I'm pretty sure my browser has been hijacked. I REALLY need some help with this.

Silent_Devotion · Nov 13, 2011

Every time I click on any link at all I'm redirected.

I have ran several scans, and cleared the infections that they found, but as soon as I restart my computer, and click on a link, it does the same thing. I have also cleared cookies & temp files, and tried other browsers, but nothing...

I have run the following scans...

AVG
Spybot
Ad-Aware
Super Anti-spyware
Malwarebytes
Avira
Smitfraudfix

yet the problem is still here, and I don't know what to do.

Here is a copy of the log file from Hijackthis...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:30:35, on 11/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Mozilla Firefox 3.6 Beta 4\firefox.exe
C:\Program Files\AVG\AVG2012\avgui.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\AVG\AVG2012\avgscanx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O1 - Hosts: 94.63.240.149 www.google.com
O1 - Hosts: 94.63.240.150 www.bing.com
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADkANwA"&"inst=NwA3AC0ANAAxADQANwAxADAAMAA5ADIALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAyAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEALQBEAEQAVAArADAA"&"prod=90"&"ver=9.0.894
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252979571937
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} (PCMaticVer Class) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://games.bigfishgames.com/en_burger-shop/online/GoBitGamesPlayer_v4.cab
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} (Java Plug-in 1.6.0_17) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{197104F7-41FA-4D93-932D-46F5919591B1}: NameServer = 205.171.3.65,205.171.2.65
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
O19 - User stylesheet: (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe

--
End of file - 8639 bytes

Please help me. I can't afford to take it in for repairs or to buy a new one. I'm already trying to figure out how I'm supposed to afford to get a new CD Drive.

Larusso · Nov 13, 2011

Hi and welcome to TSG.

I am reviewing your logs and will respond with a reply as soon as I can.

Please note that all my replies are reviewed by a qualified Analyst before I post. This ensures that you will continue to receive quality expert assistance.

Thank you for your patience.

Larusso · Nov 13, 2011

Hy
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.

Perform everything in the correct order. Sometimes one step requires the previous one.

If you have any problems while you are following my instructions, Stop there and tell me the exact nature of your problem.

Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.

Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.

If I don't hear from you within 3 days from this initial or any subsequent post, I will have to unsubscribe from this thread and move on to assist someone else.

Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes interfere our fixes
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

Open Spybot Search & Destroy.

In the Mode menu click "Advanced mode" if not already selected.

Choose "Yes" at the Warning prompt.

Expand the "Tools" menu.

Click "Resident".

Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.

In the File menu click "Exit" to exit Spybot Search & Destroy.

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds to run the tool.

When done, DDS will open two (2) logs:

DDS.txt

Attach.txt

Save both reports to your desktop.

Please post both in your next reply

Please download Gmer from here and save it to your Desktop.

Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.

If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

Click the image to enlarge it

In the right panel, you will see several boxes that have been checked. Uncheck the following ...

Sections

IAT/EAT

Drives/Partition other than Systemdrive (typically C:\)

Show All (don't miss this one)

Then click the Scan button & wait for it to finish.

Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please post in your next reply
dds.txt
attach.txt
ark.txt

Silent_Devotion · Nov 16, 2011

I don't think my computer is infected with that virus anymore because I haven't been redirected since I posted this. My problem now is that anything with flash loads painfully slowly, and that's really annoying. Thanks for your help. I appreciate it.

Larusso · Nov 16, 2011

Hy,

absence of the symptomes does not mean your system is clean. Please follow my instructions above and post the logs I need, otherwise I can not help you.

Silent_Devotion · Nov 19, 2011

I'm sorry that it has taken me so long to reply. This is my busiest month, and my computer isn't acting right. Here are the logs you requested. I hope they're what you wanted. I'm not very smart when it comes to computers...

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Compaq_Owner at 23:18:39 on 2011-11-16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.48 [GMT -7:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *Disabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Mozilla Firefox 3.6 Beta 4\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://facebook.com/
mURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SimpleAdblock Class: {ffcb3198-32f3-4e8b-9539-4324694ed664} - c:\program files\common files\simple adblock\SimpleAdblock.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Neopets: {cd292324-974f-4224-d074-caca427aa030} -
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
mRun: [VTTimer] VTTimer.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252979571937
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://games.bigfishgames.com/en_burger-shop/online/GoBitGamesPlayer_v4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{197104F7-41FA-4D93-932D-46F5919591B1} : NameServer = 205.171.3.65,205.171.2.65
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\vjtk55n2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - facebook.com
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - plugin: c:\documents and settings\compaq_owner\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\compaq_owner\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\compaq_owner\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\gobit games\browserplugin\npgobitgamesplugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox 3.6 beta 4\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox 3.6 beta 4\plugins\npgobitgamesplugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-6-25 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-6-25 66616]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-6 22216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]
.
=============== Created Last 30 ================
.
2011-11-13 13:11:54 208896 ----a-w- c:\windows\MBR.exe
2011-11-13 13:11:53 98816 ----a-w- c:\windows\sed.exe
2011-11-13 13:11:53 518144 ----a-w- c:\windows\SWREG.exe
2011-11-13 13:11:53 256000 ----a-w- c:\windows\PEV.exe
2011-11-13 10:56:00 -------- d-----w- c:\documents and settings\compaq_owner\application data\AVG
2011-11-13 03:36:13 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2011-11-13 03:29:31 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-11-13 03:18:52 -------- d-----w- c:\program files\common files\PC Tools
2011-11-13 03:18:51 -------- d-----w- c:\program files\PC Tools Security
2011-11-13 03:16:34 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-11-13 03:10:34 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-09 03:17:56 -------- d-----w- c:\documents and settings\compaq_owner\application data\Sixyub
2011-11-09 03:17:56 -------- d-----w- c:\documents and settings\compaq_owner\application data\Axix
2011-11-07 03:01:40 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-06 08:40:17 -------- d-----w- c:\program files\common files\Simple Adblock
2011-11-04 23:35:41 -------- d--h--w- c:\windows\PIF
2011-11-04 23:16:43 -------- d-----w- c:\documents and settings\compaq_owner\local settings\application data\MPlayer
2011-11-04 23:09:17 -------- d-----w- c:\program files\SnowFox Software
.
==================== Find3M ====================
.
2011-10-26 02:23:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 17:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 17:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 17:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 23:23:10.28 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 9/14/2009 5:42:08 AM
System Uptime: 11/16/2011 4:40:55 PM (7 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Kelut
Processor: AMD Sempron(tm) 3000+ | Socket A | 1999/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 32 GiB total, 17.03 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 0.893 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP492: 9/23/2011 9:27:29 PM - Installed YoutubeMovieMaker.
RP493: 9/23/2011 9:41:09 PM - Removed YoutubeMovieMaker.
RP494: 9/25/2011 10:42:48 PM - System Checkpoint
RP495: 9/27/2011 12:17:49 AM - System Checkpoint
RP496: 9/28/2011 5:49:43 AM - Software Distribution Service 3.0
RP497: 9/30/2011 2:35:54 AM - System Checkpoint
RP498: 10/1/2011 10:02:28 PM - System Checkpoint
RP499: 10/3/2011 9:15:13 PM - System Checkpoint
RP500: 10/5/2011 3:48:37 PM - System Checkpoint
RP501: 10/7/2011 6:49:47 PM - System Checkpoint
RP502: 10/9/2011 7:07:35 PM - System Checkpoint
RP503: 10/10/2011 2:31:37 PM - Installed QuickTime
RP504: 10/12/2011 11:49:22 PM - System Checkpoint
RP505: 10/14/2011 4:33:02 AM - Software Distribution Service 3.0
RP506: 10/15/2011 10:00:12 PM - System Checkpoint
RP507: 10/18/2011 12:21:18 AM - System Checkpoint
RP508: 10/19/2011 9:39:56 PM - System Checkpoint
RP509: 10/19/2011 10:11:20 PM - Removed Apple Software Update
RP510: 10/19/2011 10:12:37 PM - Removed Apple Application Support
RP511: 10/19/2011 10:14:32 PM - Removed Avira SearchFree Toolbar.
RP512: 10/19/2011 10:16:29 PM - Removed QuickTime
RP513: 10/19/2011 10:17:45 PM - Removed Qwest QuickAssist Desktop Tools
RP514: 10/21/2011 12:16:38 AM - System Checkpoint
RP515: 10/23/2011 2:52:13 AM - System Checkpoint
RP516: 10/24/2011 9:50:45 PM - System Checkpoint
RP517: 10/27/2011 2:05:05 AM - System Checkpoint
RP518: 10/28/2011 3:01:53 AM - System Checkpoint
RP519: 10/29/2011 11:57:48 PM - System Checkpoint
RP520: 11/2/2011 11:52:41 PM - System Checkpoint
RP521: 11/5/2011 3:47:50 PM - System Checkpoint
RP522: 11/6/2011 1:39:41 AM - Removed Simple Adblock
RP523: 11/6/2011 1:40:14 AM - Installed Simple Adblock
RP524: 11/7/2011 7:47:00 PM - System Checkpoint
RP525: 11/8/2011 10:59:51 PM - System Checkpoint
RP526: 11/9/2011 2:44:33 AM - Software Distribution Service 3.0
RP527: 11/10/2011 3:45:06 PM - System Checkpoint
RP528: 11/10/2011 5:00:48 PM - Software Distribution Service 3.0
RP529: 11/11/2011 11:49:46 PM - System Checkpoint
RP530: 11/12/2011 8:04:23 PM - Installed Ad-Aware
RP531: 11/12/2011 8:05:01 PM - Installed Ad-Aware
RP532: 11/12/2011 8:14:31 PM - Installed HiJackThis
RP533: 11/12/2011 8:34:13 PM - Installed AVG 2012
RP534: 11/12/2011 8:35:35 PM - Installed AVG 2012
RP535: 11/13/2011 5:59:40 PM - Removed HiJackThis
RP536: 11/13/2011 6:00:52 PM - Removed Ad-Aware
RP537: 11/13/2011 6:26:10 PM - Removed AVG 2012
RP538: 11/13/2011 6:29:12 PM - Removed AVG 2012
RP539: 11/15/2011 12:34:42 AM - System Checkpoint
.
==== Installed Programs ======================
.
Sansa Media Converter
32 Bit HP CIO Components Installer
Actiontec Gateway
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.6
Adobe Shockwave Player 11.5
Agere Systems PCI Soft Modem
Any DVD Converter Professional 4.2.7
Avira AntiVir Personal - Free Antivirus
Big Fish Games: Game Manager
BufferChm
Burger Shop 2
CCleaner
Copy
Destinations
DeviceDiscovery
DJ_AIO_05_F4400_Software_Min
Eusing Free Registry Cleaner
F4400
FastStone Photo Resizer 3.1
GIMP 2.6.11
GoBit Games Plugin v1.5
GPBaseService2
GSplit 3
Help and Support Additions
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 13.0
HP Deskjet F4400 Printer Driver Software 13.0 Rel .5
HP Imaging Device Functions 13.0
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
hpPrintProjects
HPProductAssistant
HpSdpAppCoreApp
hpWLPGInstaller
ieSpell
InterVideo WinDVD Player
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 26
KBD
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Move Media Player
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PC-Doctor for Windows
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickConnect
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
S3GSetup
Sansa Updater
Scan
Security Task Manager 1.7h
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Simple Adblock
SmartWebPrinting
SolutionCenter
Status
SUPERAntiSpyware
Toolbox
TrayApp
TuxGuitar
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
VC 9.0 Runtime
Veoh Web Player
VIA Rhine-Family Fast-Ethernet Adapter
VIA/S3G Display Driver
VistaMizer 3.3.0.0
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.11
WebFldrs XP
WebReg
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR 4.01 (32-bit)
WinX Free DVD Ripper 4.5.14
.
==== Event Viewer Messages From Past Week ========
.
11/9/2011 2:56:15 AM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
11/9/2011 2:55:29 AM, error: Service Control Manager [7023] - The Uninterruptible Power Supply service terminated with the following error: %%2481
11/9/2011 2:54:05 AM, error: UPS [2481] - The UPS service is not configured correctly.
11/13/2011 5:59:48 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
11/12/2011 9:19:15 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
11/12/2011 8:49:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK7 avgio Avgldx86 Avgmfx86 avipbb Fips SASDIFSV SASKUTIL ssmdrv
11/12/2011 8:39:49 PM, error: Service Control Manager [7000] - The AVG TDI Driver service failed to start due to the following error: The parameter is incorrect.
11/12/2011 5:46:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/12/2011 5:26:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
11/12/2011 5:18:24 PM, error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
11/12/2011 11:10:28 PM, error: Service Control Manager [7034] - The vToolbarUpdater service terminated unexpectedly. It has done this 1 time(s).
11/12/2011 11:09:45 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
11/11/2011 2:05:00 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: fasttx2k SISAGP
11/11/2011 2:03:28 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
11/11/2011 10:40:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/10/2011 9:46:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK7 avgio avipbb Fips SASDIFSV SASKUTIL ssmdrv
11/10/2011 9:45:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/10/2011 5:11:37 AM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 2 time(s).
.
==== End Of File ===========================

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-18 22:00:32
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12 ST340015A rev.3.15
Running: xnyzj4if.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\fgldipob.sys

---- System - GMER 1.0.15 ----

SSDT F7C67FDC ZwClose
SSDT F7C67F96 ZwCreateKey
SSDT F7C67FE6 ZwCreateSection
SSDT F7C67F8C ZwCreateThread
SSDT F7C67F9B ZwDeleteKey
SSDT F7C67FA5 ZwDeleteValueKey
SSDT F7C67FD7 ZwDuplicateObject
SSDT F7C67FAA ZwLoadKey
SSDT F7C67F78 ZwOpenProcess
SSDT F7C67F7D ZwOpenThread
SSDT F7C67FB4 ZwReplaceKey
SSDT F7C67FAF ZwRestoreKey
SSDT F7C67FEB ZwSetContextThread
SSDT F7C67FA0 ZwSetValueKey
SSDT F7C67F87 ZwTerminateProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Larusso · Nov 19, 2011

No worries. It is always good to know if somebody is busy so I will keep the topic subscribed.

I see you ran ComboFix without being instructed to. I would like to quote a section of the ComboFix tutorial located here: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.
Click to expand...

Please look for a C:\Combofix.txt and post this in your next reply.

Please press the + R Key and type notepad into the Run box.
Copy/paste the entire contents of the codebox below, into notepad:
Code:
@echo off
>look.txt (
dir /s /a /b "c:\documents and settings\compaq_owner\application data\Sixyub"
dir /s /a /b "c:\documents and settings\compaq_owner\application data\Axix"
)
notepad look.txt
del %0
Now on the top of the window choose File --> Save as

Into the Save as line type in look.bat

Change the Save as type to All Files (*.*)

Save it on your Desktop.

It should look like this

Run the look.bat

A notepad window will appear, please post the content of look.txt in your next reply.

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.

Press Start Scan

If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

Please post in your next reply
Combofix.txt
look.txt
TDSSKiller Log

Silent_Devotion · Nov 22, 2011

Again, I apologize for the late reply. Here are the logs that you requested.

ComboFix 11-11-13.01 - Compaq_Owner 11/21/2011 16:19:22.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.737 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Owner\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))
.
.
2011-11-13 10:56 . 2011-11-13 10:57 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\AVG
2011-11-13 03:36 . 2011-11-14 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-11-13 03:29 . 2011-11-14 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-11-13 03:18 . 2011-11-13 04:20 -------- d-----w- c:\program files\Common Files\PC Tools
2011-11-13 03:18 . 2011-11-13 04:20 -------- d-----w- c:\program files\PC Tools Security
2011-11-13 03:16 . 2011-11-13 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-11-13 03:10 . 2011-11-13 03:10 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-09 03:17 . 2011-11-11 09:02 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Sixyub
2011-11-09 03:17 . 2011-11-11 01:57 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Axix
2011-11-07 03:01 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-06 08:40 . 2011-11-06 08:40 -------- d-----w- c:\program files\Common Files\Simple Adblock
2011-11-04 23:35 . 2011-11-04 23:35 -------- d--h--w- c:\windows\PIF
2011-11-04 23:16 . 2011-11-04 23:16 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\MPlayer
2011-11-04 23:09 . 2011-11-04 23:09 -------- d-----w- c:\program files\SnowFox Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-17 09:52 . 2011-04-22 18:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2009-09-14 10:33 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2009-09-14 10:32 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 17:41 . 2009-09-14 10:33 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 17:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 17:41 . 2009-09-14 10:33 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2009-09-14 10:35 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 00:11 . CB75214525D36F923D3948DA3CD1562D . 1390080 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 . CB75214525D36F923D3948DA3CD1562D . 1390080 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[7] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\VistaMizer\old\comres.dll
.
[-] 2008-04-14 . A55B8899D2EA2E800061BCFD456E34DC . 547328 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . A55B8899D2EA2E800061BCFD456E34DC . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe
.
[-] 2010-08-23 . 4450428C8D90D8C5A6CAEB4BD846B9A4 . 724992 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2010-08-23 . 4450428C8D90D8C5A6CAEB4BD846B9A4 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 4450428C8D90D8C5A6CAEB4BD846B9A4 . 724992 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll
[7] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[7] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
.
[-] 2008-04-14 . 1F796B640B01A277B463E51CF0D79E10 . 587264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . 1F796B640B01A277B463E51CF0D79E10 . 587264 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\user32.dll
.
[-] 2008-04-14 . DCDEAA7B5698587F82C0F6CD7FB71967 . 1551872 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . DCDEAA7B5698587F82C0F6CD7FB71967 . 1551872 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe
.
[-] 2008-04-14 . 18B0915F58A5342AB0F3D01D57261E32 . 267264 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 18B0915F58A5342AB0F3D01D57261E32 . 267264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\regedit.exe
[7] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\I386\REGEDIT.EXE
.
[-] 2010-07-16 . F4BB39217CFDA04706D5B46E0F03AC86 . 1312768 . . [5.1.2600.6010] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2010-07-16 . F4BB39217CFDA04706D5B46E0F03AC86 . 1312768 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll
[-] 2010-07-16 . F4BB39217CFDA04706D5B46E0F03AC86 . 1312768 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll
[7] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\VistaMizer\old\ole32.dll
[7] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
.
[-] 2008-04-14 . A913E1FF4C0BDA15FC542430182EB7B6 . 368640 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . A913E1FF4C0BDA15FC542430182EB7B6 . 368640 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\hnetcfg.dll
.
[7] 2010-12-10 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[7] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-12-09 . 164000DCE17FA3221CD4925456E6EC4A . 2326528 . . [5.1.2600.6055] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2010-12-09 . 164000DCE17FA3221CD4925456E6EC4A . 2326528 . . [5.1.2600.6055] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-12-09 . 164000DCE17FA3221CD4925456E6EC4A . 2326528 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\VistaMizer\old\ntkrnlpa.exe
[7] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[7] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[7] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[7] 2009-08-05 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2006-02-21 . 501C033D08AC37C4BE751633AB02197C . 2057984 . . [5.1.2600.2853] . . c:\windows\$hf_mig$\KB914882\SP2QFE\ntkrnlpa.exe
.
[-] 2009-03-08 . C94590AF0DB0E97199688FF1A77037D2 . 727904 . . [8.00.6001.18702] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[-] 2009-03-08 . C94590AF0DB0E97199688FF1A77037D2 . 727904 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\VistaMizer\old\iexplore.exe
[7] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\ie8\iexplore.exe
.
[7] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[7] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-12-09 . A662B6EC8DF592900BF939DEC12A9A30 . 2449920 . . [5.1.2600.6055] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2010-12-09 . A662B6EC8DF592900BF939DEC12A9A30 . 2449920 . . [5.1.2600.6055] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-12-09 . A662B6EC8DF592900BF939DEC12A9A30 . 2449920 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\VistaMizer\old\ntoskrnl.exe
[7] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[7] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[7] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[7] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2006-02-21 . DF4D09B676964646FA166A78C816B4C3 . 2180992 . . [5.1.2600.2853] . . c:\windows\$hf_mig$\KB914882\SP2QFE\ntoskrnl.exe
.
((((((((((((((((((((((((((((( [email protected]_14.05.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-21 21:00 . 2011-11-21 21:00 16384 c:\windows\Temp\Perflib_Perfdata_664.dat
+ 2011-11-17 09:52 . 2011-11-17 09:52 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe
+ 2010-07-13 19:46 . 2011-11-17 09:52 8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-10-22 53248]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-06-25 884696]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft ScreenHunter 5.1 Plus]
0 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-06-30 00:06 88363 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-07-21 00:22 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2004-07-29 08:34 2551808 ----a-w- c:\windows\ALCWZRD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 23:04 52736 ----a-w- c:\windows\system\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-08-21 05:55 155648 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2003-02-12 03:02 61440 ----a-w- c:\hp\KBD\kbd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-09-01 00:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2003-09-13 03:13 98304 ----a-w- c:\windows\system32\ps2.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 18:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"avg9emc"=2 (0x2)
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WudfSvc"=2 (0x2)
"wscsvc"=2 (0x2)
"W32Time"=2 (0x2)
"Spooler"=2 (0x2)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"MDM"=2 (0x2)
"MBAMService"=2 (0x2)
"!SASCORE"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SansaDispatch"=c:\documents and settings\Compaq_Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"AlcxMonitor"=ALCXMNTR.EXE
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/25/2011 6:36 PM 136360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/6/2011 8:01 PM 22216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 12872]
S4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 4:38 PM 116608]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/6/2011 8:01 PM 366152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://facebook.com/
TCP: Interfaces\{197104F7-41FA-4D93-932D-46F5919591B1}: NameServer = 205.171.3.65,205.171.2.65
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\vjtk55n2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - facebook.com
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-21 16:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,30,74,63,e2,b0,0d,1b,4a,96,de,df,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,30,74,63,e2,b0,0d,1b,4a,96,de,df,\
.
[HKEY_USERS\S-1-5-21-608064118-1507529164-3282805649-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,15"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,22"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,23"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,24"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="c:\\WINDOWS\\system32\\shell32.dll,-175"
"{21EC2020-3AEA-1069-A2DD-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-137"
"{2227A280-3AEA-1069-A2DE-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-138"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="c:\\WINDOWS\\system32\\shell32.dll,38"
"AudioCD"="c:\\WINDOWS\\System32\\shell32.dll,40"
"{FBF23B42-E3F0-101B-8488-00AA003E56F8}"="c:\\WINDOWS\\system32\\shell32.dll,220"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="c:\\WINDOWS\\system32\\mydocs.dll,0"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="c:\\WINDOWS\\system32\\main.cpl,10"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="c:\\WINDOWS\\system32\\wiashext.dll,0"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="c:\\WINDOWS\\system32\\mstask.dll,-100"
"{88C6C381-2E85-11D0-94DE-444553540000}"="c:\\WINDOWS\\System32\\occache.dll,0"
"{BDEADF00-C265-11d0-BCED-00A0C90AB50F}"="c:\\Program Files\\COMMON~1\\MICROS~1\\WEBFOL~1\\MSONSEXT.DLL,0"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="c:\\WINDOWS\\System32\\shdocvw.dll,-20785"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="c:\\WINDOWS\\System32\\webcheck.dll,0"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="c:\\WINDOWS\\system32\\syncui.dll,0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1052)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll
.
- - - - - - - > 'lsass.exe'(1156)
c:\windows\system32\SETUPAPI.dll
.
- - - - - - - > 'explorer.exe'(3488)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-11-21 16:26:55
ComboFix-quarantined-files.txt 2011-11-21 23:26
ComboFix2.txt 2011-11-13 14:29
.
Pre-Run: 18,422,841,344 bytes free
Post-Run: 18,471,043,072 bytes free
.
- - End Of File - - FE9A59E0EBC05BC08F00C738D2984DCD

c:\documents and settings\compaq_owner\application data\Axix\waad.rem

23:35:23.0875 1816 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
23:35:24.0312 1816 ============================================================
23:35:24.0312 1816 Current date / time: 2011/11/21 23:35:24.0312
23:35:24.0312 1816 SystemInfo:
23:35:24.0312 1816
23:35:24.0312 1816 OS Version: 5.1.2600 ServicePack: 3.0
23:35:24.0312 1816 Product type: Workstation
23:35:24.0312 1816 ComputerName: TOKYO
23:35:24.0312 1816 UserName: Compaq_Owner
23:35:24.0312 1816 Windows directory: C:\WINDOWS
23:35:24.0312 1816 System windows directory: C:\WINDOWS
23:35:24.0312 1816 Processor architecture: Intel x86
23:35:24.0312 1816 Number of processors: 1
23:35:24.0312 1816 Page size: 0x1000
23:35:24.0312 1816 Boot type: Normal boot
23:35:24.0312 1816 ============================================================
23:35:27.0796 1816 Initialize success
23:35:40.0656 1864 ============================================================
23:35:40.0656 1864 Scan started
23:35:40.0656 1864 Mode: Manual;
23:35:40.0671 1864 ============================================================
23:35:42.0953 1864 Abiosdsk - ok
23:35:42.0984 1864 abp480n5 - ok
23:35:43.0093 1864 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:35:43.0093 1864 ACPI - ok
23:35:43.0359 1864 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:35:43.0375 1864 ACPIEC - ok
23:35:43.0546 1864 adpu160m - ok
23:35:43.0640 1864 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:35:43.0718 1864 aec - ok
23:35:43.0953 1864 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:35:44.0000 1864 AFD - ok
23:35:44.0296 1864 AgereSoftModem (7560f465f1ce69c53bf17559ee195548) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
23:35:44.0468 1864 AgereSoftModem - ok
23:35:44.0687 1864 Aha154x - ok
23:35:44.0718 1864 aic78u2 - ok
23:35:44.0765 1864 aic78xx - ok
23:35:44.0953 1864 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
23:35:45.0125 1864 ALCXWDM - ok
23:35:45.0328 1864 AliIde - ok
23:35:45.0437 1864 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
23:35:45.0484 1864 AmdK7 - ok
23:35:45.0656 1864 amsint - ok
23:35:45.0937 1864 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:35:45.0984 1864 Arp1394 - ok
23:35:46.0156 1864 asc - ok
23:35:46.0203 1864 asc3350p - ok
23:35:46.0250 1864 asc3550 - ok
23:35:46.0515 1864 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:35:46.0531 1864 AsyncMac - ok
23:35:46.0781 1864 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:35:46.0781 1864 atapi - ok
23:35:46.0953 1864 Atdisk - ok
23:35:47.0062 1864 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:35:47.0078 1864 Atmarpc - ok
23:35:47.0328 1864 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:35:47.0375 1864 audstub - ok
23:35:47.0515 1864 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
23:35:47.0546 1864 avgio - ok
23:35:47.0828 1864 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
23:35:47.0828 1864 avgntflt - ok
23:35:48.0093 1864 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
23:35:48.0140 1864 avipbb - ok
23:35:48.0375 1864 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:35:48.0406 1864 Beep - ok
23:35:48.0593 1864 CA561 - ok
23:35:48.0828 1864 catchme - ok
23:35:49.0046 1864 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:35:49.0078 1864 cbidf2k - ok
23:35:49.0296 1864 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:35:49.0328 1864 CCDECODE - ok
23:35:49.0500 1864 cd20xrnt - ok
23:35:49.0593 1864 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:35:49.0625 1864 Cdaudio - ok
23:35:49.0859 1864 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:35:49.0859 1864 Cdfs - ok
23:35:50.0109 1864 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:35:50.0140 1864 Cdrom - ok
23:35:50.0328 1864 Changer - ok
23:35:50.0390 1864 CmdIde - ok
23:35:50.0468 1864 Cpqarray - ok
23:35:50.0515 1864 dac2w2k - ok
23:35:50.0562 1864 dac960nt - ok
23:35:50.0671 1864 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:35:50.0671 1864 Disk - ok
23:35:50.0968 1864 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:35:51.0031 1864 dmboot - ok
23:35:51.0359 1864 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:35:51.0390 1864 dmio - ok
23:35:51.0593 1864 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:35:51.0625 1864 dmload - ok
23:35:51.0859 1864 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:35:51.0906 1864 DMusic - ok
23:35:52.0093 1864 dpti2o - ok
23:35:52.0187 1864 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:35:52.0203 1864 drmkaud - ok
23:35:52.0375 1864 EagleNT - ok
23:35:52.0578 1864 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:35:52.0578 1864 Fastfat - ok
23:35:52.0796 1864 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
23:35:52.0812 1864 fasttx2k - ok
23:35:53.0031 1864 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:35:53.0062 1864 Fdc - ok
23:35:53.0312 1864 FET5X86V (92cbce0913661ff966f9fb696a1775a5) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
23:35:53.0343 1864 FET5X86V - ok
23:35:53.0359 1864 FETND5BV (92cbce0913661ff966f9fb696a1775a5) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
23:35:53.0359 1864 FETND5BV - ok
23:35:53.0609 1864 FETNDISB (b7186b33b6cf3a23841015531e6e7d68) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
23:35:53.0640 1864 FETNDISB - ok
23:35:53.0921 1864 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:35:53.0953 1864 Fips - ok
23:35:54.0187 1864 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:35:54.0218 1864 Flpydisk - ok
23:35:54.0437 1864 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:35:54.0437 1864 FltMgr - ok
23:35:54.0703 1864 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:35:54.0718 1864 Fs_Rec - ok
23:35:54.0968 1864 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:35:54.0984 1864 Ftdisk - ok
23:35:55.0234 1864 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:35:55.0265 1864 Gpc - ok
23:35:55.0515 1864 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:35:55.0562 1864 HDAudBus - ok
23:35:55.0843 1864 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:35:55.0843 1864 HidUsb - ok
23:35:56.0031 1864 hpn - ok
23:35:56.0281 1864 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:35:56.0312 1864 HPZid412 - ok
23:35:56.0484 1864 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:35:56.0500 1864 HPZipr12 - ok
23:35:56.0750 1864 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:35:56.0781 1864 HPZius12 - ok
23:35:57.0046 1864 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:35:57.0140 1864 HTTP - ok
23:35:57.0343 1864 i2omgmt - ok
23:35:57.0390 1864 i2omp - ok
23:35:57.0484 1864 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:35:57.0531 1864 i8042prt - ok
23:35:57.0781 1864 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
23:35:57.0875 1864 ialm - ok
23:35:58.0140 1864 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:35:58.0171 1864 Imapi - ok
23:35:58.0359 1864 ini910u - ok
23:35:58.0515 1864 IntcAzAudAddService (eafd29c7918325b45e0dabafd82ef75f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:35:58.0671 1864 IntcAzAudAddService - ok
23:35:58.0906 1864 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:35:58.0921 1864 IntelIde - ok
23:35:59.0140 1864 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:35:59.0171 1864 intelppm - ok
23:35:59.0390 1864 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:35:59.0421 1864 Ip6Fw - ok
23:35:59.0703 1864 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:35:59.0718 1864 IpFilterDriver - ok
23:35:59.0921 1864 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:35:59.0953 1864 IpInIp - ok
23:36:00.0125 1864 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:36:00.0140 1864 IpNat - ok
23:36:00.0421 1864 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:36:00.0468 1864 IPSec - ok
23:36:00.0671 1864 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:36:00.0671 1864 IRENUM - ok
23:36:00.0921 1864 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:36:00.0921 1864 isapnp - ok
23:36:01.0171 1864 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:36:01.0203 1864 Kbdclass - ok
23:36:01.0484 1864 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:36:01.0515 1864 kbdhid - ok
23:36:01.0734 1864 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:36:01.0812 1864 kmixer - ok
23:36:02.0031 1864 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:36:02.0031 1864 KSecDD - ok
23:36:02.0250 1864 lbrtfdc - ok
23:36:02.0515 1864 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
23:36:02.0546 1864 MBAMProtector - ok
23:36:02.0781 1864 MBAMSwissArmy - ok
23:36:02.0906 1864 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:36:02.0937 1864 mnmdd - ok
23:36:03.0171 1864 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:36:03.0171 1864 Modem - ok
23:36:03.0421 1864 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:36:03.0453 1864 Mouclass - ok
23:36:03.0656 1864 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:36:03.0687 1864 mouhid - ok
23:36:03.0937 1864 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:36:03.0937 1864 MountMgr - ok
23:36:04.0140 1864 mraid35x - ok
23:36:04.0218 1864 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:36:04.0265 1864 MRxDAV - ok
23:36:04.0515 1864 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:36:04.0546 1864 MRxSmb - ok
23:36:04.0812 1864 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:36:04.0812 1864 Msfs - ok
23:36:05.0031 1864 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:36:05.0062 1864 MSKSSRV - ok
23:36:05.0281 1864 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:36:05.0312 1864 MSPCLOCK - ok
23:36:05.0515 1864 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:36:05.0531 1864 MSPQM - ok
23:36:05.0765 1864 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:36:05.0765 1864 mssmbios - ok
23:36:06.0000 1864 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:36:06.0031 1864 MSTEE - ok
23:36:06.0265 1864 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:36:06.0265 1864 Mup - ok
23:36:06.0437 1864 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:36:06.0484 1864 NABTSFEC - ok
23:36:06.0750 1864 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:36:06.0765 1864 NDIS - ok
23:36:07.0000 1864 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:36:07.0031 1864 NdisIP - ok
23:36:07.0265 1864 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:36:07.0328 1864 NdisTapi - ok
23:36:07.0546 1864 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:36:07.0562 1864 Ndisuio - ok
23:36:07.0828 1864 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:36:07.0875 1864 NdisWan - ok
23:36:08.0125 1864 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:36:08.0171 1864 NDProxy - ok
23:36:08.0453 1864 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:36:08.0453 1864 NetBIOS - ok
23:36:08.0703 1864 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:36:08.0750 1864 NetBT - ok
23:36:09.0046 1864 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:36:09.0046 1864 NIC1394 - ok
23:36:09.0296 1864 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:36:09.0296 1864 Npfs - ok
23:36:09.0578 1864 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:36:09.0609 1864 Ntfs - ok
23:36:09.0890 1864 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:36:09.0906 1864 Null - ok
23:36:10.0218 1864 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:36:10.0421 1864 nv - ok
23:36:10.0687 1864 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:36:10.0718 1864 NwlnkFlt - ok
23:36:11.0000 1864 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:36:11.0031 1864 NwlnkFwd - ok
23:36:11.0265 1864 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:36:11.0281 1864 ohci1394 - ok
23:36:11.0515 1864 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
23:36:11.0562 1864 Parport - ok
23:36:11.0796 1864 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:36:11.0796 1864 PartMgr - ok
23:36:12.0046 1864 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:36:12.0078 1864 ParVdm - ok
23:36:12.0312 1864 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:36:12.0328 1864 PCI - ok
23:36:12.0531 1864 PCIDump - ok
23:36:12.0625 1864 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:36:12.0625 1864 PCIIde - ok
23:36:12.0843 1864 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:36:12.0875 1864 Pcmcia - ok
23:36:13.0062 1864 PDCOMP - ok
23:36:13.0156 1864 PDFRAME - ok
23:36:13.0203 1864 PDRELI - ok
23:36:13.0250 1864 PDRFRAME - ok
23:36:13.0281 1864 perc2 - ok
23:36:13.0328 1864 perc2hib - ok
23:36:13.0640 1864 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:36:13.0671 1864 PptpMiniport - ok
23:36:13.0921 1864 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
23:36:13.0968 1864 Processor - ok
23:36:14.0234 1864 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys
23:36:14.0250 1864 Ps2 - ok
23:36:14.0546 1864 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:36:14.0578 1864 PSched - ok
23:36:14.0859 1864 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:36:14.0890 1864 Ptilink - ok
23:36:15.0125 1864 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:36:15.0140 1864 PxHelp20 - ok
23:36:15.0328 1864 ql1080 - ok
23:36:15.0375 1864 Ql10wnt - ok
23:36:15.0406 1864 ql12160 - ok
23:36:15.0453 1864 ql1240 - ok
23:36:15.0500 1864 ql1280 - ok
23:36:15.0578 1864 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:36:15.0609 1864 RasAcd - ok
23:36:15.0875 1864 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:36:15.0921 1864 Rasl2tp - ok
23:36:16.0187 1864 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:36:16.0234 1864 RasPppoe - ok
23:36:16.0484 1864 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:36:16.0515 1864 Raspti - ok
23:36:16.0765 1864 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:36:16.0765 1864 Rdbss - ok
23:36:17.0078 1864 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:36:17.0109 1864 RDPCDD - ok
23:36:17.0281 1864 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
23:36:17.0328 1864 RDPWD - ok
23:36:17.0578 1864 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:36:17.0609 1864 redbook - ok
23:36:17.0859 1864 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
23:36:17.0906 1864 rtl8139 - ok
23:36:18.0078 1864 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:36:18.0109 1864 SASDIFSV - ok
23:36:18.0265 1864 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
23:36:18.0296 1864 SASENUM - ok
23:36:18.0468 1864 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:36:18.0500 1864 SASKUTIL - ok
23:36:18.0734 1864 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:36:18.0765 1864 Secdrv - ok
23:36:19.0015 1864 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:36:19.0046 1864 serenum - ok
23:36:19.0296 1864 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
23:36:19.0328 1864 Serial - ok
23:36:19.0593 1864 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:36:19.0609 1864 Sfloppy - ok
23:36:19.0781 1864 Simbad - ok
23:36:19.0890 1864 SiS315 (020467b4ee7f73c304943bf0e3e4d526) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
23:36:19.0921 1864 SiS315 - ok
23:36:20.0140 1864 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
23:36:20.0140 1864 SISAGP - ok
23:36:20.0390 1864 SiSkp (02960a9c3f4e5178edbd9c0d2d995b3b) C:\WINDOWS\system32\DRIVERS\srvkp.sys
23:36:20.0421 1864 SiSkp - ok
23:36:20.0640 1864 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:36:20.0656 1864 SLIP - ok
23:36:20.0875 1864 Sparrow - ok
23:36:21.0203 1864 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:36:21.0218 1864 splitter - ok
23:36:21.0453 1864 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:36:21.0453 1864 sr - ok
23:36:21.0718 1864 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:36:21.0750 1864 Srv - ok
23:36:22.0046 1864 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
23:36:22.0078 1864 ssmdrv - ok
23:36:22.0328 1864 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:36:22.0343 1864 streamip - ok
23:36:22.0593 1864 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:36:22.0609 1864 swenum - ok
23:36:22.0890 1864 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:36:22.0921 1864 swmidi - ok
23:36:23.0140 1864 symc810 - ok
23:36:23.0437 1864 symc8xx - ok
23:36:23.0546 1864 sym_hi - ok
23:36:23.0578 1864 sym_u3 - ok
23:36:23.0687 1864 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:36:23.0703 1864 sysaudio - ok
23:36:24.0015 1864 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:36:24.0109 1864 Tcpip - ok
23:36:24.0359 1864 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:36:24.0375 1864 TDPIPE - ok
23:36:24.0593 1864 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:36:24.0625 1864 TDTCP - ok
23:36:24.0843 1864 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:36:24.0875 1864 TermDD - ok
23:36:25.0140 1864 TosIde - ok
23:36:25.0250 1864 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:36:25.0265 1864 Udfs - ok
23:36:25.0593 1864 ultra - ok
23:36:25.0921 1864 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:36:26.0031 1864 Update - ok
23:36:26.0281 1864 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:36:26.0312 1864 usbccgp - ok
23:36:26.0546 1864 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:36:26.0578 1864 usbehci - ok
23:36:26.0859 1864 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:36:26.0890 1864 usbhub - ok
23:36:27.0109 1864 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:36:27.0140 1864 usbohci - ok
23:36:27.0375 1864 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:36:27.0406 1864 usbprint - ok
23:36:27.0640 1864 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:36:27.0671 1864 usbscan - ok
23:36:27.0921 1864 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:36:27.0921 1864 USBSTOR - ok
23:36:28.0171 1864 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:36:28.0203 1864 usbuhci - ok
23:36:28.0437 1864 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
23:36:28.0468 1864 usbvideo - ok
23:36:28.0687 1864 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
23:36:28.0718 1864 USB_RNDIS - ok
23:36:28.0937 1864 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:36:28.0968 1864 VgaSave - ok
23:36:29.0171 1864 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
23:36:29.0187 1864 viaagp1 - ok
23:36:29.0281 1864 viagfx (45489356501ec6cbb789dece991d393f) C:\WINDOWS\system32\DRIVERS\vtmini.sys
23:36:29.0328 1864 viagfx - ok
23:36:29.0578 1864 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
23:36:29.0578 1864 ViaIde - ok
23:36:29.0812 1864 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:36:29.0812 1864 VolSnap - ok
23:36:30.0078 1864 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:36:30.0109 1864 Wanarp - ok
23:36:30.0296 1864 WDICA - ok
23:36:30.0406 1864 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:36:30.0437 1864 wdmaud - ok
23:36:30.0796 1864 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
23:36:30.0828 1864 WpdUsb - ok
23:36:31.0109 1864 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:36:31.0125 1864 WS2IFSL - ok
23:36:31.0359 1864 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:36:31.0390 1864 WSTCODEC - ok
23:36:31.0656 1864 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:36:31.0656 1864 WudfPf - ok
23:36:31.0875 1864 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:36:31.0906 1864 WudfRd - ok
23:36:32.0031 1864 MBR (0x1B8) (bad0263fbe81b49f5f07b32dc9d198b3) \Device\Harddisk0\DR0
23:36:32.0031 1864 \Device\Harddisk0\DR0 - ok
23:36:32.0046 1864 Boot (0x1200) (094861e8ffb2efd30015a4f364517345) \Device\Harddisk0\DR0\Partition0
23:36:32.0046 1864 \Device\Harddisk0\DR0\Partition0 - ok
23:36:32.0078 1864 Boot (0x1200) (d6fda804a4a1b73462ca2bf5084e60fb) \Device\Harddisk0\DR0\Partition1
23:36:32.0078 1864 \Device\Harddisk0\DR0\Partition1 - ok
23:36:32.0093 1864 ============================================================
23:36:32.0093 1864 Scan finished
23:36:32.0093 1864 ============================================================
23:36:32.0125 3516 Detected object count: 0
23:36:32.0125 3516 Actual detected object count: 0

Larusso · Nov 22, 2011

Hy there,

You ran CF again instead of looking for the Logfile only
We will delete the current version of Combofix.

Please press the + R Key and Copy/Paste the following single-line command into the Run box and click OK

cmd /c del /a/f/q "c:\documents and settings\Compaq_Owner\My Documents\Downloads\ComboFix.exe"

Please download and scan with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
You can use this thread as a guide.

Please include the C:\ComboFix.txt in your next reply for further review.

Please post in your next reply
Combofix.txt
How is your system behaving now

Silent_Devotion · Nov 22, 2011

I hope this is what you were talking about. I'm sorry for not completely understanding what you wanted. I've been using a computer for years now, but am still not very good at it. It is running better than it was when I first posted here. I no longer am redirected every time I click onto a link. I've been having some issues with flash content loading slowly. It has gotten a little better. I think I need to get a new anti-virus, though. The one I have doesn't seem to be very good. I get infected from nearly every site that I visit. Youtube, yahoo, msn, imbd, wikipedia, facebook, etc. So I don't think my anti-virus is doing its job. I scan it every day, and there is always new infections.

ComboFix 11-11-22.03 - Compaq_Owner 11/22/2011 21:11:48.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.487 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Owner\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\vjtk55n2.default\searchplugins\bing-zugo.xml
.
.
((((((((((((((((((((((((( Files Created from 2011-10-23 to 2011-11-23 )))))))))))))))))))))))))))))))
.
.
2011-11-13 10:56 . 2011-11-13 10:57 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\AVG
2011-11-13 03:36 . 2011-11-14 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-11-13 03:29 . 2011-11-14 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-11-13 03:18 . 2011-11-13 04:20 -------- d-----w- c:\program files\Common Files\PC Tools
2011-11-13 03:18 . 2011-11-13 04:20 -------- d-----w- c:\program files\PC Tools Security
2011-11-13 03:16 . 2011-11-13 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-11-13 03:10 . 2011-11-13 03:10 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-09 03:17 . 2011-11-11 09:02 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Sixyub
2011-11-09 03:17 . 2011-11-11 01:57 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Axix
2011-11-07 03:01 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-06 08:40 . 2011-11-06 08:40 -------- d-----w- c:\program files\Common Files\Simple Adblock
2011-11-04 23:35 . 2011-11-04 23:35 -------- d--h--w- c:\windows\PIF
2011-11-04 23:16 . 2011-11-04 23:16 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\MPlayer
2011-11-04 23:09 . 2011-11-04 23:09 -------- d-----w- c:\program files\SnowFox Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-17 09:52 . 2011-04-22 18:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2009-09-14 10:33 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2009-09-14 10:32 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 17:41 . 2009-09-14 10:33 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 17:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 17:41 . 2009-09-14 10:33 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2009-09-14 10:35 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 00:11 . CB75214525D36F923D3948DA3CD1562D . 1390080 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 . CB75214525D36F923D3948DA3CD1562D . 1390080 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[7] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\VistaMizer\old\comres.dll
.
[-] 2008-04-14 . A55B8899D2EA2E800061BCFD456E34DC . 547328 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . A55B8899D2EA2E800061BCFD456E34DC . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe
.
[-] 2010-08-23 . 4450428C8D90D8C5A6CAEB4BD846B9A4 . 724992 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2010-08-23 . 4450428C8D90D8C5A6CAEB4BD846B9A4 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 4450428C8D90D8C5A6CAEB4BD846B9A4 . 724992 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll
[7] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[7] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
.
[-] 2008-04-14 . 1F796B640B01A277B463E51CF0D79E10 . 587264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . 1F796B640B01A277B463E51CF0D79E10 . 587264 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\user32.dll
.
[-] 2008-04-14 . DCDEAA7B5698587F82C0F6CD7FB71967 . 1551872 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . DCDEAA7B5698587F82C0F6CD7FB71967 . 1551872 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe
.
[-] 2008-04-14 . 18B0915F58A5342AB0F3D01D57261E32 . 267264 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 18B0915F58A5342AB0F3D01D57261E32 . 267264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\regedit.exe
[7] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\I386\REGEDIT.EXE
.
[-] 2010-07-16 . F4BB39217CFDA04706D5B46E0F03AC86 . 1312768 . . [5.1.2600.6010] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2010-07-16 . F4BB39217CFDA04706D5B46E0F03AC86 . 1312768 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll
[-] 2010-07-16 . F4BB39217CFDA04706D5B46E0F03AC86 . 1312768 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll
[7] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\VistaMizer\old\ole32.dll
[7] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
.
[-] 2008-04-14 . A913E1FF4C0BDA15FC542430182EB7B6 . 368640 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . A913E1FF4C0BDA15FC542430182EB7B6 . 368640 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\hnetcfg.dll
.
[7] 2010-12-10 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[7] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-12-09 . 164000DCE17FA3221CD4925456E6EC4A . 2326528 . . [5.1.2600.6055] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2010-12-09 . 164000DCE17FA3221CD4925456E6EC4A . 2326528 . . [5.1.2600.6055] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-12-09 . 164000DCE17FA3221CD4925456E6EC4A . 2326528 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\VistaMizer\old\ntkrnlpa.exe
[7] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[7] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[7] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[7] 2009-08-05 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2006-02-21 . 501C033D08AC37C4BE751633AB02197C . 2057984 . . [5.1.2600.2853] . . c:\windows\$hf_mig$\KB914882\SP2QFE\ntkrnlpa.exe
.
[-] 2009-03-08 . C94590AF0DB0E97199688FF1A77037D2 . 727904 . . [8.00.6001.18702] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[-] 2009-03-08 . C94590AF0DB0E97199688FF1A77037D2 . 727904 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\VistaMizer\old\iexplore.exe
[7] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\ie8\iexplore.exe
.
[7] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[7] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-12-09 . A662B6EC8DF592900BF939DEC12A9A30 . 2449920 . . [5.1.2600.6055] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2010-12-09 . A662B6EC8DF592900BF939DEC12A9A30 . 2449920 . . [5.1.2600.6055] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-12-09 . A662B6EC8DF592900BF939DEC12A9A30 . 2449920 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\VistaMizer\old\ntoskrnl.exe
[7] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[7] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[7] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[7] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2006-02-21 . DF4D09B676964646FA166A78C816B4C3 . 2180992 . . [5.1.2600.2853] . . c:\windows\$hf_mig$\KB914882\SP2QFE\ntoskrnl.exe
.
((((((((((((((((((((((((((((( [email protected]_14.05.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-22 20:20 . 2011-11-22 20:20 16384 c:\windows\Temp\Perflib_Perfdata_684.dat
+ 2011-11-17 09:52 . 2011-11-17 09:52 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe
+ 2010-07-13 19:46 . 2011-11-17 09:52 8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-10-22 53248]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-06-25 884696]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft ScreenHunter 5.1 Plus]
0 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-06-30 00:06 88363 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-07-21 00:22 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2004-07-29 08:34 2551808 ----a-w- c:\windows\ALCWZRD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 23:04 52736 ----a-w- c:\windows\system\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-08-21 05:55 155648 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2003-02-12 03:02 61440 ----a-w- c:\hp\KBD\kbd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-09-01 00:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2003-09-13 03:13 98304 ----a-w- c:\windows\system32\ps2.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 18:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"avg9emc"=2 (0x2)
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WudfSvc"=2 (0x2)
"wscsvc"=2 (0x2)
"W32Time"=2 (0x2)
"Spooler"=2 (0x2)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"MDM"=2 (0x2)
"MBAMService"=2 (0x2)
"!SASCORE"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SansaDispatch"=c:\documents and settings\Compaq_Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"AlcxMonitor"=ALCXMNTR.EXE
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/25/2011 6:36 PM 136360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/6/2011 8:01 PM 22216]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 12872]
S4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 4:38 PM 116608]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/6/2011 8:01 PM 366152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://facebook.com/
TCP: Interfaces\{197104F7-41FA-4D93-932D-46F5919591B1}: NameServer = 205.171.3.65,205.171.2.65
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\vjtk55n2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - facebook.com
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-22 21:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,30,74,63,e2,b0,0d,1b,4a,96,de,df,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,30,74,63,e2,b0,0d,1b,4a,96,de,df,\
.
[HKEY_USERS\S-1-5-21-608064118-1507529164-3282805649-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,15"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,22"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,23"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,24"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="c:\\WINDOWS\\system32\\shell32.dll,-175"
"{21EC2020-3AEA-1069-A2DD-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-137"
"{2227A280-3AEA-1069-A2DE-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-138"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="c:\\WINDOWS\\system32\\shell32.dll,38"
"AudioCD"="c:\\WINDOWS\\System32\\shell32.dll,40"
"{FBF23B42-E3F0-101B-8488-00AA003E56F8}"="c:\\WINDOWS\\system32\\shell32.dll,220"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="c:\\WINDOWS\\system32\\mydocs.dll,0"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="c:\\WINDOWS\\system32\\main.cpl,10"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="c:\\WINDOWS\\system32\\wiashext.dll,0"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="c:\\WINDOWS\\system32\\mstask.dll,-100"
"{88C6C381-2E85-11D0-94DE-444553540000}"="c:\\WINDOWS\\System32\\occache.dll,0"
"{BDEADF00-C265-11d0-BCED-00A0C90AB50F}"="c:\\Program Files\\COMMON~1\\MICROS~1\\WEBFOL~1\\MSONSEXT.DLL,0"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="c:\\WINDOWS\\System32\\shdocvw.dll,-20785"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="c:\\WINDOWS\\System32\\webcheck.dll,0"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="c:\\WINDOWS\\system32\\syncui.dll,0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1052)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll
.
- - - - - - - > 'lsass.exe'(1152)
c:\windows\system32\SETUPAPI.dll
.
Completion time: 2011-11-22 21:24:31
ComboFix-quarantined-files.txt 2011-11-23 04:24
ComboFix2.txt 2011-11-21 23:26
ComboFix3.txt 2011-11-13 14:29
.
Pre-Run: 18,435,809,280 bytes free
Post-Run: 18,457,985,024 bytes free
.
- - End Of File - - 12A5463B1B25309CD797717FF2C96FE0

Larusso · Nov 23, 2011

Hy there
Are you still using the Firewall from ZoneAlarm or AVG ?

I see in your logs that you disabled a lot of startup entries with the System Diagnostic Tool msconfig.
You may want to read this link why you should not do this.
So I would recommend to re-enable all of them and we will see what does not need to start every time when you booting your system.

Start --> Run --> ( type in ) msconfig --> OK. Select the Startup tab and click on enable all

The one I have doesn't seem to be very good
Click to expand...

I used Avira for a long time and never had any problems with it. Could you please perform a full systemscan with Avira and post the logfile it produced that I can look what it is detecting.

Larusso · Nov 26, 2011

Hello, are you still with us?

If you do not reply within 24 hours I will unsubscribe this thread and wont be notified about new replies.

Larusso · Nov 27, 2011

Due a lack of response,

I will now unsubscribe this thread and do not get any notifications about now replies

Log in or Sign up

I'm pretty sure my browser has been hijacked. I REALLY need some help with this.

Silent_Devotion Thread Starter

Larusso

Larusso

Silent_Devotion Thread Starter

Larusso

Silent_Devotion Thread Starter

Larusso

Silent_Devotion Thread Starter

Larusso

Silent_Devotion Thread Starter

Larusso

Larusso

Larusso

Sponsor

Welcome to Tech Support Guy!

New Hacked, unsure if i am safe

I'm pretty sure my browser has been hijacked. I REALLY need some help with this.

Silent_Devotion Thread Starter

Silent_Devotion Thread Starter

Silent_Devotion Thread Starter

Silent_Devotion Thread Starter

Silent_Devotion Thread Starter

Sponsor

Welcome to Tech Support Guy!

New Hacked, unsure if i am safe

Useful Searches