-01 06:02 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-05-01 06:02 . 2009-05-01 06:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-05-01 06:02 . 2005-07-21 04:07 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-05-01 06:02 . 2005-07-21 04:07 5896320 ----a-w- c:\windows\system32\nv4_disp.dll
2009-04-27 08:42 . 2009-05-11 07:57 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-04-26 18:30 . 2009-01-26 18:30 1982 --sha-w- c:\windows\system32\fawuruvo.dll
2009-04-24 03:56 . 2007-12-27 08:58 74448 ----a-w- c:\documents and settings\Bakazor\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-19 05:33 . 2009-04-19 05:33 15743560 ----a-w- c:\documents and settings\Bakazor\Application Data\Uniblue\DriverScanner\Download\acpi_pnp0f036_30_189_0.exe
2009-04-19 04:23 . 2009-04-19 04:23 167376 ----a-w- c:\documents and settings\Bakazor\Application Data\Mozilla\Firefox\Profiles\6x8qf3lg.default\FlashGot.exe
2009-04-17 12:26 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-10_04.31.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 09:59 . 2009-07-11 09:59 16384 c:\windows\Temp\Perflib_Perfdata_410.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-09 139264]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"Steam"="c:\program files\valve\steam\steam.exe" [2009-06-11 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-05-15 5958656]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-11-18 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-01 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-29 148888]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-03-17 1040384]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-06-11 1447168]
"D-Link RangeBooster G WDA-2320"="c:\program files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe" [2007-08-29 1662976]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24\RivaTuner.exe" [2009-02-25 2781184]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-06-17 414992]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-05-01 1657376]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-06-07 07:24 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"rpcapd"=3 (0x3)
"NetSvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Warcraft III\\war3.exe"=
"c:\\ijji\\ENGLISH\\u_gbound.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\bakatana\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\bakatana\\counter-strike\\hl.exe"=
"c:\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Bakazor\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [7/30/2008 2:47 PM 150568]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/4/2008 1:50 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 1:50 PM 55024]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12/21/2007 8:21 AM 468224]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/3/2009 12:06 PM 195856]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PfModNT.sys [12/27/2007 12:18 AM 15840]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [8/25/2005 3:00 PM 547744]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [6/25/2009 2:23 PM 57376]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/3/2009 12:06 PM 19096]
R3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [5/29/2008 8:15 PM 136832]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\D-Link\RangeBooster G WDA-2320\JSWUtil\jswpsapi.exe [6/25/2009 2:23 PM 352338]
S3 mamotou;mamotou;c:\windows\system32\drivers\mamotou.sys [2/12/2009 7:34 PM 49399]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 12:22 PM 34064]
S3 projectx1;projectx1;\??\c:\documents and settings\Bakazor\Desktop\Project X\Project X\FelipeZe.sys --> c:\documents and settings\Bakazor\Desktop\Project X\Project X\FelipeZe.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 1:50 PM 7408]
S3 XDva068;XDva068;\??\c:\windows\system32\XDva068.sys --> c:\windows\system32\XDva068.sys [?]
S3 XDva081;XDva081;\??\c:\windows\system32\XDva081.sys --> c:\windows\system32\XDva081.sys [?]
S3 XDva244;XDva244;\??\c:\windows\system32\XDva244.sys --> c:\windows\system32\XDva244.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2009-07-11 c:\windows\Tasks\Malwarebytes' Scheduled Update for Bakazor.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-07-03 19:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://facebook.com/
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
FF - ProfilePath - c:\documents and settings\Bakazor\Application Data\Mozilla\Firefox\Profiles\6x8qf3lg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-11 01:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(432)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\documents and settings\Bakazor\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

- - - - - - - > 'explorer.exe'(4016)
c:\windows\system32\WININET.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-07-11 2:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-11 10:04
ComboFix2.txt 2009-07-10 04:35

Pre-Run: 44,082,278,400 bytes free
Post-Run: 44,048,216,064 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
299 --- E O F --- 2009-07-01 02:52

cybertech · 11-Jul-2009, 11:26 AM **#18**

How is it running now? Any problems?

BakaTana · 13-Jul-2009, 12:43 AM **#19**

It seems alright right now. No problems.

cybertech · 13-Jul-2009, 09:12 AM **#20**

Follow these steps to uninstall Combofix and tools used in the removal of malware

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

If you have no other malware problems I can help you with feel free to use the Mark Solved button at the top of the page.

Tag Cloud
access acer asus bios bsod computer crash dns drive driver drivers error ethernet excel freeze games gaming graphics hard drive hardware hdmi internet java laptop malware memory monitor motherboard network printer problem ram random registry router slow software sound trojan usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!