1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help! Hearing ads with no windows open....

Discussion in 'Virus & Other Malware Removal' started by bipslittlegirl, Nov 19, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. bipslittlegirl

    bipslittlegirl Thread Starter

    Joined:
    Nov 19, 2011
    Messages:
    43
    Removed temporary files, ran Avast, no viruses detected, ran Malware, nothing. Installed HijackThis. Will include both my malware log and the Hijackthis log. Hope someone can help. Thanks!

    Malware Log

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org
    Database version: 8178
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13
    11/19/2011 5:12:39 AM
    mbam-log-2011-11-19 (05-12-39).txt
    Scan type: Quick scan
    Objects scanned: 174917
    Time elapsed: 5 minute(s), 5 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)


    HiJackThis Log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:11:21 AM, on 11/19/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17103)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\WUAUCLT.EXE
    C:\WINDOWS\system32\dldtcoms.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Generic\Network Printer Wizard\NPWService.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/sphome.aspx
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/sphome.aspx
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
    R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
    F3 - REG:win.ini: load=C:\DOCUME~1\KIMBER~1\LOCALS~1\Temp\{46835~1.EXE
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\PROGRA~1\ALWILS~1\Avast5\aswWebRepIE.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\PROGRA~1\ALWILS~1\Avast5\aswWebRepIE.dll
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\generic\network printer wizard\npwprint.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: dldtCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe
    O23 - Service: dldt_device - - C:\WINDOWS\system32\dldtcoms.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: NPWService - Unknown owner - C:\Program Files\Generic\Network Printer Wizard\NPWService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    --
    End of file - 7755 bytes


    Please help!!!!! Can't even do searches now, it takes me to strange looking pages when I do. Can only go to sites directly. Opened a video a few day ago, and computer started going haywire!. Had to do a system restore, which took some doing, and most of my files ended up hidden as a result. Good thing is they are still there. But I have been looking and you seem to be helping people here, so hoping someone can help me too! Thanks in advance.

    :confused::confused::confused::confused::confused::confused:
     
  2. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,925
    First Name:
    Frank
    Restart the computer, then wait for it to completely settle down, then do the following:

    Click Start - Run, then type in

    %temp%

    then click OK.

    Click Start - Run, then type in

    c:\windows\temp

    then click OK.

    Once those 2 temp folders appear and you can view their contents, select and delete EVERYTHING that's inside them.

    If a few files resist being deleted, that's normal behavior. Leave them alone and delete EVERYTHING else.

    After you're done, empty the Recycle Bin, then restart the computer again.

    ------------------------------------------------------
     
  3. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,925
    First Name:
    Frank
    After you complete the previous instructions, go here to download and save the free version of SUPERAntiSpyware 5.0.0.1136.

    Close all open windows first, then install it, then restart the computer.

    Make sure to update its definition files during the install process.

    --------------------------------------------------------

    Start SUPERAntiSpyware.

    Select the Quick Scan option, then click "Scan your Computer".

    If infections or problems are found during the scan, a list will appear and the number of them will be highlighted in red.

    When the scan is finished and the scan summary window appears, click "Continue".

    Make sure that EVERYTHING in the list is selected, then click "Remove Threats".

    Click "OK - Finish".

    If you're prompted to restart to finish the removal process, do so.

    Start SUPERAntiSpyware again.

    Click "View Scan Logs".

    Highlight the scan log entry, then click "View Selected Log".

    When the scan log appears in Notepad, copy-and-paste it here.

    -------------------------------------------------------
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    If you have issues with any hidden files or folders do not empty any temp folders yet. Run the following and post the two produced logs...

    We need to see some additional information about what is happening in your machine.*
    Please perform the following scan:
    • Download DDS by sUBs from one of the following links.* Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool.* *
    • When done, DDS will open two (2) logs
      * * * * *1. DDS.txt
      * * * * *2. Attach.txt
    • Save both reports to your desktop.
    • The instructions here ask you to attach the Attach.txt.
      [​IMG]
      *
    • Instead of attaching, please copy/past both logs into your next reply.
    • Close the program window, and delete the program from your desktop.
    Please note:* You may have to disable any script protection running if the scan fails to run.
    After downloading the tool, disconnect from the internet and disable all antivirus protection.
    Run the scan, enable your A/V and reconnect to the internet.*
    Information on A/V control HERE

    Kevin
     
  5. bipslittlegirl

    bipslittlegirl Thread Starter

    Joined:
    Nov 19, 2011
    Messages:
    43
    Thanks for you help! Here is the log after that Super Anti Spyware Scan:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com
    Generated 11/19/2011 at 12:42 PM
    Application Version : 5.0.1136
    Core Rules Database Version : 7965
    Trace Rules Database Version: 5777
    Scan type : Quick Scan
    Total Scan Time : 00:05:24
    Operating System Information
    Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator
    Memory items scanned : 460
    Memory threats detected : 0
    Registry items scanned : 31650
    Registry threats detected : 0
    File items scanned : 9424
    File threats detected : 75
    Adware.Tracking Cookie
    C:\Documents and Settings\Kimberly Brock\Cookies\LIDSL9M5.txt [ /mediaplex.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\H5SD2D2X.txt [ /media6degrees.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\8VZO6T4E.txt [ /tribalfusion.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\B2BEYXY7.txt [ /specificclick.net ]
    C:\Documents and Settings\Kimberly Brock\Cookies\O7OZFE82.txt [ /serving-sys.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\HZ3K78AN.txt [ /web-traffic-analysis.net ]
    C:\Documents and Settings\Kimberly Brock\Cookies\OM3QMD4Z.txt [ /trafficmp.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\9LA2S7D9.txt [ /media.adfrontiers.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\Z2OHA988.txt [ /realmedia.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\K2K1F98I.txt [ /ru4.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\JUVO2RSM.txt [ /pointroll.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\OSHBBPSX.txt [ /amazon-adsystem.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\96QZS82G.txt [ /www.burstnet.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\RBKD5X7X.txt [ /zedo.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\BZPN91TZ.txt [ /atdmt.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\DUUHURST.txt [ /dc.tremormedia.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\TGICOOU6.txt [ /intermundomedia.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\OYOQZAKS.txt [ /statse.webtrendslive.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\HTFNMI7N.txt [ /ads.addynamix.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\5Z0IRQ5G.txt [ /akamai.interclickproxy.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\85H305MT.txt [ /adxpose.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\5TPXU5YC.txt [ /fastclick.net ]
    C:\Documents and Settings\Kimberly Brock\Cookies\W7JJ54QS.txt [ /stat.onestat.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\DUC3C3F2.txt [ /collective-media.net ]
    C:\Documents and Settings\Kimberly Brock\Cookies\15B60OWZ.txt [ /yieldmanager.net ]
    C:\Documents and Settings\Kimberly Brock\Cookies\XMUYQ1BC.txt [ /at.atwola.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\EA50CQ50.txt [ /lucidmedia.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\U31V9JVS.txt [ /ads.bridgetrack.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\YEK812CN.txt [ /ad.yieldmanager.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\HSDMUT9U.txt [ /ads.pointroll.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\CF0XOI0T.txt [ /artcitymedia.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\1VFXY0LX.txt [ /adserver.adtechus.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\WR1HHOVO.txt [ /invitemedia.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\KH3TRERL.txt [ /imrworldwide.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\95ALB9GJ.txt [ /liveperson.net ]
    C:\Documents and Settings\Kimberly Brock\Cookies\X8B3NQDA.txt [ /revsci.net ]
    C:\Documents and Settings\Kimberly Brock\Cookies\7BXOLF8Y.txt [ /gmcnglobal.112.2o7.net ]
    C:\Documents and Settings\Kimberly Brock\Cookies\200CD86I.txt [ /a1.interclick.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\IFLZONL1.txt [ /r1-ads.ace.advertising.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\BS62CD4D.txt [ /legolas-media.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\HCTXLVHO.txt [ /interclick.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\FV0C2III.txt [ /mm.chitika.net ]
    C:\Documents and Settings\Kimberly Brock\Cookies\937XU9TX.txt [ /ad.360yield.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\1NZ5ZVMP.txt [ /c.atdmt.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\QCM8LDXL.txt [ /adbrite.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\5G14OV9V.txt [ /linksynergy.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\LVC7S0HU.txt [ /questionmarket.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\QD77RHXG.txt [ /h.atdmt.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\9RY17ZYR.txt [ /2o7.net ]
    C:\Documents and Settings\Kimberly Brock\Cookies\11NUBX20.txt [ /ads.undertone.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\HQ5UTWGP.txt [ /advertising.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\SG6FZMXK.txt [ /doubleclick.net ]
    C:\Documents and Settings\Kimberly Brock\Cookies\Z5LIPLU3.txt [ /bs.serving-sys.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\1YC65JZA.txt [ /eas.apm.emediate.eu ]
    C:\Documents and Settings\Kimberly Brock\Cookies\EHO3ZDIJ.txt [ /pro-market.net ]
    C:\Documents and Settings\Kimberly Brock\Cookies\5KTUCO79.txt [ /adserver.zonemedia.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\EH0A0U8P.txt [ /lfstmedia.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\7EQJML7R.txt [ /ads.pubmatic.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\57ZHP5O3.txt [ /kontera.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\3QJ318LH.txt [ /ad.wsod.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\GD4N1ALY.txt [ /network.realmedia.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\JLRAO0ZK.txt [ /accounts.google.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\74HVHAVT.txt [ /insightexpressai.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\YL0JQONF.txt [ /apmebf.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\UB9423Z1.txt [ /casalemedia.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\1VH4MM9A.txt [ /ads.lycos.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\XDRLZXKM.txt [ /c1.atdmt.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\X16T64CG.txt [ /burstnet.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\ZP894V7S.txt [ /adtech.de ]
    C:\Documents and Settings\Kimberly Brock\Cookies\IU7R4ZVT.txt [ /adserver.twitpic.com ]
    C:\Documents and Settings\Kimberly Brock\Cookies\DT0Z31X9.txt [ /tacoda.at.atwola.com ]
    C:\DOCUMENTS AND SETTINGS\KIMBERLY BROCK\Cookies\9KB9FNJI.txt [ Cookie:kimberly [email protected]/apps/foundation/components/cn_ad_init/ ]
    C:\DOCUMENTS AND SETTINGS\KIMBERLY BROCK\Cookies\1Y77DDK0.txt [ Cookie:kimberly [email protected]/etc/designs/foundation/ads/ ]
    C:\DOCUMENTS AND SETTINGS\KIMBERLY BROCK\Cookies\2FG9V7N3.txt [ Cookie:kimberly [email protected]/Stats/ ]
    C:\DOCUMENTS AND SETTINGS\KIMBERLY BROCK\Cookies\UMX37LC6.txt [ Cookie:kimberly [email protected]/media/Pages/ ]
     
  6. bipslittlegirl

    bipslittlegirl Thread Starter

    Joined:
    Nov 19, 2011
    Messages:
    43
    Hidden files is not an issue any longer. Thanks!
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Post logs from DDS please...
     
  8. bipslittlegirl

    bipslittlegirl Thread Starter

    Joined:
    Nov 19, 2011
    Messages:
    43
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.5730.13
    Run by Kimberly Brock at 12:59:12 on 2011-11-19
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2012.1301 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\WUAUCLT.EXE
    svchost.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\WINDOWS\system32\dldtcoms.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Generic\Network Printer Wizard\NPWService.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.bing.com
    uSearch Bar = hxxp://www.bing.com/sphome.aspx
    mSearchAssistant = hxxp://www.bing.com/sphome.aspx
    uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\progra~1\yahoo!\companion\installs\cpn0\YTNavAssist.dll
    uWindows: load=c:\docume~1\kimber~1\locals~1\temp\{24916~1.EXE
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\progra~1\alwils~1\avast5\aswWebRepIE.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\progra~1\alwils~1\avast5\aswWebRepIE.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    Trusted Zone: carebridge.net\sra
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{4A11EBB4-43E6-4B64-8890-351405C8BE40} : DhcpNameServer = 192.168.1.254
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxdev.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2010-8-5 24064]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-9 320856]
    R1 NEOFLTR_650_16789;Juniper Networks TDI Filter Driver (NEOFLTR_650_16789);c:\windows\system32\drivers\NEOFLTR_650_16789.SYS [2010-11-9 85360]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-9 20568]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-9 44768]
    R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-8-5 13336]
    R2 NPWService;NPWService;c:\program files\generic\network printer wizard\NPWService.exe [2009-1-15 462848]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-8-5 166568]
    S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [2011-3-27 99568]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-9 44768]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-9 44768]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]
    .
    =============== Created Last 30 ================
    .
    2011-11-19 17:34:27 -------- d-----w- c:\documents and settings\kimberly brock\application data\SUPERAntiSpyware.com
    2011-11-19 17:33:46 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-11-19 17:33:46 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
    2011-11-19 11:11:06 388096 ----a-r- c:\documents and settings\kimberly brock\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-11-19 11:11:05 -------- d-----w- c:\program files\Trend Micro
    2011-11-18 02:58:36 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-11-18 02:58:36 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-11-18 02:18:58 -------- d-----w- c:\windows\pss
    2011-11-17 00:28:49 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-16 23:00:24 -------- d-----w- c:\documents and settings\kimberly brock\application data\Malwarebytes
    2011-11-16 23:00:15 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-11-16 23:00:10 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-16 23:00:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    .
    ==================== Find3M ====================
    .
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-03 04:31:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-06 21:45:29 41184 ----a-w- c:\windows\avastSS.scr
    2011-09-06 13:25:11 1867904 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 13:08:02.00 ===============




    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/31/2010 12:43:04 PM
    System Uptime: 11/19/2011 12:44:56 PM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0200DY
    Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | CPU | 2925/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 117.14 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP75: 5/28/2011 5:54:40 AM - System Checkpoint
    RP76: 5/29/2011 9:17:18 PM - System Checkpoint
    RP77: 5/29/2011 11:26:30 PM - Installed Microsoft Office Professional 2010
    RP78: 5/29/2011 11:30:31 PM - Printer Driver Send To Microsoft OneNote 2010 Driver Installed
    RP79: 5/29/2011 11:33:01 PM - Configured Microsoft Office Professional 2010
    RP80: 5/30/2011 3:00:15 AM - Software Distribution Service 3.0
    RP81: 5/31/2011 3:25:28 AM - System Checkpoint
    RP82: 6/1/2011 4:30:34 PM - Configured Microsoft Office Professional 2010
    RP83: 6/2/2011 11:39:31 PM - System Checkpoint
    RP84: 6/5/2011 9:23:23 PM - Configured Microsoft Office Professional 2010
    RP85: 6/15/2011 12:50:18 AM - System Checkpoint
    RP86: 6/16/2011 3:24:27 PM - System Checkpoint
    RP87: 6/16/2011 4:45:34 PM - Software Distribution Service 3.0
    RP88: 6/29/2011 12:41:40 AM - Software Distribution Service 3.0
    RP89: 6/29/2011 3:29:27 PM - Software Distribution Service 3.0
    RP90: 6/30/2011 12:11:50 PM - Software Distribution Service 3.0
    RP91: 7/13/2011 3:00:13 AM - Software Distribution Service 3.0
    RP92: 8/12/2011 3:00:14 AM - Software Distribution Service 3.0
    RP93: 8/25/2011 3:00:13 AM - Software Distribution Service 3.0
    RP94: 8/30/2011 11:26:10 PM - Software Distribution Service 3.0
    RP95: 9/7/2011 6:47:14 AM - Software Distribution Service 3.0
    RP96: 9/16/2011 10:39:22 PM - Software Distribution Service 3.0
    RP97: 9/27/2011 11:04:15 PM - Software Distribution Service 3.0
    RP98: 10/12/2011 9:03:18 AM - Software Distribution Service 3.0
    RP99: 11/9/2011 10:03:37 PM - Software Distribution Service 3.0
    RP100: 11/11/2011 8:16:55 PM - Software Distribution Service 3.0
    RP101: 11/17/2011 9:23:14 PM - Restore Operation
    RP102: 11/17/2011 9:26:45 PM - Restore Operation
    RP103: 11/17/2011 9:34:03 PM - Restore Operation
    RP104: 11/17/2011 9:38:55 PM - Restore Operation
    RP105: 11/17/2011 9:57:22 PM - Restore Operation
    RP106: 11/19/2011 6:11:05 AM - Installed HiJackThis
    .
    ==== Installed Programs ======================
    .
    ABBYY FineReader 6.0 Sprint
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader X (10.1.0)
    att.net Internet Mail
    BioAPI Framework
    Brother MFL-Pro Suite
    Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dell V305
    Express Dictate
    Express Scribe
    Fisher-Price - Nickelodeon Knows Your Name
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB953955)
    Hotfix for Windows XP (KB954434)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB958347)
    Hotfix for Windows XP (KB959252)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB968764)
    Hotfix for Windows XP (KB969084)
    Hotfix for Windows XP (KB979306)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Network Connections 14.8.43.0
    Intel(R) Rapid Storage Technology
    Java Auto Updater
    Java(TM) 6 Update 22
    Juniper Networks Secure Application Manager
    Juniper Networks Setup Client
    Junk Mail filter update
    KEMailKb
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Excel 97
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 14
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Word 97
    Monopoly by Parker Brothers
    MSN
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser (KB973685)
    MSXML 6.0 Parser (KB927977)
    Network Printer Wizard
    OpenOffice.org 3.3
    PaperPort
    PowerDVD DX
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE 10.3
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Excel 2010 (KB2553070)
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2584066)
    Security Update for Microsoft PowerPoint 2010 (KB2519975)
    Security Update for Microsoft Publisher 2010 (KB2409055)
    Security Update for Microsoft Word 2010 (KB2345000)
    Security Update for Windows Internet Explorer 7 (KB2497640)
    Security Update for Windows Internet Explorer 7 (KB2530548)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB2559049)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360131)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2483614)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Segoe UI
    Shorthand 10.00
    ST Microelectronics TPM Driver Installer
    STAR Navigator 11
    SUPERAntiSpyware
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2413186)
    Update for Microsoft Office 2010 (KB2523113)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft OneNote 2010 (KB2493983)
    Update for Microsoft Outlook Social Connector (KB2583935)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951618-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB980182)
    UPEK TouchChip Fingerprint Reader
    WebFldrs XP
    Windows Driver Package - STMicroelectronics (stmtpm) System (05/24/2007 1.00.04.15)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Management Framework Core
    Windows Presentation Foundation
    Windows Rights Management Client Backwards Compatibility SP2
    Windows Rights Management Client with Service Pack 2
    Windows Search 4.0
    XML Paper Specification Shared Components Pack 1.0
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/19/2011 5:05:35 AM, error: Print [19] - Sharing printer failed + 1722, Printer PaperPort Color Image share name PaperPor.
    11/19/2011 12:36:17 PM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer4.
    11/18/2011 8:19:42 AM, error: Service Control Manager [7022] - The DNS Client service hung on starting.
    11/17/2011 9:26:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
    11/17/2011 9:26:42 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/17/2011 9:26:42 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    11/17/2011 9:26:39 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
    11/17/2011 10:10:16 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
    11/15/2011 7:13:12 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PBADRV
    11/15/2011 7:13:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dldtCATSCustConnectService service to connect.
    11/15/2011 7:13:08 AM, error: Service Control Manager [7000] - The dldtCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK


      [​IMG]

    • If an infected file is detected, the default action will be Cure, click on Continue.


      [​IMG]

    • If a suspicious file is detected, the default action will be Skip, click on Continue.


      [​IMG]

    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


      [​IMG]

    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Kevin
     
  10. bipslittlegirl

    bipslittlegirl Thread Starter

    Joined:
    Nov 19, 2011
    Messages:
    43
    Hi Kevin.

    I can't get this program to work. There is an icon on my desktop, but when I click on it, and click on run, nothing happens.
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    OK, leave TDSSKiller for now and do the following :-

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

    Link 1
    Link 2

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available Here if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  12. bipslittlegirl

    bipslittlegirl Thread Starter

    Joined:
    Nov 19, 2011
    Messages:
    43
    ComboFix 11-11-19.04 - Kimberly Brock 11/19/2011 20:36:29.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2012.1448 [GMT -5:00]
    Running from: c:\documents and settings\Kimberly Brock\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\SPL27.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_COMSYSAPP
    -------\Service_COMSysApp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-20 to 2011-11-20 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-19 23:30 . 2011-11-19 23:30 -------- d--h--w- c:\windows\PIF
    2011-11-19 18:20 . 2011-11-19 18:20 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
    2011-11-19 18:20 . 2011-11-19 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2011-11-19 17:34 . 2011-11-19 17:34 -------- d-----w- c:\documents and settings\Kimberly Brock\Application Data\SUPERAntiSpyware.com
    2011-11-19 17:33 . 2011-11-19 17:34 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-11-19 17:33 . 2011-11-19 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-11-19 11:11 . 2011-11-19 11:11 388096 ----a-r- c:\documents and settings\Kimberly Brock\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-11-19 11:11 . 2011-11-19 11:11 -------- d-----w- c:\program files\Trend Micro
    2011-11-18 02:58 . 2011-11-18 02:58 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-11-17 00:28 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-16 23:00 . 2011-11-16 23:00 -------- d-----w- c:\documents and settings\Kimberly Brock\Application Data\Malwarebytes
    2011-11-16 23:00 . 2011-11-16 23:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-11-16 23:00 . 2011-11-18 02:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-16 23:00 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-10 14:22 . 2008-04-25 21:27 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-03 04:31 . 2011-10-03 04:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-28 07:06 . 2008-04-25 16:16 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 15:41 . 2008-07-30 07:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 15:41 . 2008-04-25 16:16 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 15:41 . 2008-04-25 16:16 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-06 21:45 . 2010-11-10 00:32 41184 ----a-w- c:\windows\avastSS.scr
    2011-09-06 21:45 . 2010-11-10 00:32 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-09-06 21:37 . 2010-11-10 00:32 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-09-06 21:36 . 2010-11-10 00:32 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-09-06 21:36 . 2010-11-10 00:32 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-09-06 21:36 . 2010-11-10 00:32 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-09-06 21:36 . 2010-11-10 00:32 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-09-06 21:36 . 2010-11-10 00:32 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-09-06 21:33 . 2010-11-10 00:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-09-06 13:25 . 2008-04-25 16:16 1867904 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Kimberly Brock^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
    path=c:\documents and settings\Kimberly Brock\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
    2011-09-06 21:45 3722416 ----a-w- c:\program files\Alwil Software\Avast5\AvastUI.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
    2006-06-28 12:46 622592 ------w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
    2008-12-23 23:26 114688 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldtamon]
    2008-06-24 06:27 16624 ----a-w- c:\program files\Dell V305\dldtamon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldtmon.exe]
    2008-06-24 06:26 668912 ----a-w- c:\program files\Dell V305\dldtmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2009-07-28 10:18 173592 ----a-w- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
    2010-03-04 00:16 284696 ----a-w- c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2009-07-28 10:18 141336 ----a-w- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
    2005-03-17 19:45 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KEMailKb]
    2004-07-26 00:50 401667 ----a-w- c:\progra~1\KEMailKb\KEMailKb.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 17:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
    2005-03-17 19:25 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
    2009-02-05 01:26 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2009-07-28 10:18 142872 ----a-w- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
    2005-01-26 23:02 49152 ----a-w- c:\program files\Brother\Brmfl06a\BrStDvPt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2009-06-22 14:52 1044480 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    2003-10-14 15:22 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
    "c:\\Program Files\\Dell V305\\frun.exe"=
    "c:\\Program Files\\Generic\\Network Printer Wizard\\NPWService.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\WINDOWS\\system32\\dldtcoms.exe"=
    "c:\\Program Files\\Dell V305\\dldtmon.exe"=
    "c:\\WINDOWS\\system32\\dldtcfg.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtpswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldttime.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtjswx.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\WINDOWS\\system32\\WUAUCLT.EXE"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [8/5/2010 4:42 PM 24064]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/9/2010 7:32 PM 320856]
    R1 NEOFLTR_650_16789;Juniper Networks TDI Filter Driver (NEOFLTR_650_16789);c:\windows\system32\drivers\NEOFLTR_650_16789.SYS [11/9/2010 9:23 PM 85360]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/9/2010 7:32 PM 20568]
    R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [8/5/2010 1:05 PM 13336]
    R2 NPWService;NPWService;c:\program files\Generic\Network Printer Wizard\NPWService.exe [1/15/2009 4:19 PM 462848]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [8/5/2010 4:42 PM 166568]
    S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [3/27/2011 4:56 PM 99568]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 11:16 AM 14336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-02-08 c:\windows\Tasks\expressSevenDays.job
    - c:\program files\NCH Swift Sound\Express\express.exe [2011-02-08 12:20]
    .
    2011-02-08 c:\windows\Tasks\expressShakeIcon.job
    - c:\program files\NCH Swift Sound\Express\express.exe [2011-02-08 12:20]
    .
    2011-10-20 c:\windows\Tasks\pixillionShakeIcon.job
    - c:\program files\NCH Software\Pixillion\pixillion.exe [2011-10-13 17:50]
    .
    2011-02-08 c:\windows\Tasks\scribeShakeIcon.job
    - c:\program files\NCH Swift Sound\Scribe\scribe.exe [2011-02-08 12:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
    Trusted Zone: carebridge.net\sra
    TCP: DhcpNameServer = 192.168.1.254
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-19 21:08
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(748)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(2956)
    c:\windows\system32\WININET.dll
    c:\program files\Generic\Network Printer Wizard\NPWprint.dll
    c:\program files\Windows Desktop Search\deskbar.dll
    c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
    c:\program files\Windows Desktop Search\dbres.dll
    c:\program files\Windows Desktop Search\wordwheel.dll
    c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
    c:\program files\Windows Desktop Search\msnlExtRes.dll
    c:\windows\system32\IEFRAME.dll
    c:\windows\system32\mshtml.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\system32\dldtcoms.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\system32\SearchIndexer.exe
    c:\program files\Internet Explorer\IEXPLORE.EXE
    c:\program files\Windows Live\Toolbar\wltuser.exe
    .
    **************************************************************************
    .
    Completion time: 2011-11-19 21:29:59 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-20 02:29
    .
    Pre-Run: 131,234,385,920 bytes free
    Post-Run: 132,301,926,400 bytes free
    .
    - - End Of File - - 74DF4E67368A29F54F49199CC51D0BB2
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    That is log from second run of Combofix, Can I see this log please:

    C:\Qoobox\ComboFix-quarantined-files.txt

    Also whist in Qoobox also let me see this if present Combofix2.txt

    Also tell how your system is responding, any improvement...
     
  14. bipslittlegirl

    bipslittlegirl Thread Starter

    Joined:
    Nov 19, 2011
    Messages:
    43
    Correct! This is the 2nd run. The first was unsuccessful (only completed tage 25, and then got a blue screen). I was finally able to figure out how to disable Avasst (It was no longer in my system tray, so I had to look for the screen in the directions), it was successful. As for my system, I no longer hear the background ads, and can do a successful search now without being sent to any strange pages. So my original issues seem to be resolved. Just want to thank you for helping me, and going a step at a time and helping me resolve my issues. So grateful I found this site, and you! Thank you so much!!!

    The log you requested is below (C:\Qoobox\ComboFix-quarantined-files.txt):


    2011-11-20 01:57:06 . 2011-11-20 01:57:06 4,268 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_COMSysApp.reg.dat
    2011-11-20 01:57:00 . 2011-11-20 01:57:00 842 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_COMSYSAPP.reg.dat
    2011-11-20 01:55:03 . 2011-11-20 01:55:03 5,060 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
    2011-11-19 23:33:09 . 2011-11-20 01:29:59 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
    2011-01-21 13:40:06 . 2011-01-21 13:40:06 185,693 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\SPL27.tmp.vir


    And here is Combofix2.txt

    ComboFix 11-11-19.04 - Kimberly Brock 11/19/2011 20:36:29.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2012.1448 [GMT -5:00]
    Running from: c:\documents and settings\Kimberly Brock\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\SPL27.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_COMSYSAPP
    -------\Service_COMSysApp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-20 to 2011-11-20 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-19 23:30 . 2011-11-19 23:30 -------- d--h--w- c:\windows\PIF
    2011-11-19 18:20 . 2011-11-19 18:20 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
    2011-11-19 18:20 . 2011-11-19 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2011-11-19 17:34 . 2011-11-19 17:34 -------- d-----w- c:\documents and settings\Kimberly Brock\Application Data\SUPERAntiSpyware.com
    2011-11-19 17:33 . 2011-11-19 17:34 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-11-19 17:33 . 2011-11-19 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-11-19 11:11 . 2011-11-19 11:11 388096 ----a-r- c:\documents and settings\Kimberly Brock\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-11-19 11:11 . 2011-11-19 11:11 -------- d-----w- c:\program files\Trend Micro
    2011-11-18 02:58 . 2011-11-18 02:58 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-11-17 00:28 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-16 23:00 . 2011-11-16 23:00 -------- d-----w- c:\documents and settings\Kimberly Brock\Application Data\Malwarebytes
    2011-11-16 23:00 . 2011-11-16 23:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-11-16 23:00 . 2011-11-18 02:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-16 23:00 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-10 14:22 . 2008-04-25 21:27 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-03 04:31 . 2011-10-03 04:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-28 07:06 . 2008-04-25 16:16 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 15:41 . 2008-07-30 07:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 15:41 . 2008-04-25 16:16 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 15:41 . 2008-04-25 16:16 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-06 21:45 . 2010-11-10 00:32 41184 ----a-w- c:\windows\avastSS.scr
    2011-09-06 21:45 . 2010-11-10 00:32 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-09-06 21:37 . 2010-11-10 00:32 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-09-06 21:36 . 2010-11-10 00:32 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-09-06 21:36 . 2010-11-10 00:32 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-09-06 21:36 . 2010-11-10 00:32 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-09-06 21:36 . 2010-11-10 00:32 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-09-06 21:36 . 2010-11-10 00:32 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-09-06 21:33 . 2010-11-10 00:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-09-06 13:25 . 2008-04-25 16:16 1867904 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Kimberly Brock^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
    path=c:\documents and settings\Kimberly Brock\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
    2011-09-06 21:45 3722416 ----a-w- c:\program files\Alwil Software\Avast5\AvastUI.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
    2006-06-28 12:46 622592 ------w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
    2008-12-23 23:26 114688 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldtamon]
    2008-06-24 06:27 16624 ----a-w- c:\program files\Dell V305\dldtamon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldtmon.exe]
    2008-06-24 06:26 668912 ----a-w- c:\program files\Dell V305\dldtmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2009-07-28 10:18 173592 ----a-w- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
    2010-03-04 00:16 284696 ----a-w- c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2009-07-28 10:18 141336 ----a-w- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
    2005-03-17 19:45 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KEMailKb]
    2004-07-26 00:50 401667 ----a-w- c:\progra~1\KEMailKb\KEMailKb.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 17:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
    2005-03-17 19:25 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
    2009-02-05 01:26 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2009-07-28 10:18 142872 ----a-w- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
    2005-01-26 23:02 49152 ----a-w- c:\program files\Brother\Brmfl06a\BrStDvPt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2009-06-22 14:52 1044480 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    2003-10-14 15:22 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
    "c:\\Program Files\\Dell V305\\frun.exe"=
    "c:\\Program Files\\Generic\\Network Printer Wizard\\NPWService.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\WINDOWS\\system32\\dldtcoms.exe"=
    "c:\\Program Files\\Dell V305\\dldtmon.exe"=
    "c:\\WINDOWS\\system32\\dldtcfg.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtpswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldttime.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtjswx.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\WINDOWS\\system32\\WUAUCLT.EXE"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [8/5/2010 4:42 PM 24064]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/9/2010 7:32 PM 320856]
    R1 NEOFLTR_650_16789;Juniper Networks TDI Filter Driver (NEOFLTR_650_16789);c:\windows\system32\drivers\NEOFLTR_650_16789.SYS [11/9/2010 9:23 PM 85360]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/9/2010 7:32 PM 20568]
    R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [8/5/2010 1:05 PM 13336]
    R2 NPWService;NPWService;c:\program files\Generic\Network Printer Wizard\NPWService.exe [1/15/2009 4:19 PM 462848]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [8/5/2010 4:42 PM 166568]
    S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [3/27/2011 4:56 PM 99568]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 11:16 AM 14336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-02-08 c:\windows\Tasks\expressSevenDays.job
    - c:\program files\NCH Swift Sound\Express\express.exe [2011-02-08 12:20]
    .
    2011-02-08 c:\windows\Tasks\expressShakeIcon.job
    - c:\program files\NCH Swift Sound\Express\express.exe [2011-02-08 12:20]
    .
    2011-10-20 c:\windows\Tasks\pixillionShakeIcon.job
    - c:\program files\NCH Software\Pixillion\pixillion.exe [2011-10-13 17:50]
    .
    2011-02-08 c:\windows\Tasks\scribeShakeIcon.job
    - c:\program files\NCH Swift Sound\Scribe\scribe.exe [2011-02-08 12:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
    Trusted Zone: carebridge.net\sra
    TCP: DhcpNameServer = 192.168.1.254
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-19 21:08
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(748)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(2956)
    c:\windows\system32\WININET.dll
    c:\program files\Generic\Network Printer Wizard\NPWprint.dll
    c:\program files\Windows Desktop Search\deskbar.dll
    c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
    c:\program files\Windows Desktop Search\dbres.dll
    c:\program files\Windows Desktop Search\wordwheel.dll
    c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
    c:\program files\Windows Desktop Search\msnlExtRes.dll
    c:\windows\system32\IEFRAME.dll
    c:\windows\system32\mshtml.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\system32\dldtcoms.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\system32\SearchIndexer.exe
    c:\program files\Internet Explorer\IEXPLORE.EXE
    c:\program files\Windows Live\Toolbar\wltuser.exe
    .
    **************************************************************************
    .
    Completion time: 2011-11-19 21:29:59 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-20 02:29
    .
    Pre-Run: 131,234,385,920 bytes free
    Post-Run: 132,301,926,400 bytes free
    .
    - - End Of File - - 74DF4E67368A29F54F49199CC51D0BB2


    How are you now since your accident? I pray your recovering well, and have few days with pain.

    Let me know if there is anything further you think I should do. Thanks again! Kim B.
     
  15. bipslittlegirl

    bipslittlegirl Thread Starter

    Joined:
    Nov 19, 2011
    Messages:
    43
    Oh no......spoke too soon! I am hearing those pesky ads again
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1027518

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice