Help! Hearing ads with no windows open....

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

bipslittlegirl

Thread Starter
Joined
Nov 19, 2011
Messages
43
Removed temporary files, ran Avast, no viruses detected, ran Malware, nothing. Installed HijackThis. Will include both my malware log and the Hijackthis log. Hope someone can help. Thanks!

Malware Log

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8178
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
11/19/2011 5:12:39 AM
mbam-log-2011-11-19 (05-12-39).txt
Scan type: Quick scan
Objects scanned: 174917
Time elapsed: 5 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)


HiJackThis Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:11:21 AM, on 11/19/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17103)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WUAUCLT.EXE
C:\WINDOWS\system32\dldtcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Generic\Network Printer Wizard\NPWService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/sphome.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
F3 - REG:win.ini: load=C:\DOCUME~1\KIMBER~1\LOCALS~1\Temp\{46835~1.EXE
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\PROGRA~1\ALWILS~1\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\PROGRA~1\ALWILS~1\Avast5\aswWebRepIE.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\generic\network printer wizard\npwprint.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: dldtCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe
O23 - Service: dldt_device - - C:\WINDOWS\system32\dldtcoms.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NPWService - Unknown owner - C:\Program Files\Generic\Network Printer Wizard\NPWService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 7755 bytes


Please help!!!!! Can't even do searches now, it takes me to strange looking pages when I do. Can only go to sites directly. Opened a video a few day ago, and computer started going haywire!. Had to do a system restore, which took some doing, and most of my files ended up hidden as a result. Good thing is they are still there. But I have been looking and you seem to be helping people here, so hoping someone can help me too! Thanks in advance.

:confused::confused::confused::confused::confused::confused:
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,300
Restart the computer, then wait for it to completely settle down, then do the following:

Click Start - Run, then type in

%temp%

then click OK.

Click Start - Run, then type in

c:\windows\temp

then click OK.

Once those 2 temp folders appear and you can view their contents, select and delete EVERYTHING that's inside them.

If a few files resist being deleted, that's normal behavior. Leave them alone and delete EVERYTHING else.

After you're done, empty the Recycle Bin, then restart the computer again.

------------------------------------------------------
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,300
After you complete the previous instructions, go here to download and save the free version of SUPERAntiSpyware 5.0.0.1136.

Close all open windows first, then install it, then restart the computer.

Make sure to update its definition files during the install process.

--------------------------------------------------------

Start SUPERAntiSpyware.

Select the Quick Scan option, then click "Scan your Computer".

If infections or problems are found during the scan, a list will appear and the number of them will be highlighted in red.

When the scan is finished and the scan summary window appears, click "Continue".

Make sure that EVERYTHING in the list is selected, then click "Remove Threats".

Click "OK - Finish".

If you're prompted to restart to finish the removal process, do so.

Start SUPERAntiSpyware again.

Click "View Scan Logs".

Highlight the scan log entry, then click "View Selected Log".

When the scan log appears in Notepad, copy-and-paste it here.

-------------------------------------------------------
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
If you have issues with any hidden files or folders do not empty any temp folders yet. Run the following and post the two produced logs...

We need to see some additional information about what is happening in your machine.*
Please perform the following scan:
  • Download DDS by sUBs from one of the following links.* Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.* *
  • When done, DDS will open two (2) logs
    * * * * *1. DDS.txt
    * * * * *2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.

    *
  • Instead of attaching, please copy/past both logs into your next reply.
  • Close the program window, and delete the program from your desktop.
Please note:* You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.*
Information on A/V control HERE

Kevin
 

bipslittlegirl

Thread Starter
Joined
Nov 19, 2011
Messages
43
Thanks for you help! Here is the log after that Super Anti Spyware Scan:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/19/2011 at 12:42 PM
Application Version : 5.0.1136
Core Rules Database Version : 7965
Trace Rules Database Version: 5777
Scan type : Quick Scan
Total Scan Time : 00:05:24
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 460
Memory threats detected : 0
Registry items scanned : 31650
Registry threats detected : 0
File items scanned : 9424
File threats detected : 75
Adware.Tracking Cookie
C:\Documents and Settings\Kimberly Brock\Cookies\LIDSL9M5.txt [ /mediaplex.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\H5SD2D2X.txt [ /media6degrees.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\8VZO6T4E.txt [ /tribalfusion.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\B2BEYXY7.txt [ /specificclick.net ]
C:\Documents and Settings\Kimberly Brock\Cookies\O7OZFE82.txt [ /serving-sys.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\HZ3K78AN.txt [ /web-traffic-analysis.net ]
C:\Documents and Settings\Kimberly Brock\Cookies\OM3QMD4Z.txt [ /trafficmp.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\9LA2S7D9.txt [ /media.adfrontiers.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\Z2OHA988.txt [ /realmedia.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\K2K1F98I.txt [ /ru4.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\JUVO2RSM.txt [ /pointroll.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\OSHBBPSX.txt [ /amazon-adsystem.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\96QZS82G.txt [ /www.burstnet.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\RBKD5X7X.txt [ /zedo.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\BZPN91TZ.txt [ /atdmt.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\DUUHURST.txt [ /dc.tremormedia.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\TGICOOU6.txt [ /intermundomedia.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\OYOQZAKS.txt [ /statse.webtrendslive.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\HTFNMI7N.txt [ /ads.addynamix.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\5Z0IRQ5G.txt [ /akamai.interclickproxy.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\85H305MT.txt [ /adxpose.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\5TPXU5YC.txt [ /fastclick.net ]
C:\Documents and Settings\Kimberly Brock\Cookies\W7JJ54QS.txt [ /stat.onestat.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\DUC3C3F2.txt [ /collective-media.net ]
C:\Documents and Settings\Kimberly Brock\Cookies\15B60OWZ.txt [ /yieldmanager.net ]
C:\Documents and Settings\Kimberly Brock\Cookies\XMUYQ1BC.txt [ /at.atwola.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\EA50CQ50.txt [ /lucidmedia.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\U31V9JVS.txt [ /ads.bridgetrack.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\YEK812CN.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\HSDMUT9U.txt [ /ads.pointroll.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\CF0XOI0T.txt [ /artcitymedia.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\1VFXY0LX.txt [ /adserver.adtechus.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\WR1HHOVO.txt [ /invitemedia.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\KH3TRERL.txt [ /imrworldwide.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\95ALB9GJ.txt [ /liveperson.net ]
C:\Documents and Settings\Kimberly Brock\Cookies\X8B3NQDA.txt [ /revsci.net ]
C:\Documents and Settings\Kimberly Brock\Cookies\7BXOLF8Y.txt [ /gmcnglobal.112.2o7.net ]
C:\Documents and Settings\Kimberly Brock\Cookies\200CD86I.txt [ /a1.interclick.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\IFLZONL1.txt [ /r1-ads.ace.advertising.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\BS62CD4D.txt [ /legolas-media.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\HCTXLVHO.txt [ /interclick.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\FV0C2III.txt [ /mm.chitika.net ]
C:\Documents and Settings\Kimberly Brock\Cookies\937XU9TX.txt [ /ad.360yield.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\1NZ5ZVMP.txt [ /c.atdmt.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\QCM8LDXL.txt [ /adbrite.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\5G14OV9V.txt [ /linksynergy.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\LVC7S0HU.txt [ /questionmarket.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\QD77RHXG.txt [ /h.atdmt.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\9RY17ZYR.txt [ /2o7.net ]
C:\Documents and Settings\Kimberly Brock\Cookies\11NUBX20.txt [ /ads.undertone.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\HQ5UTWGP.txt [ /advertising.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\SG6FZMXK.txt [ /doubleclick.net ]
C:\Documents and Settings\Kimberly Brock\Cookies\Z5LIPLU3.txt [ /bs.serving-sys.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\1YC65JZA.txt [ /eas.apm.emediate.eu ]
C:\Documents and Settings\Kimberly Brock\Cookies\EHO3ZDIJ.txt [ /pro-market.net ]
C:\Documents and Settings\Kimberly Brock\Cookies\5KTUCO79.txt [ /adserver.zonemedia.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\EH0A0U8P.txt [ /lfstmedia.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\7EQJML7R.txt [ /ads.pubmatic.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\57ZHP5O3.txt [ /kontera.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\3QJ318LH.txt [ /ad.wsod.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\GD4N1ALY.txt [ /network.realmedia.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\JLRAO0ZK.txt [ /accounts.google.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\74HVHAVT.txt [ /insightexpressai.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\YL0JQONF.txt [ /apmebf.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\UB9423Z1.txt [ /casalemedia.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\1VH4MM9A.txt [ /ads.lycos.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\XDRLZXKM.txt [ /c1.atdmt.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\X16T64CG.txt [ /burstnet.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\ZP894V7S.txt [ /adtech.de ]
C:\Documents and Settings\Kimberly Brock\Cookies\IU7R4ZVT.txt [ /adserver.twitpic.com ]
C:\Documents and Settings\Kimberly Brock\Cookies\DT0Z31X9.txt [ /tacoda.at.atwola.com ]
C:\DOCUMENTS AND SETTINGS\KIMBERLY BROCK\Cookies\9KB9FNJI.txt [ Cookie:kimberly [email protected]/apps/foundation/components/cn_ad_init/ ]
C:\DOCUMENTS AND SETTINGS\KIMBERLY BROCK\Cookies\1Y77DDK0.txt [ Cookie:kimberly [email protected]/etc/designs/foundation/ads/ ]
C:\DOCUMENTS AND SETTINGS\KIMBERLY BROCK\Cookies\2FG9V7N3.txt [ Cookie:kimberly [email protected]/Stats/ ]
C:\DOCUMENTS AND SETTINGS\KIMBERLY BROCK\Cookies\UMX37LC6.txt [ Cookie:kimberly [email protected]/media/Pages/ ]
 

bipslittlegirl

Thread Starter
Joined
Nov 19, 2011
Messages
43
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Kimberly Brock at 12:59:12 on 2011-11-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2012.1301 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WUAUCLT.EXE
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\dldtcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Generic\Network Printer Wizard\NPWService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.bing.com
uSearch Bar = hxxp://www.bing.com/sphome.aspx
mSearchAssistant = hxxp://www.bing.com/sphome.aspx
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\progra~1\yahoo!\companion\installs\cpn0\YTNavAssist.dll
uWindows: load=c:\docume~1\kimber~1\locals~1\temp\{24916~1.EXE
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\progra~1\alwils~1\avast5\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\progra~1\alwils~1\avast5\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: carebridge.net\sra
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4A11EBB4-43E6-4B64-8890-351405C8BE40} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2010-8-5 24064]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-9 320856]
R1 NEOFLTR_650_16789;Juniper Networks TDI Filter Driver (NEOFLTR_650_16789);c:\windows\system32\drivers\NEOFLTR_650_16789.SYS [2010-11-9 85360]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-9 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-9 44768]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-8-5 13336]
R2 NPWService;NPWService;c:\program files\generic\network printer wizard\NPWService.exe [2009-1-15 462848]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-8-5 166568]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [2011-3-27 99568]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-9 44768]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-9 44768]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]
.
=============== Created Last 30 ================
.
2011-11-19 17:34:27 -------- d-----w- c:\documents and settings\kimberly brock\application data\SUPERAntiSpyware.com
2011-11-19 17:33:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-19 17:33:46 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-11-19 11:11:06 388096 ----a-r- c:\documents and settings\kimberly brock\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-11-19 11:11:05 -------- d-----w- c:\program files\Trend Micro
2011-11-18 02:58:36 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-11-18 02:58:36 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-18 02:18:58 -------- d-----w- c:\windows\pss
2011-11-17 00:28:49 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-16 23:00:24 -------- d-----w- c:\documents and settings\kimberly brock\application data\Malwarebytes
2011-11-16 23:00:15 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-11-16 23:00:10 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-16 23:00:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 04:31:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 21:45:29 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 13:25:11 1867904 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 13:08:02.00 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/31/2010 12:43:04 PM
System Uptime: 11/19/2011 12:44:56 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0200DY
Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | CPU | 2925/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 117.14 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP75: 5/28/2011 5:54:40 AM - System Checkpoint
RP76: 5/29/2011 9:17:18 PM - System Checkpoint
RP77: 5/29/2011 11:26:30 PM - Installed Microsoft Office Professional 2010
RP78: 5/29/2011 11:30:31 PM - Printer Driver Send To Microsoft OneNote 2010 Driver Installed
RP79: 5/29/2011 11:33:01 PM - Configured Microsoft Office Professional 2010
RP80: 5/30/2011 3:00:15 AM - Software Distribution Service 3.0
RP81: 5/31/2011 3:25:28 AM - System Checkpoint
RP82: 6/1/2011 4:30:34 PM - Configured Microsoft Office Professional 2010
RP83: 6/2/2011 11:39:31 PM - System Checkpoint
RP84: 6/5/2011 9:23:23 PM - Configured Microsoft Office Professional 2010
RP85: 6/15/2011 12:50:18 AM - System Checkpoint
RP86: 6/16/2011 3:24:27 PM - System Checkpoint
RP87: 6/16/2011 4:45:34 PM - Software Distribution Service 3.0
RP88: 6/29/2011 12:41:40 AM - Software Distribution Service 3.0
RP89: 6/29/2011 3:29:27 PM - Software Distribution Service 3.0
RP90: 6/30/2011 12:11:50 PM - Software Distribution Service 3.0
RP91: 7/13/2011 3:00:13 AM - Software Distribution Service 3.0
RP92: 8/12/2011 3:00:14 AM - Software Distribution Service 3.0
RP93: 8/25/2011 3:00:13 AM - Software Distribution Service 3.0
RP94: 8/30/2011 11:26:10 PM - Software Distribution Service 3.0
RP95: 9/7/2011 6:47:14 AM - Software Distribution Service 3.0
RP96: 9/16/2011 10:39:22 PM - Software Distribution Service 3.0
RP97: 9/27/2011 11:04:15 PM - Software Distribution Service 3.0
RP98: 10/12/2011 9:03:18 AM - Software Distribution Service 3.0
RP99: 11/9/2011 10:03:37 PM - Software Distribution Service 3.0
RP100: 11/11/2011 8:16:55 PM - Software Distribution Service 3.0
RP101: 11/17/2011 9:23:14 PM - Restore Operation
RP102: 11/17/2011 9:26:45 PM - Restore Operation
RP103: 11/17/2011 9:34:03 PM - Restore Operation
RP104: 11/17/2011 9:38:55 PM - Restore Operation
RP105: 11/17/2011 9:57:22 PM - Restore Operation
RP106: 11/19/2011 6:11:05 AM - Installed HiJackThis
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.0)
att.net Internet Mail
BioAPI Framework
Brother MFL-Pro Suite
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell V305
Express Dictate
Express Scribe
Fisher-Price - Nickelodeon Knows Your Name
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB968764)
Hotfix for Windows XP (KB969084)
Hotfix for Windows XP (KB979306)
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections 14.8.43.0
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 22
Juniper Networks Secure Application Manager
Juniper Networks Setup Client
Junk Mail filter update
KEMailKb
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Excel 97
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Word 97
Monopoly by Parker Brothers
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB973685)
MSXML 6.0 Parser (KB927977)
Network Printer Wizard
OpenOffice.org 3.3
PaperPort
PowerDVD DX
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Excel 2010 (KB2553070)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2584066)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2483614)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Shorthand 10.00
ST Microelectronics TPM Driver Installer
STAR Navigator 11
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2583935)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB898461)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
UPEK TouchChip Fingerprint Reader
WebFldrs XP
Windows Driver Package - STMicroelectronics (stmtpm) System (05/24/2007 1.00.04.15)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Search 4.0
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/19/2011 5:05:35 AM, error: Print [19] - Sharing printer failed + 1722, Printer PaperPort Color Image share name PaperPor.
11/19/2011 12:36:17 PM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer4.
11/18/2011 8:19:42 AM, error: Service Control Manager [7022] - The DNS Client service hung on starting.
11/17/2011 9:26:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
11/17/2011 9:26:42 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/17/2011 9:26:42 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/17/2011 9:26:39 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
11/17/2011 10:10:16 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
11/15/2011 7:13:12 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PBADRV
11/15/2011 7:13:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dldtCATSCustConnectService service to connect.
11/15/2011 7:13:08 AM, error: Service Control Manager [7000] - The dldtCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK




  • If an infected file is detected, the default action will be Cure, click on Continue.




  • If a suspicious file is detected, the default action will be Skip, click on Continue.




  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Kevin
 

bipslittlegirl

Thread Starter
Joined
Nov 19, 2011
Messages
43
Hi Kevin.

I can't get this program to work. There is an icon on my desktop, but when I click on it, and click on run, nothing happens.
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
OK, leave TDSSKiller for now and do the following :-

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the
    icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available Here if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin
 

bipslittlegirl

Thread Starter
Joined
Nov 19, 2011
Messages
43
ComboFix 11-11-19.04 - Kimberly Brock 11/19/2011 20:36:29.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2012.1448 [GMT -5:00]
Running from: c:\documents and settings\Kimberly Brock\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\SPL27.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_COMSYSAPP
-------\Service_COMSysApp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-20 to 2011-11-20 )))))))))))))))))))))))))))))))
.
.
2011-11-19 23:30 . 2011-11-19 23:30 -------- d--h--w- c:\windows\PIF
2011-11-19 18:20 . 2011-11-19 18:20 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-11-19 18:20 . 2011-11-19 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-11-19 17:34 . 2011-11-19 17:34 -------- d-----w- c:\documents and settings\Kimberly Brock\Application Data\SUPERAntiSpyware.com
2011-11-19 17:33 . 2011-11-19 17:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-19 17:33 . 2011-11-19 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-11-19 11:11 . 2011-11-19 11:11 388096 ----a-r- c:\documents and settings\Kimberly Brock\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-19 11:11 . 2011-11-19 11:11 -------- d-----w- c:\program files\Trend Micro
2011-11-18 02:58 . 2011-11-18 02:58 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-17 00:28 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-16 23:00 . 2011-11-16 23:00 -------- d-----w- c:\documents and settings\Kimberly Brock\Application Data\Malwarebytes
2011-11-16 23:00 . 2011-11-16 23:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-16 23:00 . 2011-11-18 02:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-16 23:00 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2008-04-25 21:27 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 04:31 . 2011-10-03 04:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-28 07:06 . 2008-04-25 16:16 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-30 07:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2008-04-25 16:16 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2008-04-25 16:16 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 21:45 . 2010-11-10 00:32 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 21:45 . 2010-11-10 00:32 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 21:37 . 2010-11-10 00:32 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 21:36 . 2010-11-10 00:32 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 21:36 . 2010-11-10 00:32 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 21:36 . 2010-11-10 00:32 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 21:36 . 2010-11-10 00:32 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 21:36 . 2010-11-10 00:32 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 21:33 . 2010-11-10 00:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 13:25 . 2008-04-25 16:16 1867904 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Kimberly Brock^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Kimberly Brock\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2011-09-06 21:45 3722416 ----a-w- c:\program files\Alwil Software\Avast5\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2006-06-28 12:46 622592 ------w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-23 23:26 114688 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldtamon]
2008-06-24 06:27 16624 ----a-w- c:\program files\Dell V305\dldtamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldtmon.exe]
2008-06-24 06:26 668912 ----a-w- c:\program files\Dell V305\dldtmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-07-28 10:18 173592 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
2010-03-04 00:16 284696 ----a-w- c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-07-28 10:18 141336 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2005-03-17 19:45 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KEMailKb]
2004-07-26 00:50 401667 ----a-w- c:\progra~1\KEMailKb\KEMailKb.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2005-03-17 19:25 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 01:26 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-07-28 10:18 142872 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2005-01-26 23:02 49152 ----a-w- c:\program files\Brother\Brmfl06a\BrStDvPt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2009-06-22 14:52 1044480 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-10-14 15:22 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\Dell V305\\frun.exe"=
"c:\\Program Files\\Generic\\Network Printer Wizard\\NPWService.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dldtcoms.exe"=
"c:\\Program Files\\Dell V305\\dldtmon.exe"=
"c:\\WINDOWS\\system32\\dldtcfg.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldttime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtjswx.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\WUAUCLT.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [8/5/2010 4:42 PM 24064]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/9/2010 7:32 PM 320856]
R1 NEOFLTR_650_16789;Juniper Networks TDI Filter Driver (NEOFLTR_650_16789);c:\windows\system32\drivers\NEOFLTR_650_16789.SYS [11/9/2010 9:23 PM 85360]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/9/2010 7:32 PM 20568]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [8/5/2010 1:05 PM 13336]
R2 NPWService;NPWService;c:\program files\Generic\Network Printer Wizard\NPWService.exe [1/15/2009 4:19 PM 462848]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [8/5/2010 4:42 PM 166568]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [3/27/2011 4:56 PM 99568]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 11:16 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-08 c:\windows\Tasks\expressSevenDays.job
- c:\program files\NCH Swift Sound\Express\express.exe [2011-02-08 12:20]
.
2011-02-08 c:\windows\Tasks\expressShakeIcon.job
- c:\program files\NCH Swift Sound\Express\express.exe [2011-02-08 12:20]
.
2011-10-20 c:\windows\Tasks\pixillionShakeIcon.job
- c:\program files\NCH Software\Pixillion\pixillion.exe [2011-10-13 17:50]
.
2011-02-08 c:\windows\Tasks\scribeShakeIcon.job
- c:\program files\NCH Swift Sound\Scribe\scribe.exe [2011-02-08 12:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
Trusted Zone: carebridge.net\sra
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-19 21:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2956)
c:\windows\system32\WININET.dll
c:\program files\Generic\Network Printer Wizard\NPWprint.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\dldtcoms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Windows Live\Toolbar\wltuser.exe
.
**************************************************************************
.
Completion time: 2011-11-19 21:29:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-20 02:29
.
Pre-Run: 131,234,385,920 bytes free
Post-Run: 132,301,926,400 bytes free
.
- - End Of File - - 74DF4E67368A29F54F49199CC51D0BB2
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
That is log from second run of Combofix, Can I see this log please:

C:\Qoobox\ComboFix-quarantined-files.txt

Also whist in Qoobox also let me see this if present Combofix2.txt

Also tell how your system is responding, any improvement...
 

bipslittlegirl

Thread Starter
Joined
Nov 19, 2011
Messages
43
Correct! This is the 2nd run. The first was unsuccessful (only completed tage 25, and then got a blue screen). I was finally able to figure out how to disable Avasst (It was no longer in my system tray, so I had to look for the screen in the directions), it was successful. As for my system, I no longer hear the background ads, and can do a successful search now without being sent to any strange pages. So my original issues seem to be resolved. Just want to thank you for helping me, and going a step at a time and helping me resolve my issues. So grateful I found this site, and you! Thank you so much!!!

The log you requested is below (C:\Qoobox\ComboFix-quarantined-files.txt):


2011-11-20 01:57:06 . 2011-11-20 01:57:06 4,268 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_COMSysApp.reg.dat
2011-11-20 01:57:00 . 2011-11-20 01:57:00 842 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_COMSYSAPP.reg.dat
2011-11-20 01:55:03 . 2011-11-20 01:55:03 5,060 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-11-19 23:33:09 . 2011-11-20 01:29:59 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-01-21 13:40:06 . 2011-01-21 13:40:06 185,693 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\SPL27.tmp.vir


And here is Combofix2.txt

ComboFix 11-11-19.04 - Kimberly Brock 11/19/2011 20:36:29.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2012.1448 [GMT -5:00]
Running from: c:\documents and settings\Kimberly Brock\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\SPL27.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_COMSYSAPP
-------\Service_COMSysApp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-20 to 2011-11-20 )))))))))))))))))))))))))))))))
.
.
2011-11-19 23:30 . 2011-11-19 23:30 -------- d--h--w- c:\windows\PIF
2011-11-19 18:20 . 2011-11-19 18:20 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-11-19 18:20 . 2011-11-19 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-11-19 17:34 . 2011-11-19 17:34 -------- d-----w- c:\documents and settings\Kimberly Brock\Application Data\SUPERAntiSpyware.com
2011-11-19 17:33 . 2011-11-19 17:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-19 17:33 . 2011-11-19 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-11-19 11:11 . 2011-11-19 11:11 388096 ----a-r- c:\documents and settings\Kimberly Brock\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-19 11:11 . 2011-11-19 11:11 -------- d-----w- c:\program files\Trend Micro
2011-11-18 02:58 . 2011-11-18 02:58 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-17 00:28 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-16 23:00 . 2011-11-16 23:00 -------- d-----w- c:\documents and settings\Kimberly Brock\Application Data\Malwarebytes
2011-11-16 23:00 . 2011-11-16 23:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-16 23:00 . 2011-11-18 02:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-16 23:00 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2008-04-25 21:27 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 04:31 . 2011-10-03 04:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-28 07:06 . 2008-04-25 16:16 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-30 07:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2008-04-25 16:16 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2008-04-25 16:16 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 21:45 . 2010-11-10 00:32 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 21:45 . 2010-11-10 00:32 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 21:37 . 2010-11-10 00:32 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 21:36 . 2010-11-10 00:32 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 21:36 . 2010-11-10 00:32 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 21:36 . 2010-11-10 00:32 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 21:36 . 2010-11-10 00:32 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 21:36 . 2010-11-10 00:32 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 21:33 . 2010-11-10 00:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 13:25 . 2008-04-25 16:16 1867904 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Kimberly Brock^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Kimberly Brock\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2011-09-06 21:45 3722416 ----a-w- c:\program files\Alwil Software\Avast5\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2006-06-28 12:46 622592 ------w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-23 23:26 114688 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldtamon]
2008-06-24 06:27 16624 ----a-w- c:\program files\Dell V305\dldtamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldtmon.exe]
2008-06-24 06:26 668912 ----a-w- c:\program files\Dell V305\dldtmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-07-28 10:18 173592 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
2010-03-04 00:16 284696 ----a-w- c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-07-28 10:18 141336 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2005-03-17 19:45 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KEMailKb]
2004-07-26 00:50 401667 ----a-w- c:\progra~1\KEMailKb\KEMailKb.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2005-03-17 19:25 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 01:26 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-07-28 10:18 142872 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2005-01-26 23:02 49152 ----a-w- c:\program files\Brother\Brmfl06a\BrStDvPt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2009-06-22 14:52 1044480 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-10-14 15:22 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\Dell V305\\frun.exe"=
"c:\\Program Files\\Generic\\Network Printer Wizard\\NPWService.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dldtcoms.exe"=
"c:\\Program Files\\Dell V305\\dldtmon.exe"=
"c:\\WINDOWS\\system32\\dldtcfg.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldttime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtjswx.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\WUAUCLT.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [8/5/2010 4:42 PM 24064]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/9/2010 7:32 PM 320856]
R1 NEOFLTR_650_16789;Juniper Networks TDI Filter Driver (NEOFLTR_650_16789);c:\windows\system32\drivers\NEOFLTR_650_16789.SYS [11/9/2010 9:23 PM 85360]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/9/2010 7:32 PM 20568]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [8/5/2010 1:05 PM 13336]
R2 NPWService;NPWService;c:\program files\Generic\Network Printer Wizard\NPWService.exe [1/15/2009 4:19 PM 462848]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [8/5/2010 4:42 PM 166568]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [3/27/2011 4:56 PM 99568]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 11:16 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-08 c:\windows\Tasks\expressSevenDays.job
- c:\program files\NCH Swift Sound\Express\express.exe [2011-02-08 12:20]
.
2011-02-08 c:\windows\Tasks\expressShakeIcon.job
- c:\program files\NCH Swift Sound\Express\express.exe [2011-02-08 12:20]
.
2011-10-20 c:\windows\Tasks\pixillionShakeIcon.job
- c:\program files\NCH Software\Pixillion\pixillion.exe [2011-10-13 17:50]
.
2011-02-08 c:\windows\Tasks\scribeShakeIcon.job
- c:\program files\NCH Swift Sound\Scribe\scribe.exe [2011-02-08 12:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
Trusted Zone: carebridge.net\sra
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-19 21:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2956)
c:\windows\system32\WININET.dll
c:\program files\Generic\Network Printer Wizard\NPWprint.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\dldtcoms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Windows Live\Toolbar\wltuser.exe
.
**************************************************************************
.
Completion time: 2011-11-19 21:29:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-20 02:29
.
Pre-Run: 131,234,385,920 bytes free
Post-Run: 132,301,926,400 bytes free
.
- - End Of File - - 74DF4E67368A29F54F49199CC51D0BB2


How are you now since your accident? I pray your recovering well, and have few days with pain.

Let me know if there is anything further you think I should do. Thanks again! Kim B.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top