1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I'm pretty sure my browser has been hijacked. I REALLY need some help with this.

Discussion in 'Virus & Other Malware Removal' started by Silent_Devotion, Nov 13, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. Silent_Devotion

    Silent_Devotion Thread Starter

    Joined:
    Sep 15, 2009
    Messages:
    19
    Every time I click on any link at all I'm redirected.

    I have ran several scans, and cleared the infections that they found, but as soon as I restart my computer, and click on a link, it does the same thing. I have also cleared cookies & temp files, and tried other browsers, but nothing...

    I have run the following scans...

    AVG
    Spybot
    Ad-Aware
    Super Anti-spyware
    Malwarebytes
    Avira
    Smitfraudfix


    yet the problem is still here, and I don't know what to do.

    Here is a copy of the log file from Hijackthis...


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 23:30:35, on 11/12/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\LSI SoftModem\agrsmsvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\AVG\AVG2012\avgfws.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Ask.com\Updater\Updater.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Mozilla Firefox 3.6 Beta 4\firefox.exe
    C:\Program Files\AVG\AVG2012\avgui.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\AVG\AVG2012\avgscanx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    O1 - Hosts: 94.63.240.149 www.google.com
    O1 - Hosts: 94.63.240.150 www.bing.com
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - (no file)
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADkANwA"&"inst=NwA3AC0ANAAxADQANwAxADAAMAA5ADIALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAyAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEALQBEAEQAVAArADAA"&"prod=90"&"ver=9.0.894
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252979571937
    O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} (PCMaticVer Class) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://games.bigfishgames.com/en_burger-shop/online/GoBitGamesPlayer_v4.cab
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} (Java Plug-in 1.6.0_17) -
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{197104F7-41FA-4D93-932D-46F5919591B1}: NameServer = 205.171.3.65,205.171.2.65
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
    O19 - User stylesheet: (file missing)
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe

    --
    End of file - 8639 bytes


    Please help me. I can't afford to take it in for repairs or to buy a new one. I'm already trying to figure out how I'm supposed to afford to get a new CD Drive.
     
  2. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hi and welcome to TSG.

    I am reviewing your logs and will respond with a reply as soon as I can.

    Please note that all my replies are reviewed by a qualified Analyst before I post. This ensures that you will continue to receive quality expert assistance.

    Thank you for your patience.
     
  3. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hy
    my name is Daniel and I will be assisting you with your Malware related problems.

    Before we move on, please read the following points carefully.
    • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
    • Perform everything in the correct order. Sometimes one step requires the previous one.
    • If you have any problems while you are following my instructions, Stop there and tell me the exact nature of your problem.
    • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
    • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
    • If I don't hear from you within 3 days from this initial or any subsequent post, I will have to unsubscribe from this thread and move on to assist someone else.
    • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
    • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.



    While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes interfere our fixes
    Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
    • Open Spybot Search & Destroy.
    • In the Mode menu click "Advanced mode" if not already selected.
    • Choose "Yes" at the Warning prompt.
    • Expand the "Tools" menu.
    • Click "Resident".
    • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
    • In the File menu click "Exit" to exit Spybot Search & Destroy.



    [​IMG]
    Download DDS and save it to your desktop from here or here or here.
    Disable any script blocker, and then double click dds to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop.
    Please post both in your next reply



    Please download Gmer from here and save it to your Desktop.
    • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


      [​IMG]
      Click the image to enlarge it


    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
      • Sections
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
    • Save it where you can easily find it, such as your desktop

    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries



    Please post in your next reply
    dds.txt
    attach.txt
    ark.txt
     
  4. Silent_Devotion

    Silent_Devotion Thread Starter

    Joined:
    Sep 15, 2009
    Messages:
    19
    I don't think my computer is infected with that virus anymore because I haven't been redirected since I posted this. My problem now is that anything with flash loads painfully slowly, and that's really annoying. Thanks for your help. I appreciate it. :)
     
  5. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hy,

    absence of the symptomes does not mean your system is clean. Please follow my instructions above and post the logs I need, otherwise I can not help you. :)
     
  6. Silent_Devotion

    Silent_Devotion Thread Starter

    Joined:
    Sep 15, 2009
    Messages:
    19
    I'm sorry that it has taken me so long to reply. This is my busiest month, and my computer isn't acting right. Here are the logs you requested. I hope they're what you wanted. I'm not very smart when it comes to computers...

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
    Run by Compaq_Owner at 23:18:39 on 2011-11-16
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.48 [GMT -7:00]
    .
    AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: ZoneAlarm Firewall *Disabled*
    FW: AVG Firewall *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Ask.com\Updater\Updater.exe
    C:\Program Files\LSI SoftModem\agrsmsvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Mozilla Firefox 3.6 Beta 4\firefox.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://facebook.com/
    mURLSearchHooks: H - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SimpleAdblock Class: {ffcb3198-32f3-4e8b-9539-4324694ed664} - c:\program files\common files\simple adblock\SimpleAdblock.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Neopets: {cd292324-974f-4224-d074-caca427aa030} -
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    mRun: [VTTimer] VTTimer.exe
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
    IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
    IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252979571937
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://games.bigfishgames.com/en_burger-shop/online/GoBitGamesPlayer_v4.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: Interfaces\{197104F7-41FA-4D93-932D-46F5919591B1} : NameServer = 205.171.3.65,205.171.2.65
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\vjtk55n2.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
    FF - prefs.js: browser.startup.homepage - facebook.com
    FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
    FF - plugin: c:\documents and settings\compaq_owner\application data\move networks\plugins\npqmp071505000010.dll
    FF - plugin: c:\documents and settings\compaq_owner\application data\move networks\plugins\npqmp071505000011.dll
    FF - plugin: c:\documents and settings\compaq_owner\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\gobit games\browserplugin\npgobitgamesplugin.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox 3.6 beta 4\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox 3.6 beta 4\plugins\npgobitgamesplugin.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-6-25 11608]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-6-25 66616]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-6 22216]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]
    .
    =============== Created Last 30 ================
    .
    2011-11-13 13:11:54 208896 ----a-w- c:\windows\MBR.exe
    2011-11-13 13:11:53 98816 ----a-w- c:\windows\sed.exe
    2011-11-13 13:11:53 518144 ----a-w- c:\windows\SWREG.exe
    2011-11-13 13:11:53 256000 ----a-w- c:\windows\PEV.exe
    2011-11-13 10:56:00 -------- d-----w- c:\documents and settings\compaq_owner\application data\AVG
    2011-11-13 03:36:13 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
    2011-11-13 03:29:31 -------- d-----w- c:\documents and settings\all users\application data\MFAData
    2011-11-13 03:18:52 -------- d-----w- c:\program files\common files\PC Tools
    2011-11-13 03:18:51 -------- d-----w- c:\program files\PC Tools Security
    2011-11-13 03:16:34 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
    2011-11-13 03:10:34 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-11-09 03:17:56 -------- d-----w- c:\documents and settings\compaq_owner\application data\Sixyub
    2011-11-09 03:17:56 -------- d-----w- c:\documents and settings\compaq_owner\application data\Axix
    2011-11-07 03:01:40 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-06 08:40:17 -------- d-----w- c:\program files\common files\Simple Adblock
    2011-11-04 23:35:41 -------- d--h--w- c:\windows\PIF
    2011-11-04 23:16:43 -------- d-----w- c:\documents and settings\compaq_owner\local settings\application data\MPlayer
    2011-11-04 23:09:17 -------- d-----w- c:\program files\SnowFox Software
    .
    ==================== Find3M ====================
    .
    2011-10-26 02:23:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 17:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 17:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 17:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
    .
    ============= FINISH: 23:23:10.28 ===============



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 9/14/2009 5:42:08 AM
    System Uptime: 11/16/2011 4:40:55 PM (7 hours ago)
    .
    Motherboard: ASUSTek Computer INC. | | Kelut
    Processor: AMD Sempron(tm) 3000+ | Socket A | 1999/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 32 GiB total, 17.03 GiB free.
    D: is FIXED (FAT32) - 5 GiB total, 0.893 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP492: 9/23/2011 9:27:29 PM - Installed YoutubeMovieMaker.
    RP493: 9/23/2011 9:41:09 PM - Removed YoutubeMovieMaker.
    RP494: 9/25/2011 10:42:48 PM - System Checkpoint
    RP495: 9/27/2011 12:17:49 AM - System Checkpoint
    RP496: 9/28/2011 5:49:43 AM - Software Distribution Service 3.0
    RP497: 9/30/2011 2:35:54 AM - System Checkpoint
    RP498: 10/1/2011 10:02:28 PM - System Checkpoint
    RP499: 10/3/2011 9:15:13 PM - System Checkpoint
    RP500: 10/5/2011 3:48:37 PM - System Checkpoint
    RP501: 10/7/2011 6:49:47 PM - System Checkpoint
    RP502: 10/9/2011 7:07:35 PM - System Checkpoint
    RP503: 10/10/2011 2:31:37 PM - Installed QuickTime
    RP504: 10/12/2011 11:49:22 PM - System Checkpoint
    RP505: 10/14/2011 4:33:02 AM - Software Distribution Service 3.0
    RP506: 10/15/2011 10:00:12 PM - System Checkpoint
    RP507: 10/18/2011 12:21:18 AM - System Checkpoint
    RP508: 10/19/2011 9:39:56 PM - System Checkpoint
    RP509: 10/19/2011 10:11:20 PM - Removed Apple Software Update
    RP510: 10/19/2011 10:12:37 PM - Removed Apple Application Support
    RP511: 10/19/2011 10:14:32 PM - Removed Avira SearchFree Toolbar.
    RP512: 10/19/2011 10:16:29 PM - Removed QuickTime
    RP513: 10/19/2011 10:17:45 PM - Removed Qwest QuickAssist Desktop Tools
    RP514: 10/21/2011 12:16:38 AM - System Checkpoint
    RP515: 10/23/2011 2:52:13 AM - System Checkpoint
    RP516: 10/24/2011 9:50:45 PM - System Checkpoint
    RP517: 10/27/2011 2:05:05 AM - System Checkpoint
    RP518: 10/28/2011 3:01:53 AM - System Checkpoint
    RP519: 10/29/2011 11:57:48 PM - System Checkpoint
    RP520: 11/2/2011 11:52:41 PM - System Checkpoint
    RP521: 11/5/2011 3:47:50 PM - System Checkpoint
    RP522: 11/6/2011 1:39:41 AM - Removed Simple Adblock
    RP523: 11/6/2011 1:40:14 AM - Installed Simple Adblock
    RP524: 11/7/2011 7:47:00 PM - System Checkpoint
    RP525: 11/8/2011 10:59:51 PM - System Checkpoint
    RP526: 11/9/2011 2:44:33 AM - Software Distribution Service 3.0
    RP527: 11/10/2011 3:45:06 PM - System Checkpoint
    RP528: 11/10/2011 5:00:48 PM - Software Distribution Service 3.0
    RP529: 11/11/2011 11:49:46 PM - System Checkpoint
    RP530: 11/12/2011 8:04:23 PM - Installed Ad-Aware
    RP531: 11/12/2011 8:05:01 PM - Installed Ad-Aware
    RP532: 11/12/2011 8:14:31 PM - Installed HiJackThis
    RP533: 11/12/2011 8:34:13 PM - Installed AVG 2012
    RP534: 11/12/2011 8:35:35 PM - Installed AVG 2012
    RP535: 11/13/2011 5:59:40 PM - Removed HiJackThis
    RP536: 11/13/2011 6:00:52 PM - Removed Ad-Aware
    RP537: 11/13/2011 6:26:10 PM - Removed AVG 2012
    RP538: 11/13/2011 6:29:12 PM - Removed AVG 2012
    RP539: 11/15/2011 12:34:42 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Sansa Media Converter
    32 Bit HP CIO Components Installer
    Actiontec Gateway
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.4.6
    Adobe Shockwave Player 11.5
    Agere Systems PCI Soft Modem
    Any DVD Converter Professional 4.2.7
    Avira AntiVir Personal - Free Antivirus
    Big Fish Games: Game Manager
    BufferChm
    Burger Shop 2
    CCleaner
    Copy
    Destinations
    DeviceDiscovery
    DJ_AIO_05_F4400_Software_Min
    Eusing Free Registry Cleaner
    F4400
    FastStone Photo Resizer 3.1
    GIMP 2.6.11
    GoBit Games Plugin v1.5
    GPBaseService2
    GSplit 3
    Help and Support Additions
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Customer Participation Program 13.0
    HP Deskjet F4400 Printer Driver Software 13.0 Rel .5
    HP Imaging Device Functions 13.0
    HP Print Projects 1.0
    HP Smart Web Printing 4.5
    HP Solution Center 13.0
    HP Update
    hpPrintProjects
    HPProductAssistant
    HpSdpAppCoreApp
    hpWLPGInstaller
    ieSpell
    InterVideo WinDVD Player
    Java 2 Runtime Environment, SE v1.4.2_03
    Java Auto Updater
    Java(TM) 6 Update 26
    KBD
    Malwarebytes' Anti-Malware version 1.51.2.1300
    MarketResearch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Move Media Player
    Mozilla Firefox 8.0 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    PC-Doctor for Windows
    PS2
    Python 2.2 combined Win32 extensions
    Python 2.2.1
    QuickConnect
    S3 S3Display
    S3 S3Gamma2
    S3 S3Info2
    S3 S3Overlay
    S3GSetup
    Sansa Updater
    Scan
    Security Task Manager 1.7h
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Simple Adblock
    SmartWebPrinting
    SolutionCenter
    Status
    SUPERAntiSpyware
    Toolbox
    TrayApp
    TuxGuitar
    Unity Web Player
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    VC 9.0 Runtime
    Veoh Web Player
    VIA Rhine-Family Fast-Ethernet Adapter
    VIA/S3G Display Driver
    VistaMizer 3.3.0.0
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 1.1.11
    WebFldrs XP
    WebReg
    Windows Media Format 11 runtime
    Windows Media Player 11
    WinRAR 4.01 (32-bit)
    WinX Free DVD Ripper 4.5.14
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/9/2011 2:56:15 AM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
    11/9/2011 2:55:29 AM, error: Service Control Manager [7023] - The Uninterruptible Power Supply service terminated with the following error: %%2481
    11/9/2011 2:54:05 AM, error: UPS [2481] - The UPS service is not configured correctly.
    11/13/2011 5:59:48 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    11/12/2011 9:19:15 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
    11/12/2011 8:49:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK7 avgio Avgldx86 Avgmfx86 avipbb Fips SASDIFSV SASKUTIL ssmdrv
    11/12/2011 8:39:49 PM, error: Service Control Manager [7000] - The AVG TDI Driver service failed to start due to the following error: The parameter is incorrect.
    11/12/2011 5:46:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    11/12/2011 5:26:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
    11/12/2011 5:18:24 PM, error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    11/12/2011 11:10:28 PM, error: Service Control Manager [7034] - The vToolbarUpdater service terminated unexpectedly. It has done this 1 time(s).
    11/12/2011 11:09:45 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
    11/11/2011 2:05:00 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: fasttx2k SISAGP
    11/11/2011 2:03:28 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    11/11/2011 10:40:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    11/10/2011 9:46:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK7 avgio avipbb Fips SASDIFSV SASKUTIL ssmdrv
    11/10/2011 9:45:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/10/2011 5:11:37 AM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 2 time(s).
    .
    ==== End Of File ===========================


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-18 22:00:32
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12 ST340015A rev.3.15
    Running: xnyzj4if.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\fgldipob.sys


    ---- System - GMER 1.0.15 ----

    SSDT F7C67FDC ZwClose
    SSDT F7C67F96 ZwCreateKey
    SSDT F7C67FE6 ZwCreateSection
    SSDT F7C67F8C ZwCreateThread
    SSDT F7C67F9B ZwDeleteKey
    SSDT F7C67FA5 ZwDeleteValueKey
    SSDT F7C67FD7 ZwDuplicateObject
    SSDT F7C67FAA ZwLoadKey
    SSDT F7C67F78 ZwOpenProcess
    SSDT F7C67F7D ZwOpenThread
    SSDT F7C67FB4 ZwReplaceKey
    SSDT F7C67FAF ZwRestoreKey
    SSDT F7C67FEB ZwSetContextThread
    SSDT F7C67FA0 ZwSetValueKey
    SSDT F7C67F87 ZwTerminateProcess

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  7. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    No worries. It is always good to know if somebody is busy so I will keep the topic subscribed. :)


    I see you ran ComboFix without being instructed to. I would like to quote a section of the ComboFix tutorial located here: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please look for a C:\Combofix.txt and post this in your next reply.



    Please press the [​IMG] + R Key and type notepad into the Run box.
    Copy/paste the entire contents of the codebox below, into notepad:

    Code:
    @echo off
    >look.txt (
    dir /s /a /b "c:\documents and settings\compaq_owner\application data\Sixyub"
    dir /s /a /b "c:\documents and settings\compaq_owner\application data\Axix"
    )
    notepad look.txt
    del %0
    
    • Now on the top of the window choose File --> Save as
    • Into the Save as line type in look.bat
    • Change the Save as type to All Files (*.*)
    • Save it on your Desktop.

      It should look like this [​IMG]
    • Run the look.bat

    A notepad window will appear, please post the content of look.txt in your next reply.



    Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

    Download TDSSKiller.exe and save it to your desktop
    • Execute TDSSKiller.exe by doubleclicking on it.
    • Press Start Scan
    • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
    • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

    Please post the contents of that log in your next reply.



    Please post in your next reply
    Combofix.txt
    look.txt
    TDSSKiller Log
     
  8. Silent_Devotion

    Silent_Devotion Thread Starter

    Joined:
    Sep 15, 2009
    Messages:
    19
    Again, I apologize for the late reply. Here are the logs that you requested.

    ComboFix 11-11-13.01 - Compaq_Owner 11/21/2011 16:19:22.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.737 [GMT -7:00]
    Running from: c:\documents and settings\Compaq_Owner\My Documents\Downloads\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
    FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .
    - REDUCED FUNCTIONALITY MODE -
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-13 10:56 . 2011-11-13 10:57 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\AVG
    2011-11-13 03:36 . 2011-11-14 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
    2011-11-13 03:29 . 2011-11-14 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2011-11-13 03:18 . 2011-11-13 04:20 -------- d-----w- c:\program files\Common Files\PC Tools
    2011-11-13 03:18 . 2011-11-13 04:20 -------- d-----w- c:\program files\PC Tools Security
    2011-11-13 03:16 . 2011-11-13 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2011-11-13 03:10 . 2011-11-13 03:10 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-11-09 03:17 . 2011-11-11 09:02 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Sixyub
    2011-11-09 03:17 . 2011-11-11 01:57 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Axix
    2011-11-07 03:01 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-06 08:40 . 2011-11-06 08:40 -------- d-----w- c:\program files\Common Files\Simple Adblock
    2011-11-04 23:35 . 2011-11-04 23:35 -------- d--h--w- c:\windows\PIF
    2011-11-04 23:16 . 2011-11-04 23:16 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\MPlayer
    2011-11-04 23:09 . 2011-11-04 23:09 -------- d-----w- c:\program files\SnowFox Software
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-17 09:52 . 2011-04-22 18:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-10 14:22 . 2009-09-14 10:33 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06 . 2009-09-14 10:32 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 17:41 . 2009-09-14 10:33 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 17:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 17:41 . 2009-09-14 10:33 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-06 13:20 . 2009-09-14 10:35 1858944 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2008-04-14 00:11 . CB75214525D36F923D3948DA3CD1562D . 1390080 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
    [-] 2008-04-14 00:11 . CB75214525D36F923D3948DA3CD1562D . 1390080 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
    [7] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\VistaMizer\old\comres.dll
    .
    [-] 2008-04-14 . A55B8899D2EA2E800061BCFD456E34DC . 547328 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
    [-] 2008-04-14 . A55B8899D2EA2E800061BCFD456E34DC . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
    [7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe
    .
    [-] 2010-08-23 . 4450428C8D90D8C5A6CAEB4BD846B9A4 . 724992 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
    [-] 2010-08-23 . 4450428C8D90D8C5A6CAEB4BD846B9A4 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
    [-] 2010-08-23 . 4450428C8D90D8C5A6CAEB4BD846B9A4 . 724992 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
    [7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll
    [7] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    [7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
    [7] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
    [7] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
    [7] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
    .
    [-] 2008-04-14 . 1F796B640B01A277B463E51CF0D79E10 . 587264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
    [-] 2008-04-14 . 1F796B640B01A277B463E51CF0D79E10 . 587264 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
    [7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\user32.dll
    .
    [-] 2008-04-14 . DCDEAA7B5698587F82C0F6CD7FB71967 . 1551872 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    [-] 2008-04-14 . DCDEAA7B5698587F82C0F6CD7FB71967 . 1551872 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
    [7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe
    .
    [-] 2008-04-14 . 18B0915F58A5342AB0F3D01D57261E32 . 267264 . . [5.1.2600.5512] . . c:\windows\regedit.exe
    [-] 2008-04-14 . 18B0915F58A5342AB0F3D01D57261E32 . 267264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
    [7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\regedit.exe
    [7] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\I386\REGEDIT.EXE
    .
    [-] 2010-07-16 . F4BB39217CFDA04706D5B46E0F03AC86 . 1312768 . . [5.1.2600.6010] . . c:\windows\ServicePackFiles\i386\ole32.dll
    [-] 2010-07-16 . F4BB39217CFDA04706D5B46E0F03AC86 . 1312768 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll
    [-] 2010-07-16 . F4BB39217CFDA04706D5B46E0F03AC86 . 1312768 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll
    [7] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\VistaMizer\old\ole32.dll
    [7] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
    .
    [-] 2008-04-14 . A913E1FF4C0BDA15FC542430182EB7B6 . 368640 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
    [-] 2008-04-14 . A913E1FF4C0BDA15FC542430182EB7B6 . 368640 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
    [7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\hnetcfg.dll
    .
    [7] 2010-12-10 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
    [7] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
    [-] 2010-12-09 . 164000DCE17FA3221CD4925456E6EC4A . 2326528 . . [5.1.2600.6055] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
    [-] 2010-12-09 . 164000DCE17FA3221CD4925456E6EC4A . 2326528 . . [5.1.2600.6055] . . c:\windows\system32\ntkrnlpa.exe
    [-] 2010-12-09 . 164000DCE17FA3221CD4925456E6EC4A . 2326528 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntkrnlpa.exe
    [7] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\VistaMizer\old\ntkrnlpa.exe
    [7] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
    [7] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
    [7] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
    [7] 2009-08-05 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
    [7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
    [7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
    [7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
    [-] 2006-02-21 . 501C033D08AC37C4BE751633AB02197C . 2057984 . . [5.1.2600.2853] . . c:\windows\$hf_mig$\KB914882\SP2QFE\ntkrnlpa.exe
    .
    [-] 2009-03-08 . C94590AF0DB0E97199688FF1A77037D2 . 727904 . . [8.00.6001.18702] . . c:\windows\ServicePackFiles\i386\iexplore.exe
    [-] 2009-03-08 . C94590AF0DB0E97199688FF1A77037D2 . 727904 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
    [7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\VistaMizer\old\iexplore.exe
    [7] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\ie8\iexplore.exe
    .
    [7] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
    [7] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
    [-] 2010-12-09 . A662B6EC8DF592900BF939DEC12A9A30 . 2449920 . . [5.1.2600.6055] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
    [-] 2010-12-09 . A662B6EC8DF592900BF939DEC12A9A30 . 2449920 . . [5.1.2600.6055] . . c:\windows\system32\ntoskrnl.exe
    [-] 2010-12-09 . A662B6EC8DF592900BF939DEC12A9A30 . 2449920 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntoskrnl.exe
    [7] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\VistaMizer\old\ntoskrnl.exe
    [7] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
    [7] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
    [7] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
    [7] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
    [7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
    [7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
    [7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
    [-] 2006-02-21 . DF4D09B676964646FA166A78C816B4C3 . 2180992 . . [5.1.2600.2853] . . c:\windows\$hf_mig$\KB914882\SP2QFE\ntoskrnl.exe
    .
    ((((((((((((((((((((((((((((( [email protected]_14.05.48 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-11-21 21:00 . 2011-11-21 21:00 16384 c:\windows\Temp\Perflib_Perfdata_664.dat
    + 2011-11-17 09:52 . 2011-11-17 09:52 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe
    + 2010-07-13 19:46 . 2011-11-17 09:52 8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VTTimer"="VTTimer.exe" [2004-10-22 53248]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
    "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-06-25 884696]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
    "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft ScreenHunter 5.1 Plus]
    0 [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    2004-06-30 00:06 88363 ----a-w- c:\windows\AGRSMMSG.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2004-07-21 00:22 57344 ----a-w- c:\windows\ALCMTR.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
    2004-07-29 08:34 2551808 ----a-w- c:\windows\ALCWZRD.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
    1998-05-07 23:04 52736 ----a-w- c:\windows\system\hpsysdrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2004-08-21 05:55 155648 ----a-w- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    2003-02-12 03:02 61440 ----a-w- c:\hp\KBD\kbd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
    2011-09-01 00:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
    2003-09-13 03:13 98304 ----a-w- c:\windows\system32\ps2.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-04-08 18:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "YahooAUService"=2 (0x2)
    "avg9emc"=2 (0x2)
    "xmlprov"=3 (0x3)
    "WZCSVC"=2 (0x2)
    "WudfSvc"=2 (0x2)
    "wscsvc"=2 (0x2)
    "W32Time"=2 (0x2)
    "Spooler"=2 (0x2)
    "helpsvc"=2 (0x2)
    "FastUserSwitchingCompatibility"=3 (0x3)
    "MDM"=2 (0x2)
    "MBAMService"=2 (0x2)
    "!SASCORE"=2 (0x2)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "SansaDispatch"=c:\documents and settings\Compaq_Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
    "AlcxMonitor"=ALCXMNTR.EXE
    "MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
    .
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/25/2011 6:36 PM 136360]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/6/2011 8:01 PM 22216]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 12872]
    S4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 4:38 PM 116608]
    S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/6/2011 8:01 PM 366152]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    getPlusHelper REG_MULTI_SZ getPlusHelper
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://facebook.com/
    TCP: Interfaces\{197104F7-41FA-4D93-932D-46F5919591B1}: NameServer = 205.171.3.65,205.171.2.65
    DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\vjtk55n2.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
    FF - prefs.js: browser.startup.homepage - facebook.com
    FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-21 16:21
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,30,74,63,e2,b0,0d,1b,4a,96,de,df,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,30,74,63,e2,b0,0d,1b,4a,96,de,df,\
    .
    [HKEY_USERS\S-1-5-21-608064118-1507529164-3282805649-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
    @Denied: (Full) (LocalSystem)
    @SACL=
    "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,15"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
    "{208D2C60-3AEA-1069-A2D7-08002B30309D}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,22"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,23"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,24"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="c:\\WINDOWS\\system32\\shell32.dll,-175"
    "{21EC2020-3AEA-1069-A2DD-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-137"
    "{2227A280-3AEA-1069-A2DE-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-138"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="c:\\WINDOWS\\system32\\shell32.dll,38"
    "AudioCD"="c:\\WINDOWS\\System32\\shell32.dll,40"
    "{FBF23B42-E3F0-101B-8488-00AA003E56F8}"="c:\\WINDOWS\\system32\\shell32.dll,220"
    "{450D8FBA-AD25-11D0-98A8-0800361B1103}"="c:\\WINDOWS\\system32\\mydocs.dll,0"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="c:\\WINDOWS\\system32\\main.cpl,10"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="c:\\WINDOWS\\system32\\wiashext.dll,0"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="c:\\WINDOWS\\system32\\mstask.dll,-100"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="c:\\WINDOWS\\System32\\occache.dll,0"
    "{BDEADF00-C265-11d0-BCED-00A0C90AB50F}"="c:\\Program Files\\COMMON~1\\MICROS~1\\WEBFOL~1\\MSONSEXT.DLL,0"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="c:\\WINDOWS\\System32\\shdocvw.dll,-20785"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="c:\\WINDOWS\\System32\\webcheck.dll,0"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="c:\\WINDOWS\\system32\\syncui.dll,0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1052)
    c:\windows\system32\SETUPAPI.dll
    c:\windows\system32\sfc_os.dll
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\cscui.dll
    c:\windows\system32\COMRes.dll
    .
    - - - - - - - > 'lsass.exe'(1156)
    c:\windows\system32\SETUPAPI.dll
    .
    - - - - - - - > 'explorer.exe'(3488)
    c:\windows\system32\SHDOCVW.dll
    c:\windows\system32\WININET.dll
    c:\windows\system32\msctfime.ime
    c:\windows\system32\COMRes.dll
    c:\windows\System32\cscui.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\SETUPAPI.dll
    c:\windows\system32\NETSHELL.dll
    c:\windows\system32\credui.dll
    c:\windows\system32\MSVCP60.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-11-21 16:26:55
    ComboFix-quarantined-files.txt 2011-11-21 23:26
    ComboFix2.txt 2011-11-13 14:29
    .
    Pre-Run: 18,422,841,344 bytes free
    Post-Run: 18,471,043,072 bytes free
    .
    - - End Of File - - FE9A59E0EBC05BC08F00C738D2984DCD



    c:\documents and settings\compaq_owner\application data\Axix\waad.rem


    23:35:23.0875 1816 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
    23:35:24.0312 1816 ============================================================
    23:35:24.0312 1816 Current date / time: 2011/11/21 23:35:24.0312
    23:35:24.0312 1816 SystemInfo:
    23:35:24.0312 1816
    23:35:24.0312 1816 OS Version: 5.1.2600 ServicePack: 3.0
    23:35:24.0312 1816 Product type: Workstation
    23:35:24.0312 1816 ComputerName: TOKYO
    23:35:24.0312 1816 UserName: Compaq_Owner
    23:35:24.0312 1816 Windows directory: C:\WINDOWS
    23:35:24.0312 1816 System windows directory: C:\WINDOWS
    23:35:24.0312 1816 Processor architecture: Intel x86
    23:35:24.0312 1816 Number of processors: 1
    23:35:24.0312 1816 Page size: 0x1000
    23:35:24.0312 1816 Boot type: Normal boot
    23:35:24.0312 1816 ============================================================
    23:35:27.0796 1816 Initialize success
    23:35:40.0656 1864 ============================================================
    23:35:40.0656 1864 Scan started
    23:35:40.0656 1864 Mode: Manual;
    23:35:40.0671 1864 ============================================================
    23:35:42.0953 1864 Abiosdsk - ok
    23:35:42.0984 1864 abp480n5 - ok
    23:35:43.0093 1864 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    23:35:43.0093 1864 ACPI - ok
    23:35:43.0359 1864 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    23:35:43.0375 1864 ACPIEC - ok
    23:35:43.0546 1864 adpu160m - ok
    23:35:43.0640 1864 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    23:35:43.0718 1864 aec - ok
    23:35:43.0953 1864 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    23:35:44.0000 1864 AFD - ok
    23:35:44.0296 1864 AgereSoftModem (7560f465f1ce69c53bf17559ee195548) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    23:35:44.0468 1864 AgereSoftModem - ok
    23:35:44.0687 1864 Aha154x - ok
    23:35:44.0718 1864 aic78u2 - ok
    23:35:44.0765 1864 aic78xx - ok
    23:35:44.0953 1864 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    23:35:45.0125 1864 ALCXWDM - ok
    23:35:45.0328 1864 AliIde - ok
    23:35:45.0437 1864 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
    23:35:45.0484 1864 AmdK7 - ok
    23:35:45.0656 1864 amsint - ok
    23:35:45.0937 1864 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    23:35:45.0984 1864 Arp1394 - ok
    23:35:46.0156 1864 asc - ok
    23:35:46.0203 1864 asc3350p - ok
    23:35:46.0250 1864 asc3550 - ok
    23:35:46.0515 1864 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    23:35:46.0531 1864 AsyncMac - ok
    23:35:46.0781 1864 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    23:35:46.0781 1864 atapi - ok
    23:35:46.0953 1864 Atdisk - ok
    23:35:47.0062 1864 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    23:35:47.0078 1864 Atmarpc - ok
    23:35:47.0328 1864 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    23:35:47.0375 1864 audstub - ok
    23:35:47.0515 1864 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    23:35:47.0546 1864 avgio - ok
    23:35:47.0828 1864 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    23:35:47.0828 1864 avgntflt - ok
    23:35:48.0093 1864 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
    23:35:48.0140 1864 avipbb - ok
    23:35:48.0375 1864 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    23:35:48.0406 1864 Beep - ok
    23:35:48.0593 1864 CA561 - ok
    23:35:48.0828 1864 catchme - ok
    23:35:49.0046 1864 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    23:35:49.0078 1864 cbidf2k - ok
    23:35:49.0296 1864 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    23:35:49.0328 1864 CCDECODE - ok
    23:35:49.0500 1864 cd20xrnt - ok
    23:35:49.0593 1864 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    23:35:49.0625 1864 Cdaudio - ok
    23:35:49.0859 1864 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    23:35:49.0859 1864 Cdfs - ok
    23:35:50.0109 1864 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    23:35:50.0140 1864 Cdrom - ok
    23:35:50.0328 1864 Changer - ok
    23:35:50.0390 1864 CmdIde - ok
    23:35:50.0468 1864 Cpqarray - ok
    23:35:50.0515 1864 dac2w2k - ok
    23:35:50.0562 1864 dac960nt - ok
    23:35:50.0671 1864 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    23:35:50.0671 1864 Disk - ok
    23:35:50.0968 1864 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    23:35:51.0031 1864 dmboot - ok
    23:35:51.0359 1864 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    23:35:51.0390 1864 dmio - ok
    23:35:51.0593 1864 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    23:35:51.0625 1864 dmload - ok
    23:35:51.0859 1864 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    23:35:51.0906 1864 DMusic - ok
    23:35:52.0093 1864 dpti2o - ok
    23:35:52.0187 1864 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    23:35:52.0203 1864 drmkaud - ok
    23:35:52.0375 1864 EagleNT - ok
    23:35:52.0578 1864 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    23:35:52.0578 1864 Fastfat - ok
    23:35:52.0796 1864 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
    23:35:52.0812 1864 fasttx2k - ok
    23:35:53.0031 1864 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    23:35:53.0062 1864 Fdc - ok
    23:35:53.0312 1864 FET5X86V (92cbce0913661ff966f9fb696a1775a5) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
    23:35:53.0343 1864 FET5X86V - ok
    23:35:53.0359 1864 FETND5BV (92cbce0913661ff966f9fb696a1775a5) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
    23:35:53.0359 1864 FETND5BV - ok
    23:35:53.0609 1864 FETNDISB (b7186b33b6cf3a23841015531e6e7d68) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
    23:35:53.0640 1864 FETNDISB - ok
    23:35:53.0921 1864 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    23:35:53.0953 1864 Fips - ok
    23:35:54.0187 1864 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    23:35:54.0218 1864 Flpydisk - ok
    23:35:54.0437 1864 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    23:35:54.0437 1864 FltMgr - ok
    23:35:54.0703 1864 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    23:35:54.0718 1864 Fs_Rec - ok
    23:35:54.0968 1864 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    23:35:54.0984 1864 Ftdisk - ok
    23:35:55.0234 1864 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    23:35:55.0265 1864 Gpc - ok
    23:35:55.0515 1864 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    23:35:55.0562 1864 HDAudBus - ok
    23:35:55.0843 1864 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    23:35:55.0843 1864 HidUsb - ok
    23:35:56.0031 1864 hpn - ok
    23:35:56.0281 1864 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    23:35:56.0312 1864 HPZid412 - ok
    23:35:56.0484 1864 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    23:35:56.0500 1864 HPZipr12 - ok
    23:35:56.0750 1864 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    23:35:56.0781 1864 HPZius12 - ok
    23:35:57.0046 1864 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    23:35:57.0140 1864 HTTP - ok
    23:35:57.0343 1864 i2omgmt - ok
    23:35:57.0390 1864 i2omp - ok
    23:35:57.0484 1864 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    23:35:57.0531 1864 i8042prt - ok
    23:35:57.0781 1864 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    23:35:57.0875 1864 ialm - ok
    23:35:58.0140 1864 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    23:35:58.0171 1864 Imapi - ok
    23:35:58.0359 1864 ini910u - ok
    23:35:58.0515 1864 IntcAzAudAddService (eafd29c7918325b45e0dabafd82ef75f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    23:35:58.0671 1864 IntcAzAudAddService - ok
    23:35:58.0906 1864 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    23:35:58.0921 1864 IntelIde - ok
    23:35:59.0140 1864 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    23:35:59.0171 1864 intelppm - ok
    23:35:59.0390 1864 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    23:35:59.0421 1864 Ip6Fw - ok
    23:35:59.0703 1864 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    23:35:59.0718 1864 IpFilterDriver - ok
    23:35:59.0921 1864 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    23:35:59.0953 1864 IpInIp - ok
    23:36:00.0125 1864 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    23:36:00.0140 1864 IpNat - ok
    23:36:00.0421 1864 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    23:36:00.0468 1864 IPSec - ok
    23:36:00.0671 1864 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    23:36:00.0671 1864 IRENUM - ok
    23:36:00.0921 1864 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    23:36:00.0921 1864 isapnp - ok
    23:36:01.0171 1864 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    23:36:01.0203 1864 Kbdclass - ok
    23:36:01.0484 1864 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    23:36:01.0515 1864 kbdhid - ok
    23:36:01.0734 1864 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    23:36:01.0812 1864 kmixer - ok
    23:36:02.0031 1864 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    23:36:02.0031 1864 KSecDD - ok
    23:36:02.0250 1864 lbrtfdc - ok
    23:36:02.0515 1864 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
    23:36:02.0546 1864 MBAMProtector - ok
    23:36:02.0781 1864 MBAMSwissArmy - ok
    23:36:02.0906 1864 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    23:36:02.0937 1864 mnmdd - ok
    23:36:03.0171 1864 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    23:36:03.0171 1864 Modem - ok
    23:36:03.0421 1864 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    23:36:03.0453 1864 Mouclass - ok
    23:36:03.0656 1864 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    23:36:03.0687 1864 mouhid - ok
    23:36:03.0937 1864 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    23:36:03.0937 1864 MountMgr - ok
    23:36:04.0140 1864 mraid35x - ok
    23:36:04.0218 1864 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    23:36:04.0265 1864 MRxDAV - ok
    23:36:04.0515 1864 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    23:36:04.0546 1864 MRxSmb - ok
    23:36:04.0812 1864 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    23:36:04.0812 1864 Msfs - ok
    23:36:05.0031 1864 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    23:36:05.0062 1864 MSKSSRV - ok
    23:36:05.0281 1864 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    23:36:05.0312 1864 MSPCLOCK - ok
    23:36:05.0515 1864 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    23:36:05.0531 1864 MSPQM - ok
    23:36:05.0765 1864 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    23:36:05.0765 1864 mssmbios - ok
    23:36:06.0000 1864 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    23:36:06.0031 1864 MSTEE - ok
    23:36:06.0265 1864 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    23:36:06.0265 1864 Mup - ok
    23:36:06.0437 1864 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    23:36:06.0484 1864 NABTSFEC - ok
    23:36:06.0750 1864 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    23:36:06.0765 1864 NDIS - ok
    23:36:07.0000 1864 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    23:36:07.0031 1864 NdisIP - ok
    23:36:07.0265 1864 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    23:36:07.0328 1864 NdisTapi - ok
    23:36:07.0546 1864 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    23:36:07.0562 1864 Ndisuio - ok
    23:36:07.0828 1864 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    23:36:07.0875 1864 NdisWan - ok
    23:36:08.0125 1864 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    23:36:08.0171 1864 NDProxy - ok
    23:36:08.0453 1864 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    23:36:08.0453 1864 NetBIOS - ok
    23:36:08.0703 1864 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    23:36:08.0750 1864 NetBT - ok
    23:36:09.0046 1864 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    23:36:09.0046 1864 NIC1394 - ok
    23:36:09.0296 1864 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    23:36:09.0296 1864 Npfs - ok
    23:36:09.0578 1864 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    23:36:09.0609 1864 Ntfs - ok
    23:36:09.0890 1864 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    23:36:09.0906 1864 Null - ok
    23:36:10.0218 1864 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    23:36:10.0421 1864 nv - ok
    23:36:10.0687 1864 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    23:36:10.0718 1864 NwlnkFlt - ok
    23:36:11.0000 1864 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    23:36:11.0031 1864 NwlnkFwd - ok
    23:36:11.0265 1864 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    23:36:11.0281 1864 ohci1394 - ok
    23:36:11.0515 1864 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    23:36:11.0562 1864 Parport - ok
    23:36:11.0796 1864 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    23:36:11.0796 1864 PartMgr - ok
    23:36:12.0046 1864 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    23:36:12.0078 1864 ParVdm - ok
    23:36:12.0312 1864 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    23:36:12.0328 1864 PCI - ok
    23:36:12.0531 1864 PCIDump - ok
    23:36:12.0625 1864 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    23:36:12.0625 1864 PCIIde - ok
    23:36:12.0843 1864 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    23:36:12.0875 1864 Pcmcia - ok
    23:36:13.0062 1864 PDCOMP - ok
    23:36:13.0156 1864 PDFRAME - ok
    23:36:13.0203 1864 PDRELI - ok
    23:36:13.0250 1864 PDRFRAME - ok
    23:36:13.0281 1864 perc2 - ok
    23:36:13.0328 1864 perc2hib - ok
    23:36:13.0640 1864 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    23:36:13.0671 1864 PptpMiniport - ok
    23:36:13.0921 1864 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    23:36:13.0968 1864 Processor - ok
    23:36:14.0234 1864 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys
    23:36:14.0250 1864 Ps2 - ok
    23:36:14.0546 1864 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    23:36:14.0578 1864 PSched - ok
    23:36:14.0859 1864 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    23:36:14.0890 1864 Ptilink - ok
    23:36:15.0125 1864 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    23:36:15.0140 1864 PxHelp20 - ok
    23:36:15.0328 1864 ql1080 - ok
    23:36:15.0375 1864 Ql10wnt - ok
    23:36:15.0406 1864 ql12160 - ok
    23:36:15.0453 1864 ql1240 - ok
    23:36:15.0500 1864 ql1280 - ok
    23:36:15.0578 1864 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    23:36:15.0609 1864 RasAcd - ok
    23:36:15.0875 1864 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    23:36:15.0921 1864 Rasl2tp - ok
    23:36:16.0187 1864 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    23:36:16.0234 1864 RasPppoe - ok
    23:36:16.0484 1864 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    23:36:16.0515 1864 Raspti - ok
    23:36:16.0765 1864 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    23:36:16.0765 1864 Rdbss - ok
    23:36:17.0078 1864 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    23:36:17.0109 1864 RDPCDD - ok
    23:36:17.0281 1864 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    23:36:17.0328 1864 RDPWD - ok
    23:36:17.0578 1864 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    23:36:17.0609 1864 redbook - ok
    23:36:17.0859 1864 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
    23:36:17.0906 1864 rtl8139 - ok
    23:36:18.0078 1864 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    23:36:18.0109 1864 SASDIFSV - ok
    23:36:18.0265 1864 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
    23:36:18.0296 1864 SASENUM - ok
    23:36:18.0468 1864 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    23:36:18.0500 1864 SASKUTIL - ok
    23:36:18.0734 1864 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    23:36:18.0765 1864 Secdrv - ok
    23:36:19.0015 1864 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    23:36:19.0046 1864 serenum - ok
    23:36:19.0296 1864 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    23:36:19.0328 1864 Serial - ok
    23:36:19.0593 1864 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    23:36:19.0609 1864 Sfloppy - ok
    23:36:19.0781 1864 Simbad - ok
    23:36:19.0890 1864 SiS315 (020467b4ee7f73c304943bf0e3e4d526) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
    23:36:19.0921 1864 SiS315 - ok
    23:36:20.0140 1864 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
    23:36:20.0140 1864 SISAGP - ok
    23:36:20.0390 1864 SiSkp (02960a9c3f4e5178edbd9c0d2d995b3b) C:\WINDOWS\system32\DRIVERS\srvkp.sys
    23:36:20.0421 1864 SiSkp - ok
    23:36:20.0640 1864 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    23:36:20.0656 1864 SLIP - ok
    23:36:20.0875 1864 Sparrow - ok
    23:36:21.0203 1864 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    23:36:21.0218 1864 splitter - ok
    23:36:21.0453 1864 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    23:36:21.0453 1864 sr - ok
    23:36:21.0718 1864 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    23:36:21.0750 1864 Srv - ok
    23:36:22.0046 1864 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    23:36:22.0078 1864 ssmdrv - ok
    23:36:22.0328 1864 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    23:36:22.0343 1864 streamip - ok
    23:36:22.0593 1864 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    23:36:22.0609 1864 swenum - ok
    23:36:22.0890 1864 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    23:36:22.0921 1864 swmidi - ok
    23:36:23.0140 1864 symc810 - ok
    23:36:23.0437 1864 symc8xx - ok
    23:36:23.0546 1864 sym_hi - ok
    23:36:23.0578 1864 sym_u3 - ok
    23:36:23.0687 1864 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    23:36:23.0703 1864 sysaudio - ok
    23:36:24.0015 1864 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    23:36:24.0109 1864 Tcpip - ok
    23:36:24.0359 1864 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    23:36:24.0375 1864 TDPIPE - ok
    23:36:24.0593 1864 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    23:36:24.0625 1864 TDTCP - ok
    23:36:24.0843 1864 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    23:36:24.0875 1864 TermDD - ok
    23:36:25.0140 1864 TosIde - ok
    23:36:25.0250 1864 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    23:36:25.0265 1864 Udfs - ok
    23:36:25.0593 1864 ultra - ok
    23:36:25.0921 1864 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    23:36:26.0031 1864 Update - ok
    23:36:26.0281 1864 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    23:36:26.0312 1864 usbccgp - ok
    23:36:26.0546 1864 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    23:36:26.0578 1864 usbehci - ok
    23:36:26.0859 1864 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    23:36:26.0890 1864 usbhub - ok
    23:36:27.0109 1864 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    23:36:27.0140 1864 usbohci - ok
    23:36:27.0375 1864 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    23:36:27.0406 1864 usbprint - ok
    23:36:27.0640 1864 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    23:36:27.0671 1864 usbscan - ok
    23:36:27.0921 1864 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    23:36:27.0921 1864 USBSTOR - ok
    23:36:28.0171 1864 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    23:36:28.0203 1864 usbuhci - ok
    23:36:28.0437 1864 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    23:36:28.0468 1864 usbvideo - ok
    23:36:28.0687 1864 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
    23:36:28.0718 1864 USB_RNDIS - ok
    23:36:28.0937 1864 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    23:36:28.0968 1864 VgaSave - ok
    23:36:29.0171 1864 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
    23:36:29.0187 1864 viaagp1 - ok
    23:36:29.0281 1864 viagfx (45489356501ec6cbb789dece991d393f) C:\WINDOWS\system32\DRIVERS\vtmini.sys
    23:36:29.0328 1864 viagfx - ok
    23:36:29.0578 1864 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    23:36:29.0578 1864 ViaIde - ok
    23:36:29.0812 1864 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    23:36:29.0812 1864 VolSnap - ok
    23:36:30.0078 1864 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    23:36:30.0109 1864 Wanarp - ok
    23:36:30.0296 1864 WDICA - ok
    23:36:30.0406 1864 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    23:36:30.0437 1864 wdmaud - ok
    23:36:30.0796 1864 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
    23:36:30.0828 1864 WpdUsb - ok
    23:36:31.0109 1864 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    23:36:31.0125 1864 WS2IFSL - ok
    23:36:31.0359 1864 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    23:36:31.0390 1864 WSTCODEC - ok
    23:36:31.0656 1864 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    23:36:31.0656 1864 WudfPf - ok
    23:36:31.0875 1864 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    23:36:31.0906 1864 WudfRd - ok
    23:36:32.0031 1864 MBR (0x1B8) (bad0263fbe81b49f5f07b32dc9d198b3) \Device\Harddisk0\DR0
    23:36:32.0031 1864 \Device\Harddisk0\DR0 - ok
    23:36:32.0046 1864 Boot (0x1200) (094861e8ffb2efd30015a4f364517345) \Device\Harddisk0\DR0\Partition0
    23:36:32.0046 1864 \Device\Harddisk0\DR0\Partition0 - ok
    23:36:32.0078 1864 Boot (0x1200) (d6fda804a4a1b73462ca2bf5084e60fb) \Device\Harddisk0\DR0\Partition1
    23:36:32.0078 1864 \Device\Harddisk0\DR0\Partition1 - ok
    23:36:32.0093 1864 ============================================================
    23:36:32.0093 1864 Scan finished
    23:36:32.0093 1864 ============================================================
    23:36:32.0125 3516 Detected object count: 0
    23:36:32.0125 3516 Actual detected object count: 0
     
  9. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hy there,

    You ran CF again instead of looking for the Logfile only ;)
    We will delete the current version of Combofix.


    Please press the [​IMG] + R Key and Copy/Paste the following single-line command into the Run box and click OK

    cmd /c del /a/f/q "c:\documents and settings\Compaq_Owner\My Documents\Downloads\ComboFix.exe"



    Please download and scan with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Note: Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    You can use this thread as a guide.

    Please include the C:\ComboFix.txt in your next reply for further review.



    Please post in your next reply
    Combofix.txt
    How is your system behaving now
     
  10. Silent_Devotion

    Silent_Devotion Thread Starter

    Joined:
    Sep 15, 2009
    Messages:
    19
    I hope this is what you were talking about. I'm sorry for not completely understanding what you wanted. I've been using a computer for years now, but am still not very good at it. It is running better than it was when I first posted here. I no longer am redirected every time I click onto a link. I've been having some issues with flash content loading slowly. It has gotten a little better. I think I need to get a new anti-virus, though. The one I have doesn't seem to be very good. I get infected from nearly every site that I visit. Youtube, yahoo, msn, imbd, wikipedia, facebook, etc. So I don't think my anti-virus is doing its job. I scan it every day, and there is always new infections.




    ComboFix 11-11-22.03 - Compaq_Owner 11/22/2011 21:11:48.3.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.487 [GMT -7:00]
    Running from: c:\documents and settings\Compaq_Owner\My Documents\Downloads\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
    FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\vjtk55n2.default\searchplugins\bing-zugo.xml
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-23 to 2011-11-23 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-13 10:56 . 2011-11-13 10:57 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\AVG
    2011-11-13 03:36 . 2011-11-14 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
    2011-11-13 03:29 . 2011-11-14 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2011-11-13 03:18 . 2011-11-13 04:20 -------- d-----w- c:\program files\Common Files\PC Tools
    2011-11-13 03:18 . 2011-11-13 04:20 -------- d-----w- c:\program files\PC Tools Security
    2011-11-13 03:16 . 2011-11-13 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2011-11-13 03:10 . 2011-11-13 03:10 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-11-09 03:17 . 2011-11-11 09:02 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Sixyub
    2011-11-09 03:17 . 2011-11-11 01:57 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Axix
    2011-11-07 03:01 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-06 08:40 . 2011-11-06 08:40 -------- d-----w- c:\program files\Common Files\Simple Adblock
    2011-11-04 23:35 . 2011-11-04 23:35 -------- d--h--w- c:\windows\PIF
    2011-11-04 23:16 . 2011-11-04 23:16 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\MPlayer
    2011-11-04 23:09 . 2011-11-04 23:09 -------- d-----w- c:\program files\SnowFox Software
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-17 09:52 . 2011-04-22 18:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-10 14:22 . 2009-09-14 10:33 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06 . 2009-09-14 10:32 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 17:41 . 2009-09-14 10:33 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 17:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 17:41 . 2009-09-14 10:33 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-06 13:20 . 2009-09-14 10:35 1858944 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2008-04-14 00:11 . CB75214525D36F923D3948DA3CD1562D . 1390080 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
    [-] 2008-04-14 00:11 . CB75214525D36F923D3948DA3CD1562D . 1390080 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
    [7] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\VistaMizer\old\comres.dll
    .
    [-] 2008-04-14 . A55B8899D2EA2E800061BCFD456E34DC . 547328 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
    [-] 2008-04-14 . A55B8899D2EA2E800061BCFD456E34DC . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
    [7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe
    .
    [-] 2010-08-23 . 4450428C8D90D8C5A6CAEB4BD846B9A4 . 724992 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
    [-] 2010-08-23 . 4450428C8D90D8C5A6CAEB4BD846B9A4 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
    [-] 2010-08-23 . 4450428C8D90D8C5A6CAEB4BD846B9A4 . 724992 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
    [7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll
    [7] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    [7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
    [7] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
    [7] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
    [7] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
    .
    [-] 2008-04-14 . 1F796B640B01A277B463E51CF0D79E10 . 587264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
    [-] 2008-04-14 . 1F796B640B01A277B463E51CF0D79E10 . 587264 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
    [7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\user32.dll
    .
    [-] 2008-04-14 . DCDEAA7B5698587F82C0F6CD7FB71967 . 1551872 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    [-] 2008-04-14 . DCDEAA7B5698587F82C0F6CD7FB71967 . 1551872 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
    [7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe
    .
    [-] 2008-04-14 . 18B0915F58A5342AB0F3D01D57261E32 . 267264 . . [5.1.2600.5512] . . c:\windows\regedit.exe
    [-] 2008-04-14 . 18B0915F58A5342AB0F3D01D57261E32 . 267264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
    [7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\regedit.exe
    [7] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\I386\REGEDIT.EXE
    .
    [-] 2010-07-16 . F4BB39217CFDA04706D5B46E0F03AC86 . 1312768 . . [5.1.2600.6010] . . c:\windows\ServicePackFiles\i386\ole32.dll
    [-] 2010-07-16 . F4BB39217CFDA04706D5B46E0F03AC86 . 1312768 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll
    [-] 2010-07-16 . F4BB39217CFDA04706D5B46E0F03AC86 . 1312768 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll
    [7] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\VistaMizer\old\ole32.dll
    [7] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
    .
    [-] 2008-04-14 . A913E1FF4C0BDA15FC542430182EB7B6 . 368640 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
    [-] 2008-04-14 . A913E1FF4C0BDA15FC542430182EB7B6 . 368640 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
    [7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\hnetcfg.dll
    .
    [7] 2010-12-10 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
    [7] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
    [-] 2010-12-09 . 164000DCE17FA3221CD4925456E6EC4A . 2326528 . . [5.1.2600.6055] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
    [-] 2010-12-09 . 164000DCE17FA3221CD4925456E6EC4A . 2326528 . . [5.1.2600.6055] . . c:\windows\system32\ntkrnlpa.exe
    [-] 2010-12-09 . 164000DCE17FA3221CD4925456E6EC4A . 2326528 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntkrnlpa.exe
    [7] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\VistaMizer\old\ntkrnlpa.exe
    [7] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
    [7] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
    [7] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
    [7] 2009-08-05 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
    [7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
    [7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
    [7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
    [-] 2006-02-21 . 501C033D08AC37C4BE751633AB02197C . 2057984 . . [5.1.2600.2853] . . c:\windows\$hf_mig$\KB914882\SP2QFE\ntkrnlpa.exe
    .
    [-] 2009-03-08 . C94590AF0DB0E97199688FF1A77037D2 . 727904 . . [8.00.6001.18702] . . c:\windows\ServicePackFiles\i386\iexplore.exe
    [-] 2009-03-08 . C94590AF0DB0E97199688FF1A77037D2 . 727904 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
    [7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\VistaMizer\old\iexplore.exe
    [7] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\ie8\iexplore.exe
    .
    [7] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
    [7] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
    [-] 2010-12-09 . A662B6EC8DF592900BF939DEC12A9A30 . 2449920 . . [5.1.2600.6055] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
    [-] 2010-12-09 . A662B6EC8DF592900BF939DEC12A9A30 . 2449920 . . [5.1.2600.6055] . . c:\windows\system32\ntoskrnl.exe
    [-] 2010-12-09 . A662B6EC8DF592900BF939DEC12A9A30 . 2449920 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntoskrnl.exe
    [7] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\VistaMizer\old\ntoskrnl.exe
    [7] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
    [7] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
    [7] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
    [7] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
    [7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
    [7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
    [7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
    [-] 2006-02-21 . DF4D09B676964646FA166A78C816B4C3 . 2180992 . . [5.1.2600.2853] . . c:\windows\$hf_mig$\KB914882\SP2QFE\ntoskrnl.exe
    .
    ((((((((((((((((((((((((((((( [email protected]_14.05.48 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-11-22 20:20 . 2011-11-22 20:20 16384 c:\windows\Temp\Perflib_Perfdata_684.dat
    + 2011-11-17 09:52 . 2011-11-17 09:52 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe
    + 2010-07-13 19:46 . 2011-11-17 09:52 8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VTTimer"="VTTimer.exe" [2004-10-22 53248]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
    "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-06-25 884696]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
    "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft ScreenHunter 5.1 Plus]
    0 [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    2004-06-30 00:06 88363 ----a-w- c:\windows\AGRSMMSG.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2004-07-21 00:22 57344 ----a-w- c:\windows\ALCMTR.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
    2004-07-29 08:34 2551808 ----a-w- c:\windows\ALCWZRD.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
    1998-05-07 23:04 52736 ----a-w- c:\windows\system\hpsysdrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2004-08-21 05:55 155648 ----a-w- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    2003-02-12 03:02 61440 ----a-w- c:\hp\KBD\kbd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
    2011-09-01 00:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
    2003-09-13 03:13 98304 ----a-w- c:\windows\system32\ps2.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-04-08 18:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "YahooAUService"=2 (0x2)
    "avg9emc"=2 (0x2)
    "xmlprov"=3 (0x3)
    "WZCSVC"=2 (0x2)
    "WudfSvc"=2 (0x2)
    "wscsvc"=2 (0x2)
    "W32Time"=2 (0x2)
    "Spooler"=2 (0x2)
    "helpsvc"=2 (0x2)
    "FastUserSwitchingCompatibility"=3 (0x3)
    "MDM"=2 (0x2)
    "MBAMService"=2 (0x2)
    "!SASCORE"=2 (0x2)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "SansaDispatch"=c:\documents and settings\Compaq_Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
    "AlcxMonitor"=ALCXMNTR.EXE
    "MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
    .
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/25/2011 6:36 PM 136360]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/6/2011 8:01 PM 22216]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 12872]
    S4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 4:38 PM 116608]
    S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/6/2011 8:01 PM 366152]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    getPlusHelper REG_MULTI_SZ getPlusHelper
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://facebook.com/
    TCP: Interfaces\{197104F7-41FA-4D93-932D-46F5919591B1}: NameServer = 205.171.3.65,205.171.2.65
    DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\vjtk55n2.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
    FF - prefs.js: browser.startup.homepage - facebook.com
    FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-22 21:21
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,30,74,63,e2,b0,0d,1b,4a,96,de,df,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,30,74,63,e2,b0,0d,1b,4a,96,de,df,\
    .
    [HKEY_USERS\S-1-5-21-608064118-1507529164-3282805649-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
    @Denied: (Full) (LocalSystem)
    @SACL=
    "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,15"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
    "{208D2C60-3AEA-1069-A2D7-08002B30309D}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,22"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,23"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,24"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="c:\\WINDOWS\\system32\\shell32.dll,-175"
    "{21EC2020-3AEA-1069-A2DD-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-137"
    "{2227A280-3AEA-1069-A2DE-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-138"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="c:\\WINDOWS\\system32\\shell32.dll,38"
    "AudioCD"="c:\\WINDOWS\\System32\\shell32.dll,40"
    "{FBF23B42-E3F0-101B-8488-00AA003E56F8}"="c:\\WINDOWS\\system32\\shell32.dll,220"
    "{450D8FBA-AD25-11D0-98A8-0800361B1103}"="c:\\WINDOWS\\system32\\mydocs.dll,0"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="c:\\WINDOWS\\system32\\main.cpl,10"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="c:\\WINDOWS\\system32\\wiashext.dll,0"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="c:\\WINDOWS\\system32\\mstask.dll,-100"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="c:\\WINDOWS\\System32\\occache.dll,0"
    "{BDEADF00-C265-11d0-BCED-00A0C90AB50F}"="c:\\Program Files\\COMMON~1\\MICROS~1\\WEBFOL~1\\MSONSEXT.DLL,0"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="c:\\WINDOWS\\System32\\shdocvw.dll,-20785"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="c:\\WINDOWS\\System32\\webcheck.dll,0"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="c:\\WINDOWS\\system32\\syncui.dll,0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1052)
    c:\windows\system32\SETUPAPI.dll
    c:\windows\system32\sfc_os.dll
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\cscui.dll
    c:\windows\system32\COMRes.dll
    .
    - - - - - - - > 'lsass.exe'(1152)
    c:\windows\system32\SETUPAPI.dll
    .
    Completion time: 2011-11-22 21:24:31
    ComboFix-quarantined-files.txt 2011-11-23 04:24
    ComboFix2.txt 2011-11-21 23:26
    ComboFix3.txt 2011-11-13 14:29
    .
    Pre-Run: 18,435,809,280 bytes free
    Post-Run: 18,457,985,024 bytes free
    .
    - - End Of File - - 12A5463B1B25309CD797717FF2C96FE0
     
  11. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hy there
    Are you still using the Firewall from ZoneAlarm or AVG ?

    I see in your logs that you disabled a lot of startup entries with the System Diagnostic Tool msconfig.
    You may want to read this link why you should not do this.
    So I would recommend to re-enable all of them and we will see what does not need to start every time when you booting your system.

    Start --> Run --> ( type in ) msconfig --> OK. Select the Startup tab and click on enable all


    I used Avira for a long time and never had any problems with it. Could you please perform a full systemscan with Avira and post the logfile it produced that I can look what it is detecting.
     
  12. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hello, are you still with us?

    If you do not reply within 24 hours I will unsubscribe this thread and wont be notified about new replies.
     
  13. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Due a lack of response,

    I will now unsubscribe this thread and do not get any notifications about now replies
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - pretty sure browser
  1. Oxobius
    Replies:
    0
    Views:
    486
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1026663

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice