Jump to content

AugustAPC

Members
 View Profile  See their activity

  • Posts

    13

  • Joined

  • Last visited

 Content Type 

Everything posted by AugustAPC

  1. AugustAPC
    I didn't do anything suggested in another user's post. That thread was for my computer's problems. Anyway, I seem to have managed to fix things. I noticed a SVCHost running at ~300,000 kb, and ran HitmanPro35, which seemed to have found a virus that all the other virus programs missed. Since running it, I have not seen a blue screen and my SVCHost is running normally now. Thank you for the reply, and I hope this information may provide a little help for you in the future, as it seems that a lot of people are catching the same virus I had.
  2. AugustAPC
    Previous attempt to fix computer: http://forums.malwarebytes.org/index.php?showtopic=93317 Hi, I'm in serious need of help here. After following the directions in the above thread, my computer seemed to be running better. But after rebooting, I'm getting a blue screen on start up. I am able to get windows to run by using the "run with last known working configuration". But with every reboot, the blue screen returns. I'm clueless on what to do at this point.
  3. AugustAPC
    Alrighty, thanks. You're a savior. I really appreciate all your help.
  4. AugustAPC
    Also, I forgot to mention. Something I've noticed happening recently is that when I skip ahead or backward in a Youtube video, the sound cuts out. I'm not sure if this is relevant, because I saw some sound drivers mentioned in some of the logs.
  5. AugustAPC
    Thanks again for your help. I did as you asked and ran the re-enable with defogger. It said "finished!", but did not prompt me to restart my computer. Do you need the log posted?
  6. AugustAPC
    Apologies for the slow response, had a phone call. My computer seems to be running smoother. I haven't had any redirects from google as of yet. I'll better be able to tell if it's running smoother once I load a game up. Anyway, I did as you suggested and here are the new results: ComboFix 11-08-24.04 - Austin Gustafson 08/24/2011 15:40:25.22.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.608 [GMT -4:00] Running from: c:\documents and settings\Austin Gustafson\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Austin Gustafson\Desktop\CFScript.txt AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((( Files Created from 2011-07-24 to 2011-08-24 ))))))))))))))))))))))))))))))) . . 2011-08-24 13:32 . 2011-08-24 17:14 -------- d-----w- c:\program files\Emsisoft Anti-Malware 2011-08-24 12:38 . 2011-08-24 17:12 -------- d-----w- c:\program files\Sophos 2011-08-18 13:07 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-18 13:07 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-17 13:02 . 2011-08-17 13:02 1152 ----a-w- c:\windows\system32\windrv.sys 2011-08-10 04:29 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-10 04:29 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-15 13:29 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02 . 2004-08-04 10:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-04 11:43 . 2011-05-24 22:03 40112 ----a-w- c:\windows\avastSS.scr 2011-07-04 11:43 . 2011-05-24 22:03 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-07-04 11:37 . 2011-05-24 22:04 103384 ----a-w- c:\windows\system32\drivers\aswFW.sys 2011-07-04 11:36 . 2011-05-24 22:04 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-07-04 11:36 . 2011-05-24 22:04 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-07-04 11:36 . 2011-05-24 22:04 194264 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2011-07-04 11:35 . 2011-05-24 22:04 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-07-04 11:35 . 2011-05-24 22:04 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-07-04 11:35 . 2011-05-24 22:04 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-07-04 11:32 . 2011-05-24 22:04 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-07-04 11:32 . 2011-05-24 22:04 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-07-04 11:32 . 2011-05-24 22:04 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-06-24 14:10 . 2010-02-04 19:38 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:36 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:36 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 18:36 . 2004-08-04 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44 . 2004-08-04 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-06-02 14:02 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-18 05:51 . 2011-03-23 20:33 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot_2011-08-17_07.22.09 ))))))))))))))))))))))))))))))))))))))))) . + 2008-04-13 23:00 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe - 2008-04-13 23:00 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe + 2010-10-10 10:57 . 2011-08-19 15:38 18296 c:\windows\system32\mlfcache.dat - 2011-08-10 04:29 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\update\spcustom.dll - 2011-08-10 04:29 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\spmsg.dll - 2011-08-10 04:29 . 2011-06-23 18:33 12800 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\xpshims.dll - 2011-08-10 04:29 . 2011-06-23 18:33 66560 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\mshtmled.dll - 2011-08-10 04:29 . 2011-06-23 18:33 55296 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\msfeedsbs.dll - 2011-08-10 04:29 . 2011-06-23 18:33 43520 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\licmgr10.dll - 2011-08-10 04:29 . 2011-06-23 18:33 25600 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\jsproxy.dll - 2011-08-10 04:29 . 2011-06-23 18:36 12800 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\xpshims.dll - 2011-08-10 04:29 . 2011-06-23 18:36 66560 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\mshtmled.dll - 2011-08-10 04:29 . 2011-06-23 18:36 55296 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\msfeedsbs.dll - 2011-08-10 04:29 . 2011-06-23 18:36 43520 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\licmgr10.dll - 2011-08-10 04:29 . 2011-06-23 18:36 25600 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\jsproxy.dll - 2011-08-10 04:29 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\update\updspapi.dll - 2011-08-10 04:29 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\update\update.exe - 2011-08-10 04:29 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\spuninst.exe - 2011-08-10 04:29 . 2011-06-23 18:33 919552 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\wininet.dll - 2011-08-10 04:29 . 2011-06-23 18:33 105984 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\url.dll - 2011-08-10 04:29 . 2011-06-23 18:33 206848 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\occache.dll - 2011-08-10 04:29 . 2011-06-23 18:33 611840 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\mstime.dll - 2011-08-10 04:29 . 2011-06-23 18:33 602112 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\msfeeds.dll - 2011-08-10 04:29 . 2011-06-23 18:33 247808 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\ieproxy.dll - 2011-08-10 04:29 . 2011-06-23 18:33 184320 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\iepeers.dll - 2011-08-10 04:29 . 2011-06-23 18:33 743424 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\iedvtool.dll - 2011-08-10 04:29 . 2011-06-23 18:33 387584 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\iedkcs32.dll - 2011-08-10 04:29 . 2011-06-23 12:19 173568 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\ie4uinit.exe - 2011-08-10 04:29 . 2011-06-23 18:36 916480 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\wininet.dll - 2011-08-10 04:29 . 2011-06-23 18:36 105984 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\url.dll - 2011-08-10 04:29 . 2011-06-23 18:36 206848 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\occache.dll - 2011-08-10 04:29 . 2011-06-23 18:36 611840 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\mstime.dll - 2011-08-10 04:29 . 2011-06-23 18:36 602112 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\msfeeds.dll - 2011-08-10 04:29 . 2011-06-23 18:36 247808 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\ieproxy.dll - 2011-08-10 04:29 . 2011-06-23 18:36 184320 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\iepeers.dll - 2011-08-10 04:29 . 2011-06-23 18:36 743424 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\iedvtool.dll - 2011-08-10 04:29 . 2011-06-23 18:36 387584 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\iedkcs32.dll - 2011-08-10 04:29 . 2011-06-23 12:05 173568 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\ie4uinit.exe - 2011-08-10 04:29 . 2011-06-23 18:33 1214464 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\urlmon.dll - 2011-08-10 04:29 . 2011-07-25 15:15 5971456 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\mshtml.dll - 2011-08-10 04:29 . 2011-06-23 18:33 1992192 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\iertutil.dll - 2011-08-10 04:29 . 2011-06-23 18:36 1212416 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\urlmon.dll - 2011-08-10 04:29 . 2011-07-25 15:17 5969920 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\mshtml.dll - 2011-08-10 04:29 . 2011-06-23 18:36 1991680 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\iertutil.dll - 2011-08-10 04:29 . 2011-06-23 18:36 11081728 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\ieframe.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AIM"="c:\program files\AIM7\aim.exe" [2010-05-21 3824472] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "nwiz"="nwiz.exe" [2003-07-28 323584] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] . c:\documents and settings\Austin Gustafson\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-07-06 23:52 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= . R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [5/24/2011 6:03 PM 12112] R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [5/24/2011 6:04 PM 194264] R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [5/24/2011 6:04 PM 103384] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/24/2011 6:04 PM 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/24/2011 6:04 PM 309848] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/24/2011 6:04 PM 19544] R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [5/24/2011 6:03 PM 121000] S1 MpKsl31ac5a10;MpKsl31ac5a10;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F2B2981-7335-4D85-8336-A79B99AC6DAE}\MpKsl31ac5a10.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F2B2981-7335-4D85-8336-A79B99AC6DAE}\MpKsl31ac5a10.sys [?] S1 MpKsl461828cc;MpKsl461828cc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{00EB6557-3A6B-4166-A43A-92D7C281CE8A}\MpKsl461828cc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{00EB6557-3A6B-4166-A43A-92D7C281CE8A}\MpKsl461828cc.sys [?] S1 MpKsl71a9ace2;MpKsl71a9ace2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05E2EFC4-E7B4-46CB-9901-ED4033EA5CEC}\MpKsl71a9ace2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05E2EFC4-E7B4-46CB-9901-ED4033EA5CEC}\MpKsl71a9ace2.sys [?] S1 MpKslc7de6f4b;MpKslc7de6f4b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F2B2981-7335-4D85-8336-A79B99AC6DAE}\MpKslc7de6f4b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F2B2981-7335-4D85-8336-A79B99AC6DAE}\MpKslc7de6f4b.sys [?] S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\AUSTIN~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\AUSTIN~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?] S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\AUSTIN~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\AUSTIN~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/18/2011 9:07 AM 41272] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\BC.tmp --> c:\windows\system32\BC.tmp [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504] . Contents of the 'Scheduled Tasks' folder . 2011-07-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: microsoft.com\www.update TCP: DhcpNameServer = 68.87.74.166 68.87.68.166 FF - ProfilePath - c:\documents and settings\Austin Gustafson\Application Data\Mozilla\Firefox\Profiles\l2hqcyhh.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://us.mg4.mail.yahoo.com/dc/launch?.gx=1&.rand=agt92ikbk8pjs FF - prefs.js: keyword.URL - hxxp://eis.esnips.com/page/search_provider/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d&q= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-24 15:54 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\BC.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1044) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . - - - - - - - > 'explorer.exe'(2356) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2011-08-24 16:06:00 - machine was rebooted ComboFix-quarantined-files.txt 2011-08-24 20:05 ComboFix2.txt 2011-08-24 19:07 ComboFix3.txt 2011-08-18 02:58 ComboFix4.txt 2011-08-17 07:34 ComboFix5.txt 2011-08-24 19:37 . Pre-Run: 19,143,069,696 bytes free Post-Run: 19,119,783,936 bytes free . - - End Of File - - 8BE14AD200579CF2427D484425A76262 Thank you again for your help, it is greatly appreciated.
  7. AugustAPC
    Quite a large report here. Lots and lots of deletions. I hope that means we're making process . ComboFix 11-08-24.04 - Austin Gustafson 08/24/2011 14:52:06.21.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.591 [GMT -4:00] Running from: c:\documents and settings\Austin Gustafson\Desktop\ComboFix.exe AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Austin Gustafson\Application Data\Mozilla\Firefox\Profiles\l2hqcyhh.default\extensions\{3880f442-4e29-4eaa-952f-f49153d1e503} c:\documents and settings\Austin Gustafson\Application Data\Mozilla\Firefox\Profiles\l2hqcyhh.default\extensions\{3880f442-4e29-4eaa-952f-f49153d1e503}\chrome\xulcache.jar c:\documents and settings\Austin Gustafson\Application Data\Mozilla\Firefox\Profiles\l2hqcyhh.default\extensions\{3880f442-4e29-4eaa-952f-f49153d1e503}\defaults\preferences\xulcache.js c:\documents and settings\Austin Gustafson\Application Data\Mozilla\Firefox\Profiles\l2hqcyhh.default\extensions\{3880f442-4e29-4eaa-952f-f49153d1e503}\install.rdf c:\documents and settings\Austin Gustafson\Application Data\Mozilla\Firefox\Profiles\l2hqcyhh.default\extensions\{579746aa-6524-4f06-b30d-e7e69414803e} c:\documents and settings\Austin Gustafson\Application Data\Mozilla\Firefox\Profiles\l2hqcyhh.default\extensions\{579746aa-6524-4f06-b30d-e7e69414803e}\chrome\xulcache.jar c:\documents and settings\Austin Gustafson\Application Data\Mozilla\Firefox\Profiles\l2hqcyhh.default\extensions\{579746aa-6524-4f06-b30d-e7e69414803e}\defaults\preferences\xulcache.js c:\documents and settings\Austin Gustafson\Application Data\Mozilla\Firefox\Profiles\l2hqcyhh.default\extensions\{579746aa-6524-4f06-b30d-e7e69414803e}\install.rdf c:\documents and settings\Austin Gustafson\Application Data\Mozilla\Firefox\Profiles\l2hqcyhh.default\extensions\{6962b76d-cebb-4b1c-ae20-53589d2917d2} c:\documents and settings\Austin Gustafson\Application Data\Mozilla\Firefox\Profiles\l2hqcyhh.default\extensions\{6962b76d-cebb-4b1c-ae20-53589d2917d2}\chrome\xulcache.jar c:\documents and settings\Austin Gustafson\Application Data\Mozilla\Firefox\Profiles\l2hqcyhh.default\extensions\{6962b76d-cebb-4b1c-ae20-53589d2917d2}\defaults\preferences\xulcache.js c:\documents and settings\Austin Gustafson\Application Data\Mozilla\Firefox\Profiles\l2hqcyhh.default\extensions\{6962b76d-cebb-4b1c-ae20-53589d2917d2}\install.rdf c:\documents and settings\Austin Gustafson\Application Data\Mozilla\Firefox\Profiles\l2hqcyhh.default\extensions\{c109abe1-ecc6-4d8d-a376-6a88207c3ac9} c:\documents and settings\Austin Gustafson\Application Data\Mozilla\Firefox\Profiles\l2hqcyhh.default\extensions\{c109abe1-ecc6-4d8d-a376-6a88207c3ac9}\chrome\xulcache.jar c:\documents and settings\Austin Gustafson\Application Data\Mozilla\Firefox\Profiles\l2hqcyhh.default\extensions\{c109abe1-ecc6-4d8d-a376-6a88207c3ac9}\defaults\preferences\xulcache.js c:\documents and settings\Austin Gustafson\Application Data\Mozilla\Firefox\Profiles\l2hqcyhh.default\extensions\{c109abe1-ecc6-4d8d-a376-6a88207c3ac9}\install.rdf c:\documents and settings\Austin Gustafson\Application Data\Mozilla\Firefox\Profiles\l2hqcyhh.default\extensions\{cee78945-209c-4cc6-84a8-db0decf0f1c3} c:\documents and settings\Austin Gustafson\Application Data\Mozilla\Firefox\Profiles\l2hqcyhh.default\extensions\{cee78945-209c-4cc6-84a8-db0decf0f1c3}\chrome.manifest c:\documents and settings\Austin Gustafson\Application Data\Mozilla\Firefox\Profiles\l2hqcyhh.default\extensions\{cee78945-209c-4cc6-84a8-db0decf0f1c3}\chrome\xulcache.jar c:\documents and settings\Austin Gustafson\Application Data\Mozilla\Firefox\Profiles\l2hqcyhh.default\extensions\{cee78945-209c-4cc6-84a8-db0decf0f1c3}\defaults\preferences\xulcache.js c:\documents and settings\Austin Gustafson\Application Data\Mozilla\Firefox\Profiles\l2hqcyhh.default\extensions\{cee78945-209c-4cc6-84a8-db0decf0f1c3}\install.rdf c:\documents and settings\Austin Gustafson\Application Data\Mozilla\Firefox\Profiles\l2hqcyhh.default\extensions\{ecbc3dd2-c532-4c7a-96d5-739759031732} c:\documents and settings\Austin Gustafson\Application Data\Mozilla\Firefox\Profiles\l2hqcyhh.default\extensions\{ecbc3dd2-c532-4c7a-96d5-739759031732}\chrome\xulcache.jar c:\documents and settings\Austin Gustafson\Application Data\Mozilla\Firefox\Profiles\l2hqcyhh.default\extensions\{ecbc3dd2-c532-4c7a-96d5-739759031732}\defaults\preferences\xulcache.js c:\documents and settings\Austin Gustafson\Application Data\Mozilla\Firefox\Profiles\l2hqcyhh.default\extensions\{ecbc3dd2-c532-4c7a-96d5-739759031732}\install.rdf c:\documents and settings\Austin Gustafson\irgmpnstoq.tmp c:\windows\system32\atrace32.dll . . ((((((((((((((((((((((((( Files Created from 2011-07-24 to 2011-08-24 ))))))))))))))))))))))))))))))) . . 2011-08-24 13:32 . 2011-08-24 17:14 -------- d-----w- c:\program files\Emsisoft Anti-Malware 2011-08-24 12:38 . 2011-08-24 17:12 -------- d-----w- c:\program files\Sophos 2011-08-18 13:07 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-18 13:07 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-17 13:02 . 2011-08-17 13:02 1152 ----a-w- c:\windows\system32\windrv.sys 2011-08-10 04:29 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-10 04:29 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-15 13:29 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02 . 2004-08-04 10:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-04 11:43 . 2011-05-24 22:03 40112 ----a-w- c:\windows\avastSS.scr 2011-07-04 11:43 . 2011-05-24 22:03 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-07-04 11:37 . 2011-05-24 22:04 103384 ----a-w- c:\windows\system32\drivers\aswFW.sys 2011-07-04 11:36 . 2011-05-24 22:04 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-07-04 11:36 . 2011-05-24 22:04 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-07-04 11:36 . 2011-05-24 22:04 194264 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2011-07-04 11:35 . 2011-05-24 22:04 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-07-04 11:35 . 2011-05-24 22:04 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-07-04 11:35 . 2011-05-24 22:04 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-07-04 11:32 . 2011-05-24 22:04 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-07-04 11:32 . 2011-05-24 22:04 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-07-04 11:32 . 2011-05-24 22:04 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-06-24 14:10 . 2010-02-04 19:38 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:36 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:36 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 18:36 . 2004-08-04 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44 . 2004-08-04 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-06-02 14:02 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-18 05:51 . 2011-03-23 20:33 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot_2011-08-17_07.22.09 ))))))))))))))))))))))))))))))))))))))))) . + 2008-04-13 23:00 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe - 2008-04-13 23:00 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe + 2010-10-10 10:57 . 2011-08-19 15:38 18296 c:\windows\system32\mlfcache.dat - 2011-08-10 04:29 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\update\spcustom.dll - 2011-08-10 04:29 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\spmsg.dll - 2011-08-10 04:29 . 2011-06-23 18:33 12800 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\xpshims.dll - 2011-08-10 04:29 . 2011-06-23 18:33 66560 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\mshtmled.dll - 2011-08-10 04:29 . 2011-06-23 18:33 55296 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\msfeedsbs.dll - 2011-08-10 04:29 . 2011-06-23 18:33 43520 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\licmgr10.dll - 2011-08-10 04:29 . 2011-06-23 18:33 25600 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\jsproxy.dll - 2011-08-10 04:29 . 2011-06-23 18:36 12800 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\xpshims.dll - 2011-08-10 04:29 . 2011-06-23 18:36 66560 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\mshtmled.dll - 2011-08-10 04:29 . 2011-06-23 18:36 55296 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\msfeedsbs.dll - 2011-08-10 04:29 . 2011-06-23 18:36 43520 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\licmgr10.dll - 2011-08-10 04:29 . 2011-06-23 18:36 25600 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\jsproxy.dll - 2011-08-10 04:29 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\update\updspapi.dll - 2011-08-10 04:29 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\update\update.exe - 2011-08-10 04:29 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\spuninst.exe - 2011-08-10 04:29 . 2011-06-23 18:33 919552 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\wininet.dll - 2011-08-10 04:29 . 2011-06-23 18:33 105984 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\url.dll - 2011-08-10 04:29 . 2011-06-23 18:33 206848 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\occache.dll - 2011-08-10 04:29 . 2011-06-23 18:33 611840 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\mstime.dll - 2011-08-10 04:29 . 2011-06-23 18:33 602112 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\msfeeds.dll - 2011-08-10 04:29 . 2011-06-23 18:33 247808 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\ieproxy.dll - 2011-08-10 04:29 . 2011-06-23 18:33 184320 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\iepeers.dll - 2011-08-10 04:29 . 2011-06-23 18:33 743424 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\iedvtool.dll - 2011-08-10 04:29 . 2011-06-23 18:33 387584 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\iedkcs32.dll - 2011-08-10 04:29 . 2011-06-23 12:19 173568 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\ie4uinit.exe - 2011-08-10 04:29 . 2011-06-23 18:36 916480 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\wininet.dll - 2011-08-10 04:29 . 2011-06-23 18:36 105984 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\url.dll - 2011-08-10 04:29 . 2011-06-23 18:36 206848 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\occache.dll - 2011-08-10 04:29 . 2011-06-23 18:36 611840 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\mstime.dll - 2011-08-10 04:29 . 2011-06-23 18:36 602112 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\msfeeds.dll - 2011-08-10 04:29 . 2011-06-23 18:36 247808 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\ieproxy.dll - 2011-08-10 04:29 . 2011-06-23 18:36 184320 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\iepeers.dll - 2011-08-10 04:29 . 2011-06-23 18:36 743424 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\iedvtool.dll - 2011-08-10 04:29 . 2011-06-23 18:36 387584 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\iedkcs32.dll - 2011-08-10 04:29 . 2011-06-23 12:05 173568 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\ie4uinit.exe - 2011-08-10 04:29 . 2011-06-23 18:33 1214464 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\urlmon.dll - 2011-08-10 04:29 . 2011-07-25 15:15 5971456 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\mshtml.dll - 2011-08-10 04:29 . 2011-06-23 18:33 1992192 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3QFE\iertutil.dll - 2011-08-10 04:29 . 2011-06-23 18:36 1212416 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\urlmon.dll - 2011-08-10 04:29 . 2011-07-25 15:17 5969920 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\mshtml.dll - 2011-08-10 04:29 . 2011-06-23 18:36 1991680 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\iertutil.dll - 2011-08-10 04:29 . 2011-06-23 18:36 11081728 c:\windows\SoftwareDistribution\Download\0c4605390d76df6e08bd7638facea692\SP3GDR\ieframe.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AIM"="c:\program files\AIM7\aim.exe" [2010-05-21 3824472] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "nwiz"="nwiz.exe" [2003-07-28 323584] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] . c:\documents and settings\Austin Gustafson\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-07-06 23:52 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= . R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [5/24/2011 6:03 PM 12112] R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [5/24/2011 6:04 PM 194264] R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [5/24/2011 6:04 PM 103384] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/24/2011 6:04 PM 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/24/2011 6:04 PM 309848] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/24/2011 6:04 PM 19544] S1 MpKsl31ac5a10;MpKsl31ac5a10;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F2B2981-7335-4D85-8336-A79B99AC6DAE}\MpKsl31ac5a10.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F2B2981-7335-4D85-8336-A79B99AC6DAE}\MpKsl31ac5a10.sys [?] S1 MpKsl461828cc;MpKsl461828cc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{00EB6557-3A6B-4166-A43A-92D7C281CE8A}\MpKsl461828cc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{00EB6557-3A6B-4166-A43A-92D7C281CE8A}\MpKsl461828cc.sys [?] S1 MpKsl71a9ace2;MpKsl71a9ace2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05E2EFC4-E7B4-46CB-9901-ED4033EA5CEC}\MpKsl71a9ace2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05E2EFC4-E7B4-46CB-9901-ED4033EA5CEC}\MpKsl71a9ace2.sys [?] S1 MpKslc7de6f4b;MpKslc7de6f4b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F2B2981-7335-4D85-8336-A79B99AC6DAE}\MpKslc7de6f4b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F2B2981-7335-4D85-8336-A79B99AC6DAE}\MpKslc7de6f4b.sys [?] S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\AUSTIN~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\AUSTIN~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?] S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\AUSTIN~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\AUSTIN~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?] S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [5/24/2011 6:03 PM 121000] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/18/2011 9:07 AM 41272] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\BC.tmp --> c:\windows\system32\BC.tmp [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY . Contents of the 'Scheduled Tasks' folder . 2011-07-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: microsoft.com\www.update TCP: DhcpNameServer = 68.87.74.166 68.87.68.166 FF - ProfilePath - c:\documents and settings\Austin Gustafson\Application Data\Mozilla\Firefox\Profiles\l2hqcyhh.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://us.mg4.mail.yahoo.com/dc/launch?.gx=1&.rand=agt92ikbk8pjs FF - prefs.js: keyword.URL - hxxp://eis.esnips.com/page/search_provider/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d&q= FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 53798 FF - prefs.js: network.proxy.type - 0 FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(general.useragent.extra.brc, BRI/1 . - - - - ORPHANS REMOVED - - - - . BHO-{08333AE5-D50F-4F8A-9047-843C7A7F406d} - c:\windows\system32\atrace32.dll BHO-{0E66D269-30C5-4230-9E36-286562B3B9E8} - c:\windows\system32\atrace32.dll Toolbar-Locked - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-24 15:03 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . C:\## aswSnx private storage . scan completed successfully hidden files: 1 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\BC.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1044) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . Completion time: 2011-08-24 15:07:10 ComboFix-quarantined-files.txt 2011-08-24 19:07 ComboFix2.txt 2011-08-18 02:58 ComboFix3.txt 2011-08-17 07:34 ComboFix4.txt 2011-07-03 21:53 ComboFix5.txt 2011-08-24 18:49 . Pre-Run: 19,072,270,336 bytes free Post-Run: 19,154,313,216 bytes free . - - End Of File - - BBDF7120B5DDF62087090925C5B6B5DF
  8. AugustAPC
    I've done what you've suggested. Here are the results: ------------------------------------------ Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7544 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 8/24/2011 1:36:24 PM mbam-log-2011-08-24 (13-36-24).txt Scan type: Quick scan Objects scanned: 171646 Time elapsed: 8 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ------------------------------------- . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22 Run by Austin Gustafson at 13:37:20 on 2011-08-24 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.612 [GMT -4:00] . AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} FW: avast! Internet Security *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\AVAST Software\Avast\afwServ.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\AIM7\aim.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\NOTEPAD.EXE . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: {08333ae5-d50f-4f8a-9047-843c7a7f406d} - c:\windows\system32\atrace32.dll BHO: {0e66d269-30c5-4230-9e36-286562b3b9e8} - c:\windows\system32\atrace32.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll TB: {35065594-9169-4A34-B167-FC4865038E53} - No File uRun: [AIM] "c:\program files\aim7\aim.exe" /d locale=en-US uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime StartupFolder: c:\docume~1\austin~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: microsoft.com\www.update DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1288273749000 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 68.87.74.166 68.87.68.166 TCP: Interfaces\{84427DA0-3E60-4434-A20D-072958FA2AF7} : DhcpNameServer = 68.87.74.166 68.87.68.166 SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\austin gustafson\application data\mozilla\firefox\profiles\l2hqcyhh.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://us.mg4.mail.yahoo.com/dc/launch?.gx=1&.rand=agt92ikbk8pjs FF - prefs.js: keyword.URL - hxxp://eis.esnips.com/page/search_provider/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d&q= FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 53798 FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(general.useragent.extra.brc, BRI/1 . ============= SERVICES / DRIVERS =============== . R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-5-24 12112] R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-5-24 194264] R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-5-24 103384] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-24 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-24 309848] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-24 19544] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-24 42184] R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2011-5-24 121000] S1 MpKsl31ac5a10;MpKsl31ac5a10;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f2b2981-7335-4d85-8336-a79b99ac6dae}\mpksl31ac5a10.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f2b2981-7335-4d85-8336-a79b99ac6dae}\MpKsl31ac5a10.sys [?] S1 MpKsl461828cc;MpKsl461828cc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{00eb6557-3a6b-4166-a43a-92d7c281ce8a}\mpksl461828cc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{00eb6557-3a6b-4166-a43a-92d7c281ce8a}\MpKsl461828cc.sys [?] S1 MpKsl71a9ace2;MpKsl71a9ace2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{05e2efc4-e7b4-46cb-9901-ed4033ea5cec}\mpksl71a9ace2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{05e2efc4-e7b4-46cb-9901-ed4033ea5cec}\MpKsl71a9ace2.sys [?] S1 MpKslc7de6f4b;MpKslc7de6f4b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f2b2981-7335-4d85-8336-a79b99ac6dae}\mpkslc7de6f4b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f2b2981-7335-4d85-8336-a79b99ac6dae}\MpKslc7de6f4b.sys [?] S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\austin~1\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\austin~1\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?] S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\austin~1\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\austin~1\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-18 41272] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\bc.tmp --> c:\windows\system32\BC.tmp [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-08-24 13:32:52 -------- d-----w- c:\program files\Emsisoft Anti-Malware 2011-08-24 12:38:50 -------- d-----w- c:\program files\Sophos 2011-08-18 13:07:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-18 13:07:48 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-18 09:47:58 0 ---ha-w- c:\documents and settings\austin gustafson\irgmpnstoq.tmp 2011-08-17 13:02:55 1152 ----a-w- c:\windows\system32\windrv.sys 2011-08-10 04:29:47 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-10 04:29:24 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys . ==================== Find3M ==================== . 2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr 2011-07-04 11:37:33 103384 ----a-w- c:\windows\system32\drivers\aswFW.sys 2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-07-04 11:36:18 194264 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe 2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 13:41:10.35 ===============
  9. AugustAPC
    I wanted to remove the anti-virus program first, before I went ahead with that. As for Microsoft Security Essentials, I thought I removed that several months ago. It isn't present on my "Add or Removes program list". I'm not sure what that means. I'll go ahead and run the fix now.
  10. AugustAPC
    Hi, thank you for replying. I've downloaded a lot of anti-virus programs trying in attempt to try to remove these viruses. The only one I'm aware that's running as protection is Avast. The others I've just used for 1 time scans. Could you tell me which specifically I should remove?
  11. AugustAPC
    I'm starting a new thread as my first one didn't get a reply for a while and I had to bump it a few times, probably giving it the appearance that I was being serviced already. As I said, google is being redirected to different sites and my computer gets some laggy spikes going on with it every few minutes. -Austin -------------------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7499 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 8/18/2011 9:16:52 AM mbam-log-2011-08-18 (09-16-52).txt Scan type: Quick scan Objects scanned: 170712 Time elapsed: 7 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\localservice\application data\020000003b8bcbe01406c.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\documents and settings\localservice\application data\020000003b8bcbe01406o.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\documents and settings\localservice\application data\020000003b8bcbe01406p.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\documents and settings\localservice\application data\020000003b8bcbe01406s.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\020000003b8bcbe01406c.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\020000003b8bcbe01406o.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\020000003b8bcbe01406p.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\020000003b8bcbe01406s.manifest (Malware.Trace) -> Quarantined and deleted successfully. -------------------------------------------------------------------------------------- . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22 Run by Austin Gustafson at 9:32:44 on 2011-08-18 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.488 [GMT -4:00] . AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} FW: avast! Internet Security *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVAST Software\Avast\afwServ.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\AIM7\aim.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wmpps32.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\atrace32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\plugin-container.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: {0e66d269-30c5-4230-9e36-286562b3b9e8} - c:\windows\system32\atrace32.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll TB: {35065594-9169-4A34-B167-FC4865038E53} - No File uRun: [AIM] "c:\program files\aim7\aim.exe" /d locale=en-US mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime StartupFolder: c:\docume~1\austin~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: microsoft.com\www.update DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1288273749000 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 68.87.74.166 68.87.68.166 TCP: Interfaces\{84427DA0-3E60-4434-A20D-072958FA2AF7} : DhcpNameServer = 68.87.74.166 68.87.68.166 AppInit_DLLs: c:\windows\system32\msnetobj32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\austin gustafson\application data\mozilla\firefox\profiles\l2hqcyhh.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://us.mg4.mail.yahoo.com/dc/launch?.gx=1&.rand=agt92ikbk8pjs FF - prefs.js: keyword.URL - hxxp://eis.esnips.com/page/search_provider/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d&q= FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 53798 FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(general.useragent.extra.brc, BRI/1 . ============= SERVICES / DRIVERS =============== . R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-5-24 12112] R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-5-24 194264] R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-5-24 103384] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-24 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-24 309848] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-24 19544] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-24 42184] R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2011-5-24 121000] R2 seclogon32;Secondary Logon ;c:\windows\system32\wmpps32.exe [2011-8-16 706560] S1 MpKsl31ac5a10;MpKsl31ac5a10;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f2b2981-7335-4d85-8336-a79b99ac6dae}\mpksl31ac5a10.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f2b2981-7335-4d85-8336-a79b99ac6dae}\MpKsl31ac5a10.sys [?] S1 MpKsl461828cc;MpKsl461828cc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{00eb6557-3a6b-4166-a43a-92d7c281ce8a}\mpksl461828cc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{00eb6557-3a6b-4166-a43a-92d7c281ce8a}\MpKsl461828cc.sys [?] S1 MpKsl71a9ace2;MpKsl71a9ace2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{05e2efc4-e7b4-46cb-9901-ed4033ea5cec}\mpksl71a9ace2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{05e2efc4-e7b4-46cb-9901-ed4033ea5cec}\MpKsl71a9ace2.sys [?] S1 MpKslc7de6f4b;MpKslc7de6f4b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f2b2981-7335-4d85-8336-a79b99ac6dae}\mpkslc7de6f4b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f2b2981-7335-4d85-8336-a79b99ac6dae}\MpKslc7de6f4b.sys [?] S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\austin~1\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\austin~1\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?] S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\austin~1\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\austin~1\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-18 41272] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-08-18 13:07:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-18 13:07:48 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-18 09:47:58 0 ---ha-w- c:\documents and settings\austin gustafson\irgmpnstoq.tmp 2011-08-18 01:18:06 155136 ----a-w- c:\windows\system32\msnetobj32.dll 2011-08-17 13:02:55 1152 ----a-w- c:\windows\system32\windrv.sys 2011-08-16 12:11:04 706560 ----a-w- c:\windows\system32\atrace32.exe 2011-08-16 12:10:52 706560 ----a-w- c:\windows\system32\wmpps32.exe 2011-08-16 12:10:40 328704 ----a-w- c:\windows\system32\atrace32.dll 2011-08-10 04:29:47 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-10 04:29:24 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys . ==================== Find3M ==================== . 2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr 2011-07-04 11:37:33 103384 ----a-w- c:\windows\system32\drivers\aswFW.sys 2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-07-04 11:36:18 194264 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe 2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 9:36:55.89 =============== -------------------------------------------------------------------------------------- Hi, I just want to report that I've been experiencing a lot of redirects to several different sites from my google searches as of late. Thanks. attach.zip
  12. AugustAPC
    Sorry if this is against the rules. It's almost been three days and I'm a bit worried that the infection may be getting worse. Just gonna bump this thread in case it was forgotten.
  13. AugustAPC
    Thank you all in advance for the help. My anti-virus won't quite get rid of this sucker :\. I followed your steps prior to posting. Hope I did everything right! Here are my results: -Austin -------------------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7499 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 8/18/2011 9:16:52 AM mbam-log-2011-08-18 (09-16-52).txt Scan type: Quick scan Objects scanned: 170712 Time elapsed: 7 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\localservice\application data\020000003b8bcbe01406c.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\documents and settings\localservice\application data\020000003b8bcbe01406o.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\documents and settings\localservice\application data\020000003b8bcbe01406p.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\documents and settings\localservice\application data\020000003b8bcbe01406s.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\020000003b8bcbe01406c.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\020000003b8bcbe01406o.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\020000003b8bcbe01406p.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\020000003b8bcbe01406s.manifest (Malware.Trace) -> Quarantined and deleted successfully. -------------------------------------------------------------------------------------- . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22 Run by Austin Gustafson at 9:32:44 on 2011-08-18 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.488 [GMT -4:00] . AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} FW: avast! Internet Security *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVAST Software\Avast\afwServ.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\AIM7\aim.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wmpps32.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\atrace32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\plugin-container.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: {0e66d269-30c5-4230-9e36-286562b3b9e8} - c:\windows\system32\atrace32.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll TB: {35065594-9169-4A34-B167-FC4865038E53} - No File uRun: [AIM] "c:\program files\aim7\aim.exe" /d locale=en-US mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime StartupFolder: c:\docume~1\austin~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: microsoft.com\www.update DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1288273749000 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 68.87.74.166 68.87.68.166 TCP: Interfaces\{84427DA0-3E60-4434-A20D-072958FA2AF7} : DhcpNameServer = 68.87.74.166 68.87.68.166 AppInit_DLLs: c:\windows\system32\msnetobj32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\austin gustafson\application data\mozilla\firefox\profiles\l2hqcyhh.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://us.mg4.mail.yahoo.com/dc/launch?.gx=1&.rand=agt92ikbk8pjs FF - prefs.js: keyword.URL - hxxp://eis.esnips.com/page/search_provider/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d&q= FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 53798 FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(general.useragent.extra.brc, BRI/1 . ============= SERVICES / DRIVERS =============== . R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-5-24 12112] R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-5-24 194264] R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-5-24 103384] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-24 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-24 309848] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-24 19544] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-24 42184] R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2011-5-24 121000] R2 seclogon32;Secondary Logon ;c:\windows\system32\wmpps32.exe [2011-8-16 706560] S1 MpKsl31ac5a10;MpKsl31ac5a10;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f2b2981-7335-4d85-8336-a79b99ac6dae}\mpksl31ac5a10.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f2b2981-7335-4d85-8336-a79b99ac6dae}\MpKsl31ac5a10.sys [?] S1 MpKsl461828cc;MpKsl461828cc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{00eb6557-3a6b-4166-a43a-92d7c281ce8a}\mpksl461828cc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{00eb6557-3a6b-4166-a43a-92d7c281ce8a}\MpKsl461828cc.sys [?] S1 MpKsl71a9ace2;MpKsl71a9ace2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{05e2efc4-e7b4-46cb-9901-ed4033ea5cec}\mpksl71a9ace2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{05e2efc4-e7b4-46cb-9901-ed4033ea5cec}\MpKsl71a9ace2.sys [?] S1 MpKslc7de6f4b;MpKslc7de6f4b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f2b2981-7335-4d85-8336-a79b99ac6dae}\mpkslc7de6f4b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f2b2981-7335-4d85-8336-a79b99ac6dae}\MpKslc7de6f4b.sys [?] S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\austin~1\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\austin~1\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?] S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\austin~1\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\austin~1\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-18 41272] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-08-18 13:07:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-18 13:07:48 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-18 09:47:58 0 ---ha-w- c:\documents and settings\austin gustafson\irgmpnstoq.tmp 2011-08-18 01:18:06 155136 ----a-w- c:\windows\system32\msnetobj32.dll 2011-08-17 13:02:55 1152 ----a-w- c:\windows\system32\windrv.sys 2011-08-16 12:11:04 706560 ----a-w- c:\windows\system32\atrace32.exe 2011-08-16 12:10:52 706560 ----a-w- c:\windows\system32\wmpps32.exe 2011-08-16 12:10:40 328704 ----a-w- c:\windows\system32\atrace32.dll 2011-08-10 04:29:47 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-10 04:29:24 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys . ==================== Find3M ==================== . 2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr 2011-07-04 11:37:33 103384 ----a-w- c:\windows\system32\drivers\aswFW.sys 2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-07-04 11:36:18 194264 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe 2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 9:36:55.89 =============== -------------------------------------------------------------------------------------- Hi, I just want to report that I've been experiencing a lot of redirects to several different sites from my google searches as of late. Thanks. attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.