1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

My Google searches are being redirected

Discussion in 'Virus & Other Malware Removal' started by Yedi, Aug 4, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Yedi

    Yedi Thread Starter

    Joined:
    Aug 4, 2010
    Messages:
    18
    Hi I'm having trouble with google searches being redirected. I'm running XP and none of the malware /antivirus programs I've tried can find the problem. I have attached a HJT log done a few minutes ago


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:58:42 PM, on 04/08/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Allway Sync\Bin\syncappw.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\Ward\My Documents\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://signup.execulink.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
    R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://my.execulink.com"); (C:\PROGRAM FILES\BUSINESS INTERNET DIAL\COMMUNICATOR\Execulink\prefs.js)
    O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: MyHeritage New Tab - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Program Files\Family Toolbar\mhxpcomi.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Allway Sync] "C:\Program Files\Allway Sync\Bin\syncappw.exe" -m
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\PROGRAM FILES\ICQTOOLBAR\TOOLBAR.DLL/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1194893653031
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
    O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} - http://arcade.icq.com/multiplayer/odyssey_web8.cab
    O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/angelx/SonyPicturesGameDownloader.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {C852B12E-3F08-4099-AF8E-32FD327B88EA} - http://rockstar.messenger.msn.com/rockstar.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DCA94B48-119B-453C-8863-DE6B9186A81B} (SB_INIT_V3.ctlInit_V3) - https://sb.smartborder.com/Client/InstallFiles/SB_INIT_V3.CAB
    O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.bravetree.com/downloader/BTDownloadCtrl.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://map.hamilton.ca/InteractiveMaps1024/ACGM/Acgm.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
    O18 - Protocol: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Family Toolbar\mhxpcomi.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    --
    End of file - 11300 bytes
     
  2. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


      [​IMG]

    • If an infected file is detected, the default action will be Cure, click on Continue.


      [​IMG]

    • If a suspicious file is detected, the default action will be Skip, click on Continue.


      [​IMG]

    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


      [​IMG]

    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
     
  3. Yedi

    Yedi Thread Starter

    Joined:
    Aug 4, 2010
    Messages:
    18
    Sadly it found nothing.

    2010/08/05 07:20:26.0218 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41
    2010/08/05 07:20:26.0218 ================================================================================
    2010/08/05 07:20:26.0218 SystemInfo:
    2010/08/05 07:20:26.0218
    2010/08/05 07:20:26.0218 OS Version: 5.1.2600 ServicePack: 3.0
    2010/08/05 07:20:26.0218 Product type: Workstation
    2010/08/05 07:20:26.0218 ComputerName: WARD-3E7AA417A4
    2010/08/05 07:20:26.0218 UserName: Ward
    2010/08/05 07:20:26.0218 Windows directory: C:\WINDOWS
    2010/08/05 07:20:26.0218 System windows directory: C:\WINDOWS
    2010/08/05 07:20:26.0218 Processor architecture: Intel x86
    2010/08/05 07:20:26.0218 Number of processors: 2
    2010/08/05 07:20:26.0218 Page size: 0x1000
    2010/08/05 07:20:26.0218 Boot type: Normal boot
    2010/08/05 07:20:26.0218 ================================================================================
    2010/08/05 07:20:26.0562 Initialize success
    2010/08/05 07:20:30.0250 ================================================================================
    2010/08/05 07:20:30.0250 Scan started
    2010/08/05 07:20:30.0250 Mode: Manual;
    2010/08/05 07:20:30.0250 ================================================================================
    2010/08/05 07:20:31.0296 Aavmker4 (467f062f76e07512ecc1f5f60aab2988) C:\WINDOWS\system32\drivers\Aavmker4.sys
    2010/08/05 07:20:31.0343 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/08/05 07:20:31.0390 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2010/08/05 07:20:31.0671 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/08/05 07:20:31.0828 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/08/05 07:20:31.0953 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2010/08/05 07:20:31.0984 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2010/08/05 07:20:32.0000 aswMon2 (aa504fa592c9ed79174cb06b8ae340aa) C:\WINDOWS\system32\drivers\aswMon2.sys
    2010/08/05 07:20:32.0031 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\WINDOWS\system32\drivers\aswRdr.sys
    2010/08/05 07:20:32.0046 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\WINDOWS\system32\drivers\aswSP.sys
    2010/08/05 07:20:32.0062 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\WINDOWS\system32\drivers\aswTdi.sys
    2010/08/05 07:20:32.0093 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/08/05 07:20:32.0093 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/08/05 07:20:32.0140 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/08/05 07:20:32.0171 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/08/05 07:20:32.0296 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    2010/08/05 07:20:32.0296 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    2010/08/05 07:20:32.0343 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
    2010/08/05 07:20:32.0390 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/08/05 07:20:32.0437 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/08/05 07:20:32.0468 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2010/08/05 07:20:32.0500 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/08/05 07:20:32.0515 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/08/05 07:20:32.0531 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/08/05 07:20:32.0593 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/08/05 07:20:32.0640 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/08/05 07:20:32.0671 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/08/05 07:20:32.0687 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/08/05 07:20:32.0703 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/08/05 07:20:32.0734 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/08/05 07:20:32.0796 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/08/05 07:20:32.0796 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2010/08/05 07:20:32.0812 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/08/05 07:20:32.0828 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2010/08/05 07:20:32.0843 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2010/08/05 07:20:32.0875 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
    2010/08/05 07:20:32.0890 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/08/05 07:20:32.0890 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/08/05 07:20:32.0921 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    2010/08/05 07:20:32.0937 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/08/05 07:20:32.0968 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2010/08/05 07:20:32.0984 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/08/05 07:20:33.0031 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/08/05 07:20:33.0046 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/08/05 07:20:33.0203 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    2010/08/05 07:20:33.0296 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/08/05 07:20:33.0328 InCDfs (544f76e71f026099a563c202e2e4a341) C:\WINDOWS\system32\drivers\InCDFs.sys
    2010/08/05 07:20:33.0343 InCDPass (13708047b3988ac50e81e524ac32edbe) C:\WINDOWS\system32\drivers\InCDPass.sys
    2010/08/05 07:20:33.0359 InCDrec (182edee6cfaeaf5174ae6e6d714cf778) C:\WINDOWS\system32\drivers\InCDrec.sys
    2010/08/05 07:20:33.0375 incdrm (367f3d160e7129f057838a341a5339b2) C:\WINDOWS\system32\drivers\InCDRm.sys
    2010/08/05 07:20:33.0515 IntcAzAudAddService (b29781b9a90cd55fc5d859c0b1c243bc) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2010/08/05 07:20:33.0640 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/08/05 07:20:33.0671 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2010/08/05 07:20:33.0687 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/08/05 07:20:33.0703 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/08/05 07:20:33.0718 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/08/05 07:20:33.0734 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/08/05 07:20:33.0750 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/08/05 07:20:33.0781 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/08/05 07:20:33.0812 JL2005C (b12f5ff3a2221987ac3a81ce1fe76cc6) C:\WINDOWS\system32\Drivers\jl2005c.sys
    2010/08/05 07:20:33.0828 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/08/05 07:20:33.0859 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2010/08/05 07:20:33.0875 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/08/05 07:20:33.0890 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/08/05 07:20:33.0937 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
    2010/08/05 07:20:33.0984 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
    2010/08/05 07:20:34.0000 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/08/05 07:20:34.0031 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/08/05 07:20:34.0046 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/08/05 07:20:34.0062 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/08/05 07:20:34.0078 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/08/05 07:20:34.0093 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/08/05 07:20:34.0125 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/08/05 07:20:34.0140 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/08/05 07:20:34.0171 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/08/05 07:20:34.0187 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/08/05 07:20:34.0203 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/08/05 07:20:34.0218 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/08/05 07:20:34.0234 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2010/08/05 07:20:34.0250 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
    2010/08/05 07:20:34.0250 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/08/05 07:20:34.0265 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2010/08/05 07:20:34.0312 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/08/05 07:20:34.0343 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2010/08/05 07:20:34.0343 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/08/05 07:20:34.0375 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/08/05 07:20:34.0390 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/08/05 07:20:34.0390 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/08/05 07:20:34.0406 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/08/05 07:20:34.0421 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/08/05 07:20:34.0453 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2010/08/05 07:20:34.0468 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/08/05 07:20:34.0515 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/08/05 07:20:34.0546 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/08/05 07:20:34.0750 nv (f85e109844787668ce8aab54ef14362a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2010/08/05 07:20:34.0953 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/08/05 07:20:34.0968 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/08/05 07:20:34.0984 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2010/08/05 07:20:35.0000 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys
    2010/08/05 07:20:35.0031 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2010/08/05 07:20:35.0046 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/08/05 07:20:35.0062 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/08/05 07:20:35.0062 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/08/05 07:20:35.0093 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/08/05 07:20:35.0125 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2010/08/05 07:20:35.0203 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/08/05 07:20:35.0218 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/08/05 07:20:35.0234 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/08/05 07:20:35.0265 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2010/08/05 07:20:35.0312 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/08/05 07:20:35.0328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/08/05 07:20:35.0343 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/08/05 07:20:35.0343 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/08/05 07:20:35.0359 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/08/05 07:20:35.0390 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/08/05 07:20:35.0390 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/08/05 07:20:35.0421 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/08/05 07:20:35.0453 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/08/05 07:20:35.0500 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
    2010/08/05 07:20:35.0500 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
    2010/08/05 07:20:35.0531 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    2010/08/05 07:20:35.0656 RTCore32 (2c293f0f3295a599fb50d8fcf1fa6ded) C:\Program Files\EVGA Precision\RTCore32.sys
    2010/08/05 07:20:35.0718 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    2010/08/05 07:20:35.0734 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    2010/08/05 07:20:35.0750 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
    2010/08/05 07:20:35.0796 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/08/05 07:20:35.0812 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/08/05 07:20:35.0828 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2010/08/05 07:20:35.0859 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/08/05 07:20:35.0890 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2010/08/05 07:20:35.0937 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/08/05 07:20:35.0937 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/08/05 07:20:35.0968 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/08/05 07:20:36.0015 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    2010/08/05 07:20:36.0046 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2010/08/05 07:20:36.0046 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/08/05 07:20:36.0062 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/08/05 07:20:36.0125 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/08/05 07:20:36.0156 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/08/05 07:20:36.0171 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/08/05 07:20:36.0187 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/08/05 07:20:36.0203 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/08/05 07:20:36.0265 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
    2010/08/05 07:20:36.0281 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/08/05 07:20:36.0328 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/08/05 07:20:36.0359 USB100TX (17505be4af8e1ef9f66f0b3e96b3eedd) C:\WINDOWS\system32\DRIVERS\USB100TX.sys
    2010/08/05 07:20:36.0390 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2010/08/05 07:20:36.0406 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2010/08/05 07:20:36.0421 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/08/05 07:20:36.0453 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/08/05 07:20:36.0468 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/08/05 07:20:36.0515 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/08/05 07:20:36.0546 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/08/05 07:20:36.0578 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/08/05 07:20:36.0609 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/08/05 07:20:36.0656 VNUSB (ae01e1ed5a81e0d268b91b4a6de5a872) C:\WINDOWS\system32\DRIVERS\VNUSB.sys
    2010/08/05 07:20:36.0703 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/08/05 07:20:36.0734 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/08/05 07:20:36.0781 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/08/05 07:20:36.0843 WinDriver6 (94e4312d546048bf31604a8b2ad13fc0) C:\WINDOWS\system32\drivers\windrvr6.sys
    2010/08/05 07:20:36.0906 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2010/08/05 07:20:36.0937 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/08/05 07:20:36.0953 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2010/08/05 07:20:37.0000 yukonwxp (7578410b1512fad9c485b134561e8b78) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
    2010/08/05 07:20:37.0046 ================================================================================
    2010/08/05 07:20:37.0046 Scan finished
    2010/08/05 07:20:37.0046 ================================================================================
     
  4. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    Download ComboFix here :

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

      Click me

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
     
  5. Yedi

    Yedi Thread Starter

    Joined:
    Aug 4, 2010
    Messages:
    18
    ComboFix 10-08-05.01 - Ward 05/08/2010 15:17:13.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1289 [GMT -4:00]
    Running from: c:\documents and settings\Ward\Desktop\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((( Files Created from 2010-07-05 to 2010-08-05 )))))))))))))))))))))))))))))))
    .

    2010-08-05 00:25 . 2010-08-05 00:25 503808 ----a-w- c:\documents and settings\Ward\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-417762a0-n\msvcp71.dll
    2010-08-05 00:25 . 2010-08-05 00:25 499712 ----a-w- c:\documents and settings\Ward\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-417762a0-n\jmc.dll
    2010-08-05 00:25 . 2010-08-05 00:25 348160 ----a-w- c:\documents and settings\Ward\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-417762a0-n\msvcr71.dll
    2010-08-05 00:25 . 2010-08-05 00:25 61440 ----a-w- c:\documents and settings\Ward\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3972b727-n\decora-sse.dll
    2010-08-05 00:25 . 2010-08-05 00:25 12800 ----a-w- c:\documents and settings\Ward\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3972b727-n\decora-d3d.dll
    2010-08-04 01:52 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-08-04 00:08 . 2010-07-12 08:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-08-04 00:08 . 2010-08-04 00:08 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-08-03 23:55 . 2010-08-03 23:55 -------- d-----w- c:\documents and settings\Ward\Local Settings\Application Data\Sunbelt Software
    2010-08-03 23:54 . 2010-08-03 23:54 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
    2010-08-03 23:54 . 2010-07-12 08:56 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
    2010-08-02 16:35 . 2010-08-02 16:43 -------- d-----w- c:\documents and settings\Ward\Local Settings\Application Data\Temp
    2010-07-31 19:04 . 2010-07-31 19:04 -------- d-----w- c:\documents and settings\Ward\Application Data\HotSync
    2010-07-31 17:54 . 2010-07-31 17:54 -------- d-----w- c:\program files\iPod
    2010-07-31 17:54 . 2010-07-31 17:54 -------- d-----w- c:\program files\iTunes
    2010-07-31 17:54 . 2010-07-31 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-07-31 17:51 . 2010-07-31 17:52 -------- d-----w- c:\program files\QuickTime
    2010-07-31 17:50 . 2010-07-31 17:50 -------- d-----w- c:\program files\Apple Software Update
    2010-07-31 17:49 . 2010-07-31 17:49 -------- d-----w- c:\program files\Bonjour
    2010-07-27 11:17 . 2010-07-27 11:18 -------- d-----w- C:\577275a2a527d3656de56b4072cb03eb
    2010-07-27 11:03 . 2010-07-27 11:03 -------- d-----r- C:\AHCache
    2010-07-27 11:00 . 2010-08-02 21:36 -------- d-----w- c:\documents and settings\Ward\Local Settings\Application Data\CurseClient
    2010-07-24 00:57 . 2010-08-05 11:31 -------- d-----w- c:\documents and settings\Ward\Local Settings\Application Data\._Revolution_
    2010-07-23 23:18 . 2010-07-23 23:18 55576 ----a-w- c:\documents and settings\Ward\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-07-23 23:17 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-07-23 23:17 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-07-23 23:17 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-07-23 23:17 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-07-23 23:17 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-07-23 23:17 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-07-23 23:17 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-07-23 23:16 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
    2010-07-23 23:16 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
    2010-07-23 23:16 . 2010-07-23 23:16 -------- d-----w- c:\program files\Alwil Software
    2010-07-23 23:16 . 2010-07-23 23:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-07-23 19:16 . 2010-07-23 19:16 -------- d-----w- C:\030fb28b539b7e2c35f27d08
    2010-07-23 18:15 . 2010-07-23 18:15 -------- d-----w- c:\program files\Windows Resource Kits
    2010-07-23 17:48 . 2010-07-23 17:49 -------- d-----w- C:\a91aa703055ce7f83496
    2010-07-23 16:52 . 2010-07-23 16:52 -------- d-----w- c:\windows\system32\winrm
    2010-07-23 16:52 . 2010-07-23 16:52 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2010-07-23 16:04 . 2010-07-23 16:04 -------- d-----w- c:\windows\system32\DRM
    2010-07-23 14:23 . 2010-07-23 14:23 -------- d-----w- C:\89e27a8b49ac714e8e47
    2010-07-23 12:00 . 2010-07-23 12:00 63488 ----a-w- c:\documents and settings\Ward\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    2010-07-23 12:00 . 2010-07-23 12:00 52224 ----a-w- c:\documents and settings\Ward\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-07-23 12:00 . 2010-07-23 12:00 117760 ----a-w- c:\documents and settings\Ward\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-07-23 11:59 . 2010-07-23 11:59 -------- d-----w- c:\documents and settings\Ward\Application Data\SUPERAntiSpyware.com
    2010-07-23 11:59 . 2010-07-23 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-07-23 11:59 . 2010-07-23 12:00 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-07-23 01:00 . 2010-07-23 01:00 -------- d-sh--w- c:\documents and settings\Ward\IECompatCache
    2010-07-23 00:56 . 2010-07-23 00:56 -------- d-sh--w- c:\documents and settings\Ward\PrivacIE
    2010-07-22 23:01 . 2010-08-05 16:47 -------- d-----w- c:\windows\system32\NtmsData
    2010-07-22 22:59 . 2010-07-22 22:59 -------- d-----w- c:\documents and settings\Ward\Application Data\Avira
    2010-07-22 22:55 . 2010-07-22 22:55 -------- d-----w- c:\program files\Avira
    2010-07-22 22:55 . 2010-07-22 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2010-07-22 22:55 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-07-22 22:55 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-07-22 22:55 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-07-22 22:55 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-07-22 22:44 . 2010-07-22 22:44 -------- d-sh--w- c:\documents and settings\Ward\IETldCache
    2010-07-22 22:21 . 2010-07-22 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-07-22 22:21 . 2010-07-22 22:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-07-22 21:38 . 2010-07-22 21:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-07-22 21:38 . 2010-07-22 22:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-22 21:38 . 2010-07-22 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-07-22 21:18 . 2010-07-22 21:18 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2010-07-22 21:13 . 2010-07-22 21:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2010-07-22 21:00 . 2010-07-22 21:00 -------- d-----w- C:\~ErdUserProfile.$$$
    2010-07-22 13:30 . 2010-07-22 13:30 -------- d-----w- C:\spoolerlogs
    2010-07-21 20:30 . 2010-07-21 20:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
    2010-07-14 19:36 . 2010-06-14 14:31 744448 -c--a-w- c:\windows\system32\dllcache\helpsvc.exe
    2010-07-09 22:22 . 2009-09-04 21:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
    2010-07-09 22:22 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
    2010-07-09 16:14 . 2010-07-09 16:14 -------- d-----w- c:\documents and settings\Ward\Application Data\FrimaStudio
    2010-07-09 16:11 . 2010-07-09 16:11 -------- d-----w- c:\program files\Avatar Bobble Battles
    2010-07-07 23:06 . 2010-07-07 23:06 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-05 00:26 . 2007-11-13 21:24 -------- d-----w- c:\program files\Common Files\Java
    2010-08-05 00:25 . 2007-11-13 21:16 -------- d-----w- c:\program files\Java
    2010-08-03 23:54 . 2007-11-13 21:18 -------- d-----w- c:\program files\Lavasoft
    2010-08-02 16:45 . 2007-11-13 21:14 -------- d-----w- c:\program files\Google
    2010-08-01 15:06 . 2008-12-11 04:24 256 ----a-w- c:\windows\system32\pool.bin
    2010-07-31 19:09 . 2010-03-01 22:34 -------- d-----w- c:\program files\OnTarget2!
    2010-07-31 17:54 . 2007-11-13 21:24 -------- d-----w- c:\program files\Common Files\Apple
    2010-07-28 12:20 . 2007-11-15 12:45 -------- d-----w- c:\program files\World of Warcraft
    2010-07-24 19:57 . 2007-12-24 17:08 -------- d-----w- c:\program files\Allway Sync
    2010-07-23 16:20 . 2008-12-13 22:51 -------- d-----w- c:\program files\Microsoft.NET
    2010-07-21 00:39 . 2008-11-07 13:15 -------- d-----w- c:\program files\FinePixViewer
    2010-07-17 09:00 . 2010-04-21 11:50 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-07-15 07:01 . 2008-12-13 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-07-09 15:21 . 2010-06-26 19:26 40 ----a-w- c:\windows\RSoftInfo.dat
    2010-06-28 13:28 . 2009-08-19 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
    2010-06-27 13:24 . 2010-06-27 13:23 -------- d-----w- c:\program files\Haunted Manor - Lord of Mirrors
    2010-06-26 19:26 . 2010-06-26 19:26 -------- d-----w- c:\program files\Zhu Zhu Pets
    2010-06-26 17:59 . 2010-03-24 20:45 -------- d-----w- c:\program files\Wild Thornberrys Australian Wildlife Rescue
    2010-06-21 14:10 . 2003-07-07 16:45 7 ----a-w- c:\windows\TD0001.DAT
    2010-06-21 14:10 . 2003-07-07 16:59 1018 ----a-w- c:\windows\CDCPRINT.TMP
    2010-06-14 14:31 . 2007-11-12 18:37 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-10 22:00 . 2010-06-10 22:00 143360 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\avatar-bobble-battles_s1_l1_gF2314T1L1_d953414815.exe
    2010-06-09 15:08 . 2010-03-29 11:37 19 ----a-w- c:\windows\popcinfo.dat
    2010-06-07 18:55 . 2008-03-09 03:29 -------- d-----w- c:\documents and settings\Ward\Application Data\Ventrilo
    2010-06-07 18:55 . 2010-06-07 18:55 -------- d-----w- c:\program files\Ventrilo
    2010-06-07 18:55 . 2008-02-17 19:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-05-24 08:44 . 2010-05-24 08:44 503808 ----a-w- c:\documents and settings\Ward\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-39310992-n\msvcp71.dll
    2010-05-24 08:44 . 2010-05-24 08:44 499712 ----a-w- c:\documents and settings\Ward\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-39310992-n\jmc.dll
    2010-05-24 08:44 . 2010-05-24 08:44 348160 ----a-w- c:\documents and settings\Ward\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-39310992-n\msvcr71.dll
    2010-05-24 08:44 . 2010-05-24 08:44 61440 ----a-w- c:\documents and settings\Ward\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-78a01b32-n\decora-sse.dll
    2010-05-24 08:44 . 2010-05-24 08:44 12800 ----a-w- c:\documents and settings\Ward\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-78a01b32-n\decora-d3d.dll
    2010-05-21 18:14 . 2009-10-02 22:53 221568 ----a-w- c:\windows\system32\MpSigStub.exe
    2010-05-20 01:29 . 2010-05-20 01:29 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
    2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-05-18 20:25 . 2010-05-18 20:25 1167360 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_1c87495b\EasyShrx.Dll
    2010-05-18 19:23 . 2010-05-18 19:23 77824 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\bindbins\BindBins.exe
    2010-05-18 19:23 . 2010-05-18 19:23 69632 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\Ksu\ksustop.exe
    2010-05-18 19:22 . 2010-05-18 19:22 1167360 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_1c4e3a3d\EasyShrx.Dll
    2010-05-18 19:22 . 2010-05-18 19:22 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.2.20.2.dll
    2010-05-07 19:56 . 2010-05-07 19:56 50354 ----a-w- c:\documents and settings\Ward\Application Data\Facebook\uninstall.exe
    2001-09-22 22:25 . 2001-09-18 21:40 11079 ---ha-w- c:\program files\folder.htt
    2002-07-31 23:55 . 2010-02-24 21:10 317 --sh--w- c:\windows\WSYS049.SYS
    2006-12-01 05:17 . 2006-12-01 05:17 0 -csha-w- c:\windows\All Users\DRM\Cache\Indiv01.tmp
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]

    [HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
    [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
    [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
    2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D62EC836-BF1E-4CAC-81BE-FB9179835D8E}]
    2010-02-18 07:37 221184 ----a-w- c:\program files\Family Toolbar\mhxpcomi.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]

    [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]

    [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
    @="{7D688A77-C613-11D0-999B-00C04FD655E1}"
    [HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
    2010-07-27 06:30 8462336 ----a-w- c:\windows\system32\shell32.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Allway Sync"="c:\program files\Allway Sync\Bin\syncappw.exe" [2010-05-25 95568]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2003-1-2 811008]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoDevMgrUpdate"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
    2010-03-11 02:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2007-04-20 05:57 162584 ----a-r- c:\windows\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2007-04-20 05:57 142104 ----a-r- c:\windows\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    2008-10-24 13:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2006-01-12 20:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2009-07-14 17:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2007-04-20 05:57 138008 ----a-r- c:\windows\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2010-07-19 17:50 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "WinDefend"=2 (0x2)
    "SWVFBVSN"=3 (0x3)
    "SeaPort"=2 (0x2)
    "RoxWatch9"=2 (0x2)
    "RoxMediaDB9"=3 (0x3)
    "RoxLiveShare9"=2 (0x2)
    "Roxio Upnp Server 9"=2 (0x2)
    "Roxio UPnP Renderer 9"=3 (0x3)
    "RichVideo"=2 (0x2)
    "ose"=3 (0x3)
    "odserv"=3 (0x3)
    "NVSvc"=2 (0x2)
    "NMIndexingService"=3 (0x3)
    "NBService"=3 (0x3)
    "JavaQuickStarterService"=2 (0x2)
    "InCDsrv"=2 (0x2)
    "idsvc"=3 (0x3)
    "IDriverT"=3 (0x3)
    "gupdate"=2 (0x2)
    "fsssvc"=3 (0x3)
    "avg9wd"=2 (0x2)
    "FontCache3.0.0.0"=3 (0x3)
    "clr_optimization_v2.0.50727_32"=3 (0x3)
    "aspnet_state"=3 (0x3)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "AIM"=c:\program files\AIM95\aim.exe -cnetwait.odl

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adaptec DirectCD"=c:\progra~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    "AudioHQ"=c:\program files\Creative\SBLive\AudioHQ\AHQTB.EXE
    "CloneCDTray"=c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe
    "CreateCD"=c:\progra~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
    "Creative Launcher"=c:\program files\Creative\SBLive\Launcher\CTLauncher.exe
    "devldr16.exe"=c:\windows\SYSTEM32\DEVLDR16.EXE
    "hppwrsav"=c:\scanjet\PrecisionScanLT\hppwrsav.exe
    "InstantAccess"=c:\progra~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
    "KM9801U"=c:\progra~1\KM9801U\MMHotKey.EXE
    "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    "LoadQM"=loadqm.exe
    "mdac_runonce"=c:\windows\SYSTEM32\RUNONCE.EXE
    "Mirabilis ICQ"=c:\progra~1\ICQ\ICQNet.exe
    "NPROTECT"=c:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    "RealTray"=c:\program files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    "Register MediaRing Talk"=c:\program files\MediaRing Talk\register.exe
    "RegisterDropHandler"=c:\progra~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    "REGSHAVE"=c:\program files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    "TaskMonitor"=c:\windows\taskmon.exe
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "wcmdmgr"=c:\windows\wt\updater\wcmdmgrl.exe -launch

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
    "AVG7_AMSVR"=c:\progra~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
    "AVG7_CC"=c:\progra~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
    "AVG7_EMC"=c:\progra~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
    "IrMon"=IrMon.exe
    "LoadQM"=loadqm.exe
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "VTTimer"=VTTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
    "CSINJECT.EXE"=c:\program files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
    "Devldr16"=c:\windows\SYSTEM32\DEVLDR16.EXE
    "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    "RegisterDropHandler"=c:\progra~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    "SchedulingAgent"=mstask.exe
    "TrueVector"=c:\windows\SYSTEM\ZONELABS\VSMON.EXE -service

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\World of Warcraft\\Repair.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\Launcher.exe"=
    "c:\\Program Files\\Curse\\CurseClient.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\WINDOWS\\system32\\spoolsv.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [03/08/2010 8:08 PM 64288]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/07/2010 7:17 PM 165456]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 2:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 2:41 PM 67656]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [22/07/2010 6:55 PM 135336]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/07/2010 7:17 PM 17744]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/07/2010 4:55 AM 1352832]
    S3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [25/05/2005 2:39 PM 4608]
    S3 USB100TX;Linksys EtherFast 10/100 USB Network Adapter;c:\windows\system32\drivers\USB100TX.sys [12/11/2007 2:48 PM 26368]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [04/08/2004 8:00 AM 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
    S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/11/2009 8:17 PM 135664]
    S4 SWVFBVSN;SWVFBVSN;c:\docume~1\Ward\LOCALS~1\Temp\SWVFBVSN.exe --> c:\docume~1\Ward\LOCALS~1\Temp\SWVFBVSN.exe [?]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - JAVAQUICKSTARTERSERVICE
    *NewlyCreated* - KLMD24
    *Deregistered* - klmd24

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
    2006-01-16 16:41 7168 ----a-w- c:\windows\system32\updcrl.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2010-08-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 08:55]

    2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.myheritage.com
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &ICQ Toolbar Search - c:\program files\ICQTOOLBAR\TOOLBAR.DLL/SEARCH.HTML
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - c:\program files\Family Toolbar\mhxpcomi.dll
    DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
    DPF: Internet Explorer Classes for Java - file://c:\windows\SYSTEM\iejava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
    DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} - hxxp://www.shockwave.com/content/angelx/SonyPicturesGameDownloader.cab
    DPF: {DCA94B48-119B-453C-8863-DE6B9186A81B} - hxxps://sb.smartborder.com/Client/InstallFiles/SB_INIT_V3.CAB
    FF - ProfilePath - c:\documents and settings\Ward\Application Data\Mozilla\Firefox\Profiles\l7a7zkci.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
    FF - plugin: c:\documents and settings\Ward\Application Data\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\Download Manager\npfpdlm.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    MSConfigStartUp-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    AddRemove-Allway Sync_is1 - c:\program files\Allway Sync\unins000.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-05 15:21
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(740)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\documents and settings\Ward\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    c:\documents and settings\Ward\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    c:\documents and settings\Ward\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

    - - - - - - - > 'explorer.exe'(2956)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\program files\Allway Sync\Bin\SyncHook.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\UPnPUI.dll
    c:\program files\Common Files\Roxio Shared\9.0\DLLShared\FakeAvRenderer.dll
    c:\program files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
    .
    Completion time: 2010-08-05 15:24:01
    ComboFix-quarantined-files.txt 2010-08-05 19:23
    ComboFix2.txt 2010-07-22 21:36

    Pre-Run: 183,566,422,016 bytes free
    Post-Run: 183,895,965,696 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - 915D821ACA6328F1823334F7FDCFAE15
     
  6. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    post this log C:\qoobox\combofix.txt

    you also have two anti-virus programs, Avast and Avira, you need to uninstall one of these
     
  7. Yedi

    Yedi Thread Starter

    Joined:
    Aug 4, 2010
    Messages:
    18
    Fixed the antivirus thing
     
  8. Yedi

    Yedi Thread Starter

    Joined:
    Aug 4, 2010
    Messages:
    18
    I also don't see that txt file. There is a combofix2, combofix3 and compofix.quarantine. Nothing that simply says combofix.txt
     
  9. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    which anti-virus did you remove ? post the combofix2 and combofix3 logs
     
  10. Yedi

    Yedi Thread Starter

    Joined:
    Aug 4, 2010
    Messages:
    18
    I removed avira and kept avast.
     
  11. Yedi

    Yedi Thread Starter

    Joined:
    Aug 4, 2010
    Messages:
    18
    Combofix2


    ComboFix 10-08-05.01 - Ward 05/08/2010 15:17:13.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1289 [GMT -4:00]
    Running from: c:\documents and settings\Ward\Desktop\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((( Files Created from 2010-07-05 to 2010-08-05 )))))))))))))))))))))))))))))))
    .

    2010-08-05 00:25 . 2010-08-05 00:25 503808 ----a-w- c:\documents and settings\Ward\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-417762a0-n\msvcp71.dll
    2010-08-05 00:25 . 2010-08-05 00:25 499712 ----a-w- c:\documents and settings\Ward\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-417762a0-n\jmc.dll
    2010-08-05 00:25 . 2010-08-05 00:25 348160 ----a-w- c:\documents and settings\Ward\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-417762a0-n\msvcr71.dll
    2010-08-05 00:25 . 2010-08-05 00:25 61440 ----a-w- c:\documents and settings\Ward\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3972b727-n\decora-sse.dll
    2010-08-05 00:25 . 2010-08-05 00:25 12800 ----a-w- c:\documents and settings\Ward\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3972b727-n\decora-d3d.dll
    2010-08-04 01:52 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-08-04 00:08 . 2010-07-12 08:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-08-04 00:08 . 2010-08-04 00:08 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-08-03 23:55 . 2010-08-03 23:55 -------- d-----w- c:\documents and settings\Ward\Local Settings\Application Data\Sunbelt Software
    2010-08-03 23:54 . 2010-08-03 23:54 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
    2010-08-03 23:54 . 2010-07-12 08:56 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
    2010-08-02 16:35 . 2010-08-02 16:43 -------- d-----w- c:\documents and settings\Ward\Local Settings\Application Data\Temp
    2010-07-31 19:04 . 2010-07-31 19:04 -------- d-----w- c:\documents and settings\Ward\Application Data\HotSync
    2010-07-31 17:54 . 2010-07-31 17:54 -------- d-----w- c:\program files\iPod
    2010-07-31 17:54 . 2010-07-31 17:54 -------- d-----w- c:\program files\iTunes
    2010-07-31 17:54 . 2010-07-31 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-07-31 17:51 . 2010-07-31 17:52 -------- d-----w- c:\program files\QuickTime
    2010-07-31 17:50 . 2010-07-31 17:50 -------- d-----w- c:\program files\Apple Software Update
    2010-07-31 17:49 . 2010-07-31 17:49 -------- d-----w- c:\program files\Bonjour
    2010-07-27 11:17 . 2010-07-27 11:18 -------- d-----w- C:\577275a2a527d3656de56b4072cb03eb
    2010-07-27 11:03 . 2010-07-27 11:03 -------- d-----r- C:\AHCache
    2010-07-27 11:00 . 2010-08-02 21:36 -------- d-----w- c:\documents and settings\Ward\Local Settings\Application Data\CurseClient
    2010-07-24 00:57 . 2010-08-05 11:31 -------- d-----w- c:\documents and settings\Ward\Local Settings\Application Data\._Revolution_
    2010-07-23 23:18 . 2010-07-23 23:18 55576 ----a-w- c:\documents and settings\Ward\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-07-23 23:17 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-07-23 23:17 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-07-23 23:17 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-07-23 23:17 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-07-23 23:17 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-07-23 23:17 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-07-23 23:17 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-07-23 23:16 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
    2010-07-23 23:16 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
    2010-07-23 23:16 . 2010-07-23 23:16 -------- d-----w- c:\program files\Alwil Software
    2010-07-23 23:16 . 2010-07-23 23:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-07-23 19:16 . 2010-07-23 19:16 -------- d-----w- C:\030fb28b539b7e2c35f27d08
    2010-07-23 18:15 . 2010-07-23 18:15 -------- d-----w- c:\program files\Windows Resource Kits
    2010-07-23 17:48 . 2010-07-23 17:49 -------- d-----w- C:\a91aa703055ce7f83496
    2010-07-23 16:52 . 2010-07-23 16:52 -------- d-----w- c:\windows\system32\winrm
    2010-07-23 16:52 . 2010-07-23 16:52 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2010-07-23 16:04 . 2010-07-23 16:04 -------- d-----w- c:\windows\system32\DRM
    2010-07-23 14:23 . 2010-07-23 14:23 -------- d-----w- C:\89e27a8b49ac714e8e47
    2010-07-23 12:00 . 2010-07-23 12:00 63488 ----a-w- c:\documents and settings\Ward\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    2010-07-23 12:00 . 2010-07-23 12:00 52224 ----a-w- c:\documents and settings\Ward\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-07-23 12:00 . 2010-07-23 12:00 117760 ----a-w- c:\documents and settings\Ward\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-07-23 11:59 . 2010-07-23 11:59 -------- d-----w- c:\documents and settings\Ward\Application Data\SUPERAntiSpyware.com
    2010-07-23 11:59 . 2010-07-23 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-07-23 11:59 . 2010-07-23 12:00 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-07-23 01:00 . 2010-07-23 01:00 -------- d-sh--w- c:\documents and settings\Ward\IECompatCache
    2010-07-23 00:56 . 2010-07-23 00:56 -------- d-sh--w- c:\documents and settings\Ward\PrivacIE
    2010-07-22 23:01 . 2010-08-05 16:47 -------- d-----w- c:\windows\system32\NtmsData
    2010-07-22 22:59 . 2010-07-22 22:59 -------- d-----w- c:\documents and settings\Ward\Application Data\Avira
    2010-07-22 22:55 . 2010-07-22 22:55 -------- d-----w- c:\program files\Avira
    2010-07-22 22:55 . 2010-07-22 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2010-07-22 22:55 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-07-22 22:55 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-07-22 22:55 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-07-22 22:55 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-07-22 22:44 . 2010-07-22 22:44 -------- d-sh--w- c:\documents and settings\Ward\IETldCache
    2010-07-22 22:21 . 2010-07-22 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-07-22 22:21 . 2010-07-22 22:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-07-22 21:38 . 2010-07-22 21:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-07-22 21:38 . 2010-07-22 22:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-22 21:38 . 2010-07-22 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-07-22 21:18 . 2010-07-22 21:18 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2010-07-22 21:13 . 2010-07-22 21:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2010-07-22 21:00 . 2010-07-22 21:00 -------- d-----w- C:\~ErdUserProfile.$$$
    2010-07-22 13:30 . 2010-07-22 13:30 -------- d-----w- C:\spoolerlogs
    2010-07-21 20:30 . 2010-07-21 20:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
    2010-07-14 19:36 . 2010-06-14 14:31 744448 -c--a-w- c:\windows\system32\dllcache\helpsvc.exe
    2010-07-09 22:22 . 2009-09-04 21:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
    2010-07-09 22:22 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
    2010-07-09 16:14 . 2010-07-09 16:14 -------- d-----w- c:\documents and settings\Ward\Application Data\FrimaStudio
    2010-07-09 16:11 . 2010-07-09 16:11 -------- d-----w- c:\program files\Avatar Bobble Battles
    2010-07-07 23:06 . 2010-07-07 23:06 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-05 00:26 . 2007-11-13 21:24 -------- d-----w- c:\program files\Common Files\Java
    2010-08-05 00:25 . 2007-11-13 21:16 -------- d-----w- c:\program files\Java
    2010-08-03 23:54 . 2007-11-13 21:18 -------- d-----w- c:\program files\Lavasoft
    2010-08-02 16:45 . 2007-11-13 21:14 -------- d-----w- c:\program files\Google
    2010-08-01 15:06 . 2008-12-11 04:24 256 ----a-w- c:\windows\system32\pool.bin
    2010-07-31 19:09 . 2010-03-01 22:34 -------- d-----w- c:\program files\OnTarget2!
    2010-07-31 17:54 . 2007-11-13 21:24 -------- d-----w- c:\program files\Common Files\Apple
    2010-07-28 12:20 . 2007-11-15 12:45 -------- d-----w- c:\program files\World of Warcraft
    2010-07-24 19:57 . 2007-12-24 17:08 -------- d-----w- c:\program files\Allway Sync
    2010-07-23 16:20 . 2008-12-13 22:51 -------- d-----w- c:\program files\Microsoft.NET
    2010-07-21 00:39 . 2008-11-07 13:15 -------- d-----w- c:\program files\FinePixViewer
    2010-07-17 09:00 . 2010-04-21 11:50 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-07-15 07:01 . 2008-12-13 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-07-09 15:21 . 2010-06-26 19:26 40 ----a-w- c:\windows\RSoftInfo.dat
    2010-06-28 13:28 . 2009-08-19 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
    2010-06-27 13:24 . 2010-06-27 13:23 -------- d-----w- c:\program files\Haunted Manor - Lord of Mirrors
    2010-06-26 19:26 . 2010-06-26 19:26 -------- d-----w- c:\program files\Zhu Zhu Pets
    2010-06-26 17:59 . 2010-03-24 20:45 -------- d-----w- c:\program files\Wild Thornberrys Australian Wildlife Rescue
    2010-06-21 14:10 . 2003-07-07 16:45 7 ----a-w- c:\windows\TD0001.DAT
    2010-06-21 14:10 . 2003-07-07 16:59 1018 ----a-w- c:\windows\CDCPRINT.TMP
    2010-06-14 14:31 . 2007-11-12 18:37 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-10 22:00 . 2010-06-10 22:00 143360 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\avatar-bobble-battles_s1_l1_gF2314T1L1_d953414815.exe
    2010-06-09 15:08 . 2010-03-29 11:37 19 ----a-w- c:\windows\popcinfo.dat
    2010-06-07 18:55 . 2008-03-09 03:29 -------- d-----w- c:\documents and settings\Ward\Application Data\Ventrilo
    2010-06-07 18:55 . 2010-06-07 18:55 -------- d-----w- c:\program files\Ventrilo
    2010-06-07 18:55 . 2008-02-17 19:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-05-24 08:44 . 2010-05-24 08:44 503808 ----a-w- c:\documents and settings\Ward\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-39310992-n\msvcp71.dll
    2010-05-24 08:44 . 2010-05-24 08:44 499712 ----a-w- c:\documents and settings\Ward\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-39310992-n\jmc.dll
    2010-05-24 08:44 . 2010-05-24 08:44 348160 ----a-w- c:\documents and settings\Ward\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-39310992-n\msvcr71.dll
    2010-05-24 08:44 . 2010-05-24 08:44 61440 ----a-w- c:\documents and settings\Ward\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-78a01b32-n\decora-sse.dll
    2010-05-24 08:44 . 2010-05-24 08:44 12800 ----a-w- c:\documents and settings\Ward\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-78a01b32-n\decora-d3d.dll
    2010-05-21 18:14 . 2009-10-02 22:53 221568 ----a-w- c:\windows\system32\MpSigStub.exe
    2010-05-20 01:29 . 2010-05-20 01:29 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
    2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-05-18 20:25 . 2010-05-18 20:25 1167360 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_1c87495b\EasyShrx.Dll
    2010-05-18 19:23 . 2010-05-18 19:23 77824 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\bindbins\BindBins.exe
    2010-05-18 19:23 . 2010-05-18 19:23 69632 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\Ksu\ksustop.exe
    2010-05-18 19:22 . 2010-05-18 19:22 1167360 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_1c4e3a3d\EasyShrx.Dll
    2010-05-18 19:22 . 2010-05-18 19:22 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.2.20.2.dll
    2010-05-07 19:56 . 2010-05-07 19:56 50354 ----a-w- c:\documents and settings\Ward\Application Data\Facebook\uninstall.exe
    2001-09-22 22:25 . 2001-09-18 21:40 11079 ---ha-w- c:\program files\folder.htt
    2002-07-31 23:55 . 2010-02-24 21:10 317 --sh--w- c:\windows\WSYS049.SYS
    2006-12-01 05:17 . 2006-12-01 05:17 0 -csha-w- c:\windows\All Users\DRM\Cache\Indiv01.tmp
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]

    [HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
    [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
    [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
    2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D62EC836-BF1E-4CAC-81BE-FB9179835D8E}]
    2010-02-18 07:37 221184 ----a-w- c:\program files\Family Toolbar\mhxpcomi.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]

    [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]

    [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
    @="{7D688A77-C613-11D0-999B-00C04FD655E1}"
    [HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
    2010-07-27 06:30 8462336 ----a-w- c:\windows\system32\shell32.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Allway Sync"="c:\program files\Allway Sync\Bin\syncappw.exe" [2010-05-25 95568]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2003-1-2 811008]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoDevMgrUpdate"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
    2010-03-11 02:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2007-04-20 05:57 162584 ----a-r- c:\windows\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2007-04-20 05:57 142104 ----a-r- c:\windows\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    2008-10-24 13:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2006-01-12 20:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2009-07-14 17:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2007-04-20 05:57 138008 ----a-r- c:\windows\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2010-07-19 17:50 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "WinDefend"=2 (0x2)
    "SWVFBVSN"=3 (0x3)
    "SeaPort"=2 (0x2)
    "RoxWatch9"=2 (0x2)
    "RoxMediaDB9"=3 (0x3)
    "RoxLiveShare9"=2 (0x2)
    "Roxio Upnp Server 9"=2 (0x2)
    "Roxio UPnP Renderer 9"=3 (0x3)
    "RichVideo"=2 (0x2)
    "ose"=3 (0x3)
    "odserv"=3 (0x3)
    "NVSvc"=2 (0x2)
    "NMIndexingService"=3 (0x3)
    "NBService"=3 (0x3)
    "JavaQuickStarterService"=2 (0x2)
    "InCDsrv"=2 (0x2)
    "idsvc"=3 (0x3)
    "IDriverT"=3 (0x3)
    "gupdate"=2 (0x2)
    "fsssvc"=3 (0x3)
    "avg9wd"=2 (0x2)
    "FontCache3.0.0.0"=3 (0x3)
    "clr_optimization_v2.0.50727_32"=3 (0x3)
    "aspnet_state"=3 (0x3)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "AIM"=c:\program files\AIM95\aim.exe -cnetwait.odl

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adaptec DirectCD"=c:\progra~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    "AudioHQ"=c:\program files\Creative\SBLive\AudioHQ\AHQTB.EXE
    "CloneCDTray"=c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe
    "CreateCD"=c:\progra~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
    "Creative Launcher"=c:\program files\Creative\SBLive\Launcher\CTLauncher.exe
    "devldr16.exe"=c:\windows\SYSTEM32\DEVLDR16.EXE
    "hppwrsav"=c:\scanjet\PrecisionScanLT\hppwrsav.exe
    "InstantAccess"=c:\progra~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
    "KM9801U"=c:\progra~1\KM9801U\MMHotKey.EXE
    "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    "LoadQM"=loadqm.exe
    "mdac_runonce"=c:\windows\SYSTEM32\RUNONCE.EXE
    "Mirabilis ICQ"=c:\progra~1\ICQ\ICQNet.exe
    "NPROTECT"=c:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    "RealTray"=c:\program files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    "Register MediaRing Talk"=c:\program files\MediaRing Talk\register.exe
    "RegisterDropHandler"=c:\progra~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    "REGSHAVE"=c:\program files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    "TaskMonitor"=c:\windows\taskmon.exe
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "wcmdmgr"=c:\windows\wt\updater\wcmdmgrl.exe -launch

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
    "AVG7_AMSVR"=c:\progra~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
    "AVG7_CC"=c:\progra~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
    "AVG7_EMC"=c:\progra~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
    "IrMon"=IrMon.exe
    "LoadQM"=loadqm.exe
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "VTTimer"=VTTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
    "CSINJECT.EXE"=c:\program files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
    "Devldr16"=c:\windows\SYSTEM32\DEVLDR16.EXE
    "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    "RegisterDropHandler"=c:\progra~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    "SchedulingAgent"=mstask.exe
    "TrueVector"=c:\windows\SYSTEM\ZONELABS\VSMON.EXE -service

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\World of Warcraft\\Repair.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\Launcher.exe"=
    "c:\\Program Files\\Curse\\CurseClient.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\WINDOWS\\system32\\spoolsv.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [03/08/2010 8:08 PM 64288]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/07/2010 7:17 PM 165456]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 2:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 2:41 PM 67656]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [22/07/2010 6:55 PM 135336]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/07/2010 7:17 PM 17744]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/07/2010 4:55 AM 1352832]
    S3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [25/05/2005 2:39 PM 4608]
    S3 USB100TX;Linksys EtherFast 10/100 USB Network Adapter;c:\windows\system32\drivers\USB100TX.sys [12/11/2007 2:48 PM 26368]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [04/08/2004 8:00 AM 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
    S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/11/2009 8:17 PM 135664]
    S4 SWVFBVSN;SWVFBVSN;c:\docume~1\Ward\LOCALS~1\Temp\SWVFBVSN.exe --> c:\docume~1\Ward\LOCALS~1\Temp\SWVFBVSN.exe [?]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - JAVAQUICKSTARTERSERVICE
    *NewlyCreated* - KLMD24
    *Deregistered* - klmd24

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
    2006-01-16 16:41 7168 ----a-w- c:\windows\system32\updcrl.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2010-08-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 08:55]

    2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.myheritage.com
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &ICQ Toolbar Search - c:\program files\ICQTOOLBAR\TOOLBAR.DLL/SEARCH.HTML
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - c:\program files\Family Toolbar\mhxpcomi.dll
    DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
    DPF: Internet Explorer Classes for Java - file://c:\windows\SYSTEM\iejava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
    DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} - hxxp://www.shockwave.com/content/angelx/SonyPicturesGameDownloader.cab
    DPF: {DCA94B48-119B-453C-8863-DE6B9186A81B} - hxxps://sb.smartborder.com/Client/InstallFiles/SB_INIT_V3.CAB
    FF - ProfilePath - c:\documents and settings\Ward\Application Data\Mozilla\Firefox\Profiles\l7a7zkci.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
    FF - plugin: c:\documents and settings\Ward\Application Data\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\Download Manager\npfpdlm.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    MSConfigStartUp-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    AddRemove-Allway Sync_is1 - c:\program files\Allway Sync\unins000.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-05 15:21
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(740)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\documents and settings\Ward\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    c:\documents and settings\Ward\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    c:\documents and settings\Ward\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

    - - - - - - - > 'explorer.exe'(2956)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\program files\Allway Sync\Bin\SyncHook.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\UPnPUI.dll
    c:\program files\Common Files\Roxio Shared\9.0\DLLShared\FakeAvRenderer.dll
    c:\program files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
    .
    Completion time: 2010-08-05 15:24:01
    ComboFix-quarantined-files.txt 2010-08-05 19:23
    ComboFix2.txt 2010-07-22 21:36

    Pre-Run: 183,566,422,016 bytes free
    Post-Run: 183,895,965,696 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - 915D821ACA6328F1823334F7FDCFAE15
     
  12. Yedi

    Yedi Thread Starter

    Joined:
    Aug 4, 2010
    Messages:
    18
    Combofix3

    ComboFix 10-07-22.01 - Administrator 22/07/2010 17:21:41.1.2 - x86 NETWORK
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1752 [GMT -4:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\INSTALL.LOG
    c:\windows\hosts
    c:\windows\start.exe
    c:\windows\system32\ernel32.dll
    c:\windows\system32\Sp3.dll
    c:\windows\Web\default.htt
    c:\windows\winhelp.ini
    c:\windows\xpsp1hfm.log

    .
    ((((((((((((((((((((((((( Files Created from 2010-06-22 to 2010-07-22 )))))))))))))))))))))))))))))))
    .

    2010-07-22 21:18 . 2010-07-22 21:18 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2010-07-22 21:13 . 2010-07-22 21:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2010-07-22 21:00 . 2010-07-22 21:00 -------- d-----w- C:\~ErdUserProfile.$$$
    2010-07-22 13:30 . 2010-07-22 13:30 -------- d-----w- C:\spoolerlogs
    2010-07-22 13:13 . 2010-07-22 13:13 -------- d-----w- c:\program files\ParetoLogic
    2010-07-22 13:13 . 2010-07-22 13:13 -------- d-----w- c:\program files\Common Files\ParetoLogic
    2010-07-22 13:13 . 2010-07-22 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
    2010-07-14 19:36 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2010-07-09 22:22 . 2009-09-04 21:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
    2010-07-09 22:22 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
    2010-07-09 16:11 . 2010-07-09 16:11 -------- d-----w- c:\program files\Avatar Bobble Battles
    2010-07-07 23:06 . 2010-07-07 23:06 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2010-07-05 23:52 . 2009-03-19 18:40 9360 ----a-w- c:\windows\system32\drivers\NTMAP.SYS
    2010-06-27 13:23 . 2010-06-27 13:24 -------- d-----w- c:\program files\Haunted Manor - Lord of Mirrors
    2010-06-26 19:26 . 2010-07-09 15:21 40 ----a-w- c:\windows\RSoftInfo.dat
    2010-06-26 19:26 . 2010-06-26 19:26 -------- d-----w- c:\program files\Zhu Zhu Pets
    2010-06-26 19:10 . 2010-06-26 19:11 -------- dc-h--w- c:\windows\ie8
    2010-06-26 19:05 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-21 13:53 . 2007-11-15 12:45 -------- d-----w- c:\program files\World of Warcraft
    2010-07-21 13:14 . 2010-07-21 13:14 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
    2010-07-21 13:14 . 2010-07-21 13:14 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
    2010-07-21 13:14 . 2010-07-21 13:14 1373536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
    2010-07-21 13:14 . 2010-07-21 13:14 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
    2010-07-21 00:39 . 2008-11-07 13:15 -------- d-----w- c:\program files\FinePixViewer
    2010-07-19 02:46 . 2008-12-11 04:24 256 ----a-w- c:\windows\system32\pool.bin
    2010-07-15 13:26 . 2010-07-15 13:26 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
    2010-07-15 13:26 . 2010-07-15 13:26 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
    2010-07-15 13:26 . 2009-06-15 15:17 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-07-15 13:26 . 2009-06-15 15:17 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-07-15 13:24 . 2010-07-15 13:24 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
    2010-07-15 13:24 . 2010-07-15 13:24 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
    2010-07-15 13:24 . 2010-07-15 13:24 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
    2010-07-15 13:24 . 2010-07-15 13:24 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
    2010-07-15 07:01 . 2008-12-13 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-06-28 13:28 . 2009-08-19 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
    2010-06-26 17:59 . 2010-03-24 20:45 -------- d-----w- c:\program files\Wild Thornberrys Australian Wildlife Rescue
    2010-06-21 14:10 . 2003-07-07 16:45 7 ----a-w- c:\windows\TD0001.DAT
    2010-06-21 14:10 . 2003-07-07 16:59 1018 ----a-w- c:\windows\CDCPRINT.TMP
    2010-06-14 14:31 . 2007-11-12 18:37 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-10 22:00 . 2010-06-10 22:00 143360 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\avatar-bobble-battles_s1_l1_gF2314T1L1_d953414815.exe
    2010-06-09 15:08 . 2010-03-29 11:37 19 ----a-w- c:\windows\popcinfo.dat
    2010-06-07 18:55 . 2010-06-07 18:55 -------- d-----w- c:\program files\Ventrilo
    2010-06-07 18:55 . 2008-02-17 19:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-06-05 15:03 . 2010-06-05 14:40 -------- d-----w- c:\program files\MyHeritage
    2010-06-05 14:55 . 2010-06-05 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\MyHeritage
    2010-06-05 14:44 . 2010-06-03 11:37 -------- d-----w- c:\program files\Family Toolbar
    2010-06-05 11:20 . 2009-03-25 04:34 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-06-03 12:25 . 2009-06-15 15:17 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-05-26 22:11 . 2007-12-24 17:08 -------- d-----w- c:\program files\Allway Sync
    2010-05-20 01:29 . 2010-05-20 01:29 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
    2010-05-18 20:25 . 2010-05-18 20:25 1167360 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_1c87495b\EasyShrx.Dll
    2010-05-18 19:23 . 2010-05-18 19:23 77824 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\bindbins\BindBins.exe
    2010-05-18 19:23 . 2010-05-18 19:23 69632 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\Ksu\ksustop.exe
    2010-05-18 19:22 . 2010-05-18 19:22 1167360 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_1c4e3a3d\EasyShrx.Dll
    2010-05-18 19:22 . 2010-05-18 19:22 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.2.20.2.dll
    2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-05-02 21:48 . 2010-05-02 21:48 43944 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-05-02 21:11 . 2010-05-02 21:11 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
    2010-05-02 05:22 . 2008-08-27 08:07 1851264 ----a-w- c:\windows\system32\win32k.sys
    2001-09-22 22:25 . 2001-09-18 21:40 11079 ---ha-w- c:\program files\folder.htt
    2002-07-31 23:55 . 2010-02-24 21:10 317 --sh--w- c:\windows\WSYS049.SYS
    2006-12-01 05:17 . 2006-12-01 05:17 0 -csha-w- c:\windows\All Users\DRM\Cache\Indiv01.tmp
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
    2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D62EC836-BF1E-4CAC-81BE-FB9179835D8E}]
    2010-02-18 07:37 221184 ----a-w- c:\program files\Family Toolbar\mhxpcomi.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]

    [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
    @="{7D688A77-C613-11D0-999B-00C04FD655E1}"
    [HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
    2008-06-17 19:02 8461312 ----a-w- c:\windows\system32\shell32.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HotSync Manager.lnk - c:\palm\Hotsync.exe [2008-1-3 1392640]
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2003-1-2 811008]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoDevMgrUpdate"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2007-04-20 05:57 162584 ----a-r- c:\windows\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2007-04-20 05:57 142104 ----a-r- c:\windows\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2006-01-12 20:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2007-04-20 05:57 138008 ----a-r- c:\windows\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adaptec DirectCD"=c:\progra~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    "AudioHQ"=c:\program files\Creative\SBLive\AudioHQ\AHQTB.EXE
    "CloneCDTray"=c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe
    "CreateCD"=c:\progra~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
    "Creative Launcher"=c:\program files\Creative\SBLive\Launcher\CTLauncher.exe
    "devldr16.exe"=c:\windows\SYSTEM32\DEVLDR16.EXE
    "hppwrsav"=c:\scanjet\PrecisionScanLT\hppwrsav.exe
    "InstantAccess"=c:\progra~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
    "KM9801U"=c:\progra~1\KM9801U\MMHotKey.EXE
    "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    "LoadQM"=loadqm.exe
    "mdac_runonce"=c:\windows\SYSTEM32\RUNONCE.EXE
    "Mirabilis ICQ"=c:\progra~1\ICQ\ICQNet.exe
    "NPROTECT"=c:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    "RealTray"=c:\program files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    "Register MediaRing Talk"=c:\program files\MediaRing Talk\register.exe
    "RegisterDropHandler"=c:\progra~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    "REGSHAVE"=c:\program files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    "TaskMonitor"=c:\windows\taskmon.exe
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "wcmdmgr"=c:\windows\wt\updater\wcmdmgrl.exe -launch

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
    "AVG7_AMSVR"=c:\progra~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
    "AVG7_CC"=c:\progra~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
    "AVG7_EMC"=c:\progra~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
    "IrMon"=IrMon.exe
    "LoadQM"=loadqm.exe
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "VTTimer"=VTTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
    "CSINJECT.EXE"=c:\program files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
    "Devldr16"=c:\windows\SYSTEM32\DEVLDR16.EXE
    "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    "RegisterDropHandler"=c:\progra~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    "SchedulingAgent"=mstask.exe
    "TrueVector"=c:\windows\SYSTEM\ZONELABS\VSMON.EXE -service

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\World of Warcraft\\Repair.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\Launcher.exe"=
    "c:\\Program Files\\Curse\\CurseClient.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\WINDOWS\\system32\\spoolsv.exe"=

    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [15/06/2009 11:17 AM 243024]
    S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15/06/2009 11:17 AM 216400]
    S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15/07/2010 9:26 AM 308136]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/11/2009 8:17 PM 135664]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 8:19 PM 13592]
    S3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [25/05/2005 2:39 PM 4608]
    S3 SWVFBVSN;SWVFBVSN;c:\docume~1\Ward\LOCALS~1\Temp\SWVFBVSN.exe --> c:\docume~1\Ward\LOCALS~1\Temp\SWVFBVSN.exe [?]
    S3 USB100TX;Linksys EtherFast 10/100 USB Network Adapter;c:\windows\system32\drivers\USB100TX.sys [12/11/2007 2:48 PM 26368]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
    2006-01-16 16:41 7168 ----a-w- c:\windows\system32\updcrl.exe
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - c:\program files\Family Toolbar\mhxpcomi.dll
    DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
    DPF: Internet Explorer Classes for Java - file://c:\windows\SYSTEM\iejava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: Win32 Classes
    DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
    DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} - hxxp://www.shockwave.com/content/angelx/SonyPicturesGameDownloader.cab
    DPF: {DCA94B48-119B-453C-8863-DE6B9186A81B} - hxxps://sb.smartborder.com/Client/InstallFiles/SB_INIT_V3.CAB
    FF - ProfilePath -
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    Notify-avgrsstarter - avgrsstx.dll
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-22 17:29
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-2052111302-789336058-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5f,3a,85,ac,1a,a5,3e,41,b5,32,f4,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5f,3a,85,ac,1a,a5,3e,41,b5,32,f4,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(1116)
    c:\windows\system32\WININET.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    .
    Completion time: 2010-07-22 17:36:53 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-07-22 21:36

    Pre-Run: 175,611,711,488 bytes free
    Post-Run: 180,179,054,592 bytes free

    - - End Of File - - 5603F7AEAFE7BD969E93EDB4532839D4
     
  13. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:

    Save this as CFScript.txt, in the same location as ComboFix.exe


    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
     
  14. Yedi

    Yedi Thread Starter

    Joined:
    Aug 4, 2010
    Messages:
    18
    I cut and pasted the file. When I ran it I allowed it to upgrade combofix. This is the log it made at combofix.txt



    ComboFix 10-08-07.01 - Ward 07/08/2010 19:47:54.4.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1470 [GMT -4:00]
    Running from: c:\documents and settings\Ward\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Ward\Desktop\CFScript.txt.txt
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

    FILE ::
    "c:\program files\Avira\AntiVir Desktop\sched.exe"
    "c:\windows\system32\drivers\avgntdd.sys"
    "c:\windows\system32\drivers\avgntflt.sys"
    "c:\windows\system32\drivers\avgntmgr.sys"
    "c:\windows\system32\drivers\avipbb.sys"
    .

    ((((((((((((((((((((((((( Files Created from 2010-07-07 to 2010-08-07 )))))))))))))))))))))))))))))))
    .

    2010-08-05 00:25 . 2010-08-05 00:25 503808 ----a-w- c:\documents and settings\Ward\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-417762a0-n\msvcp71.dll
    2010-08-05 00:25 . 2010-08-05 00:25 499712 ----a-w- c:\documents and settings\Ward\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-417762a0-n\jmc.dll
    2010-08-05 00:25 . 2010-08-05 00:25 348160 ----a-w- c:\documents and settings\Ward\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-417762a0-n\msvcr71.dll
    2010-08-05 00:25 . 2010-08-05 00:25 61440 ----a-w- c:\documents and settings\Ward\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3972b727-n\decora-sse.dll
    2010-08-05 00:25 . 2010-08-05 00:25 12800 ----a-w- c:\documents and settings\Ward\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3972b727-n\decora-d3d.dll
    2010-08-04 01:52 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-08-04 00:08 . 2010-07-12 08:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-08-04 00:08 . 2010-08-04 00:08 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-08-03 23:55 . 2010-08-03 23:55 -------- d-----w- c:\documents and settings\Ward\Local Settings\Application Data\Sunbelt Software
    2010-08-03 23:54 . 2010-08-03 23:54 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
    2010-08-03 23:54 . 2010-07-12 08:56 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
    2010-08-02 16:35 . 2010-08-02 16:43 -------- d-----w- c:\documents and settings\Ward\Local Settings\Application Data\Temp
    2010-07-31 19:04 . 2010-07-31 19:04 -------- d-----w- c:\documents and settings\Ward\Application Data\HotSync
    2010-07-31 17:54 . 2010-07-31 17:54 -------- d-----w- c:\program files\iPod
    2010-07-31 17:54 . 2010-07-31 17:54 -------- d-----w- c:\program files\iTunes
    2010-07-31 17:54 . 2010-07-31 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-07-31 17:51 . 2010-07-31 17:52 -------- d-----w- c:\program files\QuickTime
    2010-07-31 17:50 . 2010-07-31 17:50 -------- d-----w- c:\program files\Apple Software Update
    2010-07-31 17:49 . 2010-07-31 17:49 -------- d-----w- c:\program files\Bonjour
    2010-07-27 11:17 . 2010-07-27 11:18 -------- d-----w- C:\577275a2a527d3656de56b4072cb03eb
    2010-07-27 11:03 . 2010-07-27 11:03 -------- d-----r- C:\AHCache
    2010-07-27 11:00 . 2010-08-02 21:36 -------- d-----w- c:\documents and settings\Ward\Local Settings\Application Data\CurseClient
    2010-07-24 00:57 . 2010-08-05 11:31 -------- d-----w- c:\documents and settings\Ward\Local Settings\Application Data\._Revolution_
    2010-07-23 23:18 . 2010-07-23 23:18 55576 ----a-w- c:\documents and settings\Ward\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-07-23 23:17 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-07-23 23:17 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-07-23 23:17 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-07-23 23:17 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-07-23 23:17 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-07-23 23:17 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-07-23 23:17 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-07-23 23:16 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
    2010-07-23 23:16 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
    2010-07-23 23:16 . 2010-07-23 23:16 -------- d-----w- c:\program files\Alwil Software
    2010-07-23 23:16 . 2010-07-23 23:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-07-23 19:16 . 2010-07-23 19:16 -------- d-----w- C:\030fb28b539b7e2c35f27d08
    2010-07-23 18:15 . 2010-07-23 18:15 -------- d-----w- c:\program files\Windows Resource Kits
    2010-07-23 17:48 . 2010-07-23 17:49 -------- d-----w- C:\a91aa703055ce7f83496
    2010-07-23 16:52 . 2010-07-23 16:52 -------- d-----w- c:\windows\system32\winrm
    2010-07-23 16:52 . 2010-07-23 16:52 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2010-07-23 16:04 . 2010-07-23 16:04 -------- d-----w- c:\windows\system32\DRM
    2010-07-23 14:23 . 2010-07-23 14:23 -------- d-----w- C:\89e27a8b49ac714e8e47
    2010-07-23 12:00 . 2010-07-23 12:00 63488 ----a-w- c:\documents and settings\Ward\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    2010-07-23 12:00 . 2010-07-23 12:00 52224 ----a-w- c:\documents and settings\Ward\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-07-23 12:00 . 2010-07-23 12:00 117760 ----a-w- c:\documents and settings\Ward\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-07-23 11:59 . 2010-07-23 11:59 -------- d-----w- c:\documents and settings\Ward\Application Data\SUPERAntiSpyware.com
    2010-07-23 11:59 . 2010-07-23 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-07-23 01:00 . 2010-07-23 01:00 -------- d-sh--w- c:\documents and settings\Ward\IECompatCache
    2010-07-23 00:56 . 2010-07-23 00:56 -------- d-sh--w- c:\documents and settings\Ward\PrivacIE
    2010-07-22 23:01 . 2010-08-06 16:47 -------- d-----w- c:\windows\system32\NtmsData
    2010-07-22 22:44 . 2010-07-22 22:44 -------- d-sh--w- c:\documents and settings\Ward\IETldCache
    2010-07-22 22:21 . 2010-08-06 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-07-22 22:21 . 2010-08-06 20:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-07-22 21:38 . 2010-07-22 21:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-07-22 21:38 . 2010-07-22 22:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-22 21:38 . 2010-07-22 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-07-22 21:18 . 2010-07-22 21:18 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2010-07-22 21:13 . 2010-07-22 21:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2010-07-22 21:00 . 2010-07-22 21:00 -------- d-----w- C:\~ErdUserProfile.$$$
    2010-07-22 13:30 . 2010-07-22 13:30 -------- d-----w- C:\spoolerlogs
    2010-07-21 20:30 . 2010-07-21 20:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
    2010-07-14 19:36 . 2010-06-14 14:31 744448 -c--a-w- c:\windows\system32\dllcache\helpsvc.exe
    2010-07-09 22:22 . 2009-09-04 21:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
    2010-07-09 22:22 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
    2010-07-09 16:14 . 2010-07-09 16:14 -------- d-----w- c:\documents and settings\Ward\Application Data\FrimaStudio
    2010-07-09 16:11 . 2010-07-09 16:11 -------- d-----w- c:\program files\Avatar Bobble Battles

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-07 23:33 . 2008-12-11 04:24 256 ----a-w- c:\windows\system32\pool.bin
    2010-08-05 00:26 . 2007-11-13 21:24 -------- d-----w- c:\program files\Common Files\Java
    2010-08-05 00:25 . 2007-11-13 21:16 -------- d-----w- c:\program files\Java
    2010-08-03 23:54 . 2007-11-13 21:18 -------- d-----w- c:\program files\Lavasoft
    2010-08-02 16:45 . 2007-11-13 21:14 -------- d-----w- c:\program files\Google
    2010-07-31 19:09 . 2010-03-01 22:34 -------- d-----w- c:\program files\OnTarget2!
    2010-07-31 17:54 . 2007-11-13 21:24 -------- d-----w- c:\program files\Common Files\Apple
    2010-07-28 12:20 . 2007-11-15 12:45 -------- d-----w- c:\program files\World of Warcraft
    2010-07-24 19:57 . 2007-12-24 17:08 -------- d-----w- c:\program files\Allway Sync
    2010-07-23 16:20 . 2008-12-13 22:51 -------- d-----w- c:\program files\Microsoft.NET
    2010-07-21 00:39 . 2008-11-07 13:15 -------- d-----w- c:\program files\FinePixViewer
    2010-07-17 09:00 . 2010-04-21 11:50 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-07-15 07:01 . 2008-12-13 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-07-09 15:21 . 2010-06-26 19:26 40 ----a-w- c:\windows\RSoftInfo.dat
    2010-06-28 13:28 . 2009-08-19 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
    2010-06-27 13:24 . 2010-06-27 13:23 -------- d-----w- c:\program files\Haunted Manor - Lord of Mirrors
    2010-06-26 19:26 . 2010-06-26 19:26 -------- d-----w- c:\program files\Zhu Zhu Pets
    2010-06-26 17:59 . 2010-03-24 20:45 -------- d-----w- c:\program files\Wild Thornberrys Australian Wildlife Rescue
    2010-06-21 14:10 . 2003-07-07 16:45 7 ----a-w- c:\windows\TD0001.DAT
    2010-06-21 14:10 . 2003-07-07 16:59 1018 ----a-w- c:\windows\CDCPRINT.TMP
    2010-06-14 14:31 . 2007-11-12 18:37 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-10 22:00 . 2010-06-10 22:00 143360 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\avatar-bobble-battles_s1_l1_gF2314T1L1_d953414815.exe
    2010-06-09 15:08 . 2010-03-29 11:37 19 ----a-w- c:\windows\popcinfo.dat
    2010-05-24 08:44 . 2010-05-24 08:44 503808 ----a-w- c:\documents and settings\Ward\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-39310992-n\msvcp71.dll
    2010-05-24 08:44 . 2010-05-24 08:44 499712 ----a-w- c:\documents and settings\Ward\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-39310992-n\jmc.dll
    2010-05-24 08:44 . 2010-05-24 08:44 348160 ----a-w- c:\documents and settings\Ward\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-39310992-n\msvcr71.dll
    2010-05-24 08:44 . 2010-05-24 08:44 61440 ----a-w- c:\documents and settings\Ward\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-78a01b32-n\decora-sse.dll
    2010-05-24 08:44 . 2010-05-24 08:44 12800 ----a-w- c:\documents and settings\Ward\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-78a01b32-n\decora-d3d.dll
    2010-05-21 18:14 . 2009-10-02 22:53 221568 ----a-w- c:\windows\system32\MpSigStub.exe
    2010-05-20 01:29 . 2010-05-20 01:29 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
    2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-05-18 20:25 . 2010-05-18 20:25 1167360 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_1c87495b\EasyShrx.Dll
    2010-05-18 19:23 . 2010-05-18 19:23 77824 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\bindbins\BindBins.exe
    2010-05-18 19:23 . 2010-05-18 19:23 69632 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\Ksu\ksustop.exe
    2010-05-18 19:22 . 2010-05-18 19:22 1167360 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_1c4e3a3d\EasyShrx.Dll
    2010-05-18 19:22 . 2010-05-18 19:22 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.2.20.2.dll
    2001-09-22 22:25 . 2001-09-18 21:40 11079 ---ha-w- c:\program files\folder.htt
    2002-07-31 23:55 . 2010-02-24 21:10 317 --sh--w- c:\windows\WSYS049.SYS
    2006-12-01 05:17 . 2006-12-01 05:17 0 -csha-w- c:\windows\All Users\DRM\Cache\Indiv01.tmp
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-08-05_19.21.12 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-08-07 05:23 . 2010-08-07 05:23 16384 c:\windows\TEMP\Perflib_Perfdata_1ec.dat
    + 2004-08-04 12:00 . 2010-08-06 20:27 88658 c:\windows\system32\perfc009.dat
    + 2007-11-12 18:43 . 2010-08-06 09:16 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2007-11-12 18:43 . 2010-08-05 00:28 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2007-11-12 18:43 . 2010-08-06 09:16 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2007-11-12 18:43 . 2010-08-05 00:28 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2004-08-04 12:00 . 2010-08-06 20:27 506466 c:\windows\system32\perfh009.dat
    + 2010-08-06 20:10 . 2010-08-06 20:10 1687040 c:\windows\Installer\e976d3a.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]

    [HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
    [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
    [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
    2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D62EC836-BF1E-4CAC-81BE-FB9179835D8E}]
    2010-02-18 07:37 221184 ----a-w- c:\program files\Family Toolbar\mhxpcomi.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]

    [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]

    [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
    @="{7D688A77-C613-11D0-999B-00C04FD655E1}"
    [HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
    2010-07-27 06:30 8462336 ----a-w- c:\windows\system32\shell32.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Allway Sync"="c:\program files\Allway Sync\Bin\syncappw.exe" [2010-05-25 95568]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2003-1-2 811008]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoDevMgrUpdate"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
    2010-03-11 02:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2007-04-20 05:57 162584 ----a-r- c:\windows\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2007-04-20 05:57 142104 ----a-r- c:\windows\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    2008-10-24 13:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2006-01-12 20:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2009-07-14 17:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2007-04-20 05:57 138008 ----a-r- c:\windows\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "WinDefend"=2 (0x2)
    "SWVFBVSN"=3 (0x3)
    "SeaPort"=2 (0x2)
    "RoxWatch9"=2 (0x2)
    "RoxMediaDB9"=3 (0x3)
    "RoxLiveShare9"=2 (0x2)
    "Roxio Upnp Server 9"=2 (0x2)
    "Roxio UPnP Renderer 9"=3 (0x3)
    "RichVideo"=2 (0x2)
    "ose"=3 (0x3)
    "odserv"=3 (0x3)
    "NVSvc"=2 (0x2)
    "NMIndexingService"=3 (0x3)
    "NBService"=3 (0x3)
    "JavaQuickStarterService"=2 (0x2)
    "InCDsrv"=2 (0x2)
    "idsvc"=3 (0x3)
    "IDriverT"=3 (0x3)
    "gupdate"=2 (0x2)
    "fsssvc"=3 (0x3)
    "avg9wd"=2 (0x2)
    "FontCache3.0.0.0"=3 (0x3)
    "clr_optimization_v2.0.50727_32"=3 (0x3)
    "aspnet_state"=3 (0x3)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "AIM"=c:\program files\AIM95\aim.exe -cnetwait.odl

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adaptec DirectCD"=c:\progra~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    "AudioHQ"=c:\program files\Creative\SBLive\AudioHQ\AHQTB.EXE
    "CloneCDTray"=c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe
    "CreateCD"=c:\progra~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
    "Creative Launcher"=c:\program files\Creative\SBLive\Launcher\CTLauncher.exe
    "devldr16.exe"=c:\windows\SYSTEM32\DEVLDR16.EXE
    "hppwrsav"=c:\scanjet\PrecisionScanLT\hppwrsav.exe
    "InstantAccess"=c:\progra~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
    "KM9801U"=c:\progra~1\KM9801U\MMHotKey.EXE
    "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    "LoadQM"=loadqm.exe
    "mdac_runonce"=c:\windows\SYSTEM32\RUNONCE.EXE
    "Mirabilis ICQ"=c:\progra~1\ICQ\ICQNet.exe
    "NPROTECT"=c:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    "RealTray"=c:\program files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    "Register MediaRing Talk"=c:\program files\MediaRing Talk\register.exe
    "RegisterDropHandler"=c:\progra~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    "REGSHAVE"=c:\program files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    "TaskMonitor"=c:\windows\taskmon.exe
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "wcmdmgr"=c:\windows\wt\updater\wcmdmgrl.exe -launch

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
    "AVG7_AMSVR"=c:\progra~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
    "AVG7_CC"=c:\progra~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
    "AVG7_EMC"=c:\progra~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
    "IrMon"=IrMon.exe
    "LoadQM"=loadqm.exe
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "VTTimer"=VTTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
    "CSINJECT.EXE"=c:\program files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
    "Devldr16"=c:\windows\SYSTEM32\DEVLDR16.EXE
    "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    "RegisterDropHandler"=c:\progra~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    "SchedulingAgent"=mstask.exe
    "TrueVector"=c:\windows\SYSTEM\ZONELABS\VSMON.EXE -service

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\World of Warcraft\\Repair.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\Launcher.exe"=
    "c:\\Program Files\\Curse\\CurseClient.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\WINDOWS\\system32\\spoolsv.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [03/08/2010 8:08 PM 64288]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/07/2010 7:17 PM 165456]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/07/2010 7:17 PM 17744]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/07/2010 4:55 AM 1352832]
    S3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [25/05/2005 2:39 PM 4608]
    S3 USB100TX;Linksys EtherFast 10/100 USB Network Adapter;c:\windows\system32\drivers\USB100TX.sys [12/11/2007 2:48 PM 26368]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [04/08/2004 8:00 AM 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
    S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/11/2009 8:17 PM 135664]
    S4 SWVFBVSN;SWVFBVSN;c:\docume~1\Ward\LOCALS~1\Temp\SWVFBVSN.exe --> c:\docume~1\Ward\LOCALS~1\Temp\SWVFBVSN.exe [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
    2006-01-16 16:41 7168 ----a-w- c:\windows\system32\updcrl.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2010-08-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 08:55]

    2010-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.myheritage.com
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &ICQ Toolbar Search - c:\program files\ICQTOOLBAR\TOOLBAR.DLL/SEARCH.HTML
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - c:\program files\Family Toolbar\mhxpcomi.dll
    DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
    DPF: Internet Explorer Classes for Java - file://c:\windows\SYSTEM\iejava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
    DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} - hxxp://www.shockwave.com/content/angelx/SonyPicturesGameDownloader.cab
    DPF: {DCA94B48-119B-453C-8863-DE6B9186A81B} - hxxps://sb.smartborder.com/Client/InstallFiles/SB_INIT_V3.CAB
    FF - ProfilePath - c:\documents and settings\Ward\Application Data\Mozilla\Firefox\Profiles\l7a7zkci.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
    FF - plugin: c:\documents and settings\Ward\Application Data\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\Download Manager\npfpdlm.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
    MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe



    **************************************************************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3564)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\program files\Allway Sync\Bin\SyncHook.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\UPnPUI.dll
    c:\program files\Common Files\Roxio Shared\9.0\DLLShared\FakeAvRenderer.dll
    c:\program files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
    .
    Completion time: 2010-08-07 19:54:27
    ComboFix-quarantined-files.txt 2010-08-07 23:54
    ComboFix2.txt 2010-08-06 09:53
    ComboFix3.txt 2010-08-05 19:24
    ComboFix4.txt 2010-07-22 21:36

    Pre-Run: 184,108,240,896 bytes free
    Post-Run: 184,086,532,096 bytes free

    - - End Of File - - 8C20E3E94019132C4D2A2467B0AB1378
     
  15. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    Please download OTM
    • Save it to your desktop.
    • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Processes
      
      :Services
      SWVFBVSN
      :Reg
      
      :Files
      ipconfig /flushdns /c
      
      :Commands
      [purity]
      [resethosts]
      [emptytemp]
      [CREATERESTOREPOINT]
      [EMPTYFLASH]
      [Reboot]
      
    • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM and reboot your PC.
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



    Download TFC to your desktop
    • Open the file and close any other windows.
    • It will close all programs itself when run, make sure to let it run uninterrupted.
    • Click the Start button to begin the process. The program should not take long to finish its job
    • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




    Please download Malwarebytes' Anti-Malware from Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






    Go to Kaspersky website and perform an online antivirus scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/940742