Jump to content

Possible Infection Disrupting Use Of Internet Explorer/Firefox


Recommended Posts

My wife has been having problems with Internet Explorer not functioning properly or not functioning at all...Firefox runs intermittently...suspect I have some kind of infection and request your help. I am providing the attached logs to help in troubleshooting the problem. Thank you in advance for any assistance.

I ran MBAM and didn't get a log file...nothing showed infected....

DDS.txt

Attach.zip

Link to post
Share on other sites

Hello Tony Haney! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In your next reply, please include these log(s):

  1. Malwarebytes' Anti-Malware log
  2. a new fresh DDS log only

Link to post
Share on other sites

Hi Borislav: Thank you for providing your assistance. My apologies in not responding more quickly, I was on a business trip away from this computer. I have accomplished what you have asked. I ran MBAM with database version 5348. It reported no infections and it is not generating any kind of log file (there are no files showing in the Log tab) which I think is very strange. I have attached a fresh DDS log text file. I am ready to proceed to the next step...

.

Hello Tony Haney! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In your next reply, please include these log(s):

  1. Malwarebytes' Anti-Malware log
  2. a new fresh DDS log only

DDS_18_Dec.txt

Link to post
Share on other sites

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

Hello: My apologies for the delay...I was out of town visiting family for the holiday and did not have my laptop with me. I've run the latest version of Combo Fix as you requested. I've attached the file and also have inserted the text below. Please let me know what I should do next. Thank you again for your assistance.

ComboFix 10-12-26.01 - Home 12/26/2010 16:09:04.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.545 [GMT -5:00]

Running from: C:\Documents and Settings\Home\Desktop\Combo-Fix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: PC Tools Firewall Plus *Disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Microsoft

C:\Documents and Settings\All Users\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat

C:\Documents and Settings\All Users\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat

C:\install.exe

C:\WINDOWS\system32\Oeminfo.ini

C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdddrpp.dll

.

((((((((((((((((((((((((( Files Created from 2010-11-26 to 2010-12-26 )))))))))))))))))))))))))))))))

.

2010-12-26 21:09:03 . 2010-11-10 04:33:37 6273872 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7477390B-7EB2-4353-9D63-561892BC8833}\mpengine.dll

2010-12-20 12:22:59 . 2010-12-20 12:22:59 -------- d-----w- C:\Program Files\Lotus iNotes

2010-12-20 02:48:27 . 2010-12-20 02:48:27 -------- d-----w- C:\Documents and Settings\LocalService\Application Data\Apple Computer

2010-12-17 01:39:58 . 2010-11-02 15:17:02 40960 ------w- C:\WINDOWS\system32\dllcache\ndproxy.sys

2010-12-17 01:37:45 . 2010-10-11 14:59:30 45568 ------w- C:\WINDOWS\system32\dllcache\wab.exe

2010-12-14 04:29:06 . 2010-12-14 04:29:06 -------- d-----w- C:\Program Files\ESET

2010-12-14 02:00:29 . 2009-06-30 15:37:16 28552 ----a-w- C:\WINDOWS\system32\drivers\pavboot.sys

2010-12-14 01:59:28 . 2010-12-14 01:59:28 -------- d-----w- C:\Program Files\Panda Security

2010-12-14 01:22:19 . 2010-12-14 01:22:25 -------- d-----w- C:\Documents and Settings\Home\Application Data\QuickScan

2010-12-09 14:22:23 . 2010-12-09 14:22:23 -------- d-----w- C:\Program Files\iPod

2010-12-09 14:22:04 . 2010-12-09 14:23:22 -------- d-----w- C:\Program Files\iTunes

2010-12-09 14:16:09 . 2010-12-09 14:16:11 -------- d-----w- C:\Program Files\Bonjour

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-29 22:42:18 . 2008-11-26 02:35:14 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2010-11-29 22:42:06 . 2008-11-26 02:35:18 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2010-11-18 18:12:44 . 2004-08-10 15:00:00 81920 ----a-w- C:\WINDOWS\system32\isign32.dll

2010-11-10 04:33:37 . 2009-11-15 19:18:58 6273872 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2010-11-06 00:34:12 . 2004-08-10 15:00:00 832512 ----a-w- C:\WINDOWS\system32\wininet.dll

2010-11-06 00:34:11 . 2004-08-10 15:00:00 78336 ----a-w- C:\WINDOWS\system32\ieencode.dll

2010-11-06 00:34:11 . 2004-08-10 15:00:00 1830912 ----a-w- C:\WINDOWS\system32\inetcpl.cpl

2010-11-06 00:34:11 . 2004-08-10 15:00:00 17408 ----a-w- C:\WINDOWS\system32\corpol.dll

2010-11-03 12:25:53 . 2004-08-10 15:00:00 389120 ----a-w- C:\WINDOWS\system32\html.iec

2010-11-02 15:17:02 . 2004-08-10 15:00:00 40960 ----a-w- C:\WINDOWS\system32\drivers\ndproxy.sys

2010-10-28 13:13:22 . 2004-08-10 15:00:00 290048 ----a-w- C:\WINDOWS\system32\atmfd.dll

2010-10-26 13:25:00 . 2004-08-10 15:00:00 1853312 ----a-w- C:\WINDOWS\system32\win32k.sys

2010-10-19 20:51:33 . 2009-10-03 11:12:22 222080 ------w- C:\WINDOWS\system32\MpSigStub.exe

2010-10-14 23:44:02 . 2010-10-14 23:44:02 4280320 ----a-w- C:\WINDOWS\system32\GPhotos.scr

2010-10-07 17:23:02 . 2010-10-07 17:23:02 91424 ----a-w- C:\WINDOWS\system32\dnssd.dll

2010-10-07 17:23:02 . 2010-10-07 17:23:02 75040 ----a-w- C:\WINDOWS\system32\jdns_sd.dll

2010-10-07 17:23:02 . 2010-10-07 17:23:02 197920 ----a-w- C:\WINDOWS\system32\dnssdX.dll

2010-10-07 17:23:02 . 2010-10-07 17:23:02 107808 ----a-w- C:\WINDOWS\system32\dns-sd.exe

2010-09-28 20:44:52 . 2009-12-25 18:10:32 41984 ----a-w- C:\WINDOWS\system32\drivers\usbaapl.sys

2010-09-28 20:44:52 . 2009-12-25 18:10:32 4184352 ----a-w- C:\WINDOWS\system32\usbaaplrc.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="C:\Documents and Settings\Home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-05-23 19:11:04 136176]

"QuickenScheduledUpdates"="C:\Program Files\Quicken\bagent.exe" [2010-06-02 20:22:38 77656]

"OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 06:58:36 718208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-02 02:05:00 344064]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 19:36:40 827392]

"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 15:57:10 405504]

"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 21:26:42 233534]

"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 20:45:58 507904]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 23:50:18 81920]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 04:56:34 64512]

"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 14:49:16 2652056]

"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 17:08:54 49208]

"MSSE"="c:\Program Files\Microsoft Security Essentials\msseces.exe" [2010-09-15 08:34:02 1094224]

"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 18:54:26 91520]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2010-09-08 15:17:42 421888]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-11-18 01:59:04 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 06:09:14 519584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 17:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21:41 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]

backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Home^Start Menu^Programs^Startup^Microsoft SharePoint Workspace.lnk]

backup=C:\WINDOWS\pss\Microsoft SharePoint Workspace.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmazonGSDownloaderTray]

2009-10-23 17:31:44 326144 ----a-w- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANT Agent]

2010-05-20 18:34:30 12026216 ----a-w- C:\Garmin\ANT Agent\ANT Agent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-05-23 19:11:04 136176 ----atw- C:\Documents and Settings\Home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

2007-01-01 21:22:02 3739648 ----a-w- C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-11-18 01:59:04 421160 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

2005-12-12 18:39:52 94208 ----a-w- C:\Program Files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 15:17:42 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-05-13 22:57:20 26192168 ----a-r- D:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\WINDOWS\\system32\\lxddcoms.exe"=

"D:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"C:\\Documents and Settings\\Home\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"C:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=

"C:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"C:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"C:\\Program Files\\Sococo\\HUD\\Sococo.exe"=

"C:\\Program Files\\Sococo\\SococoService.exe"=

"D:\\Program Files\\Skype\\Phone\\Skype.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [12/13/2010 9:00:29 PM 28552]

R1 pctgntdi;pctgntdi;C:\WINDOWS\system32\drivers\pctgntdi.sys [5/24/2009 11:43:23 AM 159600]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25:48 PM 12872]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41:30 PM 67656]

R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe -service --> C:\WINDOWS\system32\lxddcoms.exe -service [?]

R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [9/17/2010 12:14:28 AM 196912]

R2 PCTAppEvent;PCTAppEvent Driver;C:\WINDOWS\system32\drivers\PCTAppEvent.sys [5/24/2009 11:43:25 AM 73840]

R2 SococoSvc;Sococo Service;C:\Program Files\Sococo\SococoService.exe [10/15/2010 12:27:46 PM 35016]

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\drivers\HSFHWATI.sys [8/22/2005 4:06:00 AM 231424]

R3 pctplfw;pctplfw;C:\WINDOWS\system32\drivers\pctplfw.sys [5/24/2009 11:42:57 AM 95640]

S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [1/25/2010 8:29:05 PM 401920]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 9:25:22 AM 30969208]

S3 NUVision;NUVision II Video Service;C:\WINDOWS\system32\drivers\nuvvid2.sys [10/22/2007 6:21:35 PM 153760]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37:50 PM 4640000]

S3 PSI;PSI;C:\WINDOWS\system32\drivers\psi_mf.sys [6/17/2009 7:20:34 AM 12648]

.

Contents of the 'Scheduled Tasks' folder

2010-12-14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57:18 . 2008-07-30 16:34:12]

2010-12-26 C:\WINDOWS\Tasks\GlaryInitialize.job

- C:\Program Files\Glary Utilities\initialize.exe [2010-01-23 14:48:24 . 2010-11-24 15:47:04]

2010-12-26 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2115378315-2538759319-2741073628-1005Core.job

- C:\Documents and Settings\Home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-23 19:11:09 . 2010-05-23 19:11:04]

2010-12-26 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2115378315-2538759319-2741073628-1005UA.job

- C:\Documents and Settings\Home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-23 19:11:09 . 2010-05-23 19:11:04]

2010-12-26 C:\WINDOWS\Tasks\MP Scheduled Scan.job

- c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40:42 . 2010-03-26 01:40:42]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/go/notebookaccessories

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr/200

IE: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105

TCP: {644741CF-8E8B-436E-BDE5-DDA4D2C14E03} = 71.252.0.12 68.237.161.12

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

DPF: {5BDBA960-6534-11D3-97C7-00500422B550} - hxxps://amer-ml22.amer.csc.com/download/dolcontrol.cab

FF - ProfilePath - C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\e7rfrmjt.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - C:\Program Files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Move Media Player: moveplayer@movenetworks.com - C:\Documents and Settings\Home\Application Data\Move Networks

.

- - - - ORPHANS REMOVED - - - -

SafeBoot-AVG Anti-Spyware Driver

SafeBoot-AVG Anti-Spyware Guard

AddRemove-{5D26BF7B-BEF6-477D-8FC1-0C1C159B6364}_is1 - C:\Program Files\Quicksys\RegDefrag\unins000.exe

ComboFix.txt

Link to post
Share on other sites

Yes....

I've re-posted below...made sure I did a Select All from the Text file...appears to be the same as what I posted earlier...Should I re-run Combo fix to be sure...

ComboFix 10-12-26.01 - Home 12/26/2010 16:09:04.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.545 [GMT -5:00]

Running from: C:\Documents and Settings\Home\Desktop\Combo-Fix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: PC Tools Firewall Plus *Disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Microsoft

C:\Documents and Settings\All Users\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat

C:\Documents and Settings\All Users\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat

C:\install.exe

C:\WINDOWS\system32\Oeminfo.ini

C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdddrpp.dll

.

((((((((((((((((((((((((( Files Created from 2010-11-26 to 2010-12-26 )))))))))))))))))))))))))))))))

.

2010-12-26 21:09:03 . 2010-11-10 04:33:37 6273872 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7477390B-7EB2-4353-9D63-561892BC8833}\mpengine.dll

2010-12-20 12:22:59 . 2010-12-20 12:22:59 -------- d-----w- C:\Program Files\Lotus iNotes

2010-12-20 02:48:27 . 2010-12-20 02:48:27 -------- d-----w- C:\Documents and Settings\LocalService\Application Data\Apple Computer

2010-12-17 01:39:58 . 2010-11-02 15:17:02 40960 ------w- C:\WINDOWS\system32\dllcache\ndproxy.sys

2010-12-17 01:37:45 . 2010-10-11 14:59:30 45568 ------w- C:\WINDOWS\system32\dllcache\wab.exe

2010-12-14 04:29:06 . 2010-12-14 04:29:06 -------- d-----w- C:\Program Files\ESET

2010-12-14 02:00:29 . 2009-06-30 15:37:16 28552 ----a-w- C:\WINDOWS\system32\drivers\pavboot.sys

2010-12-14 01:59:28 . 2010-12-14 01:59:28 -------- d-----w- C:\Program Files\Panda Security

2010-12-14 01:22:19 . 2010-12-14 01:22:25 -------- d-----w- C:\Documents and Settings\Home\Application Data\QuickScan

2010-12-09 14:22:23 . 2010-12-09 14:22:23 -------- d-----w- C:\Program Files\iPod

2010-12-09 14:22:04 . 2010-12-09 14:23:22 -------- d-----w- C:\Program Files\iTunes

2010-12-09 14:16:09 . 2010-12-09 14:16:11 -------- d-----w- C:\Program Files\Bonjour

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-29 22:42:18 . 2008-11-26 02:35:14 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2010-11-29 22:42:06 . 2008-11-26 02:35:18 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2010-11-18 18:12:44 . 2004-08-10 15:00:00 81920 ----a-w- C:\WINDOWS\system32\isign32.dll

2010-11-10 04:33:37 . 2009-11-15 19:18:58 6273872 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2010-11-06 00:34:12 . 2004-08-10 15:00:00 832512 ----a-w- C:\WINDOWS\system32\wininet.dll

2010-11-06 00:34:11 . 2004-08-10 15:00:00 78336 ----a-w- C:\WINDOWS\system32\ieencode.dll

2010-11-06 00:34:11 . 2004-08-10 15:00:00 1830912 ----a-w- C:\WINDOWS\system32\inetcpl.cpl

2010-11-06 00:34:11 . 2004-08-10 15:00:00 17408 ----a-w- C:\WINDOWS\system32\corpol.dll

2010-11-03 12:25:53 . 2004-08-10 15:00:00 389120 ----a-w- C:\WINDOWS\system32\html.iec

2010-11-02 15:17:02 . 2004-08-10 15:00:00 40960 ----a-w- C:\WINDOWS\system32\drivers\ndproxy.sys

2010-10-28 13:13:22 . 2004-08-10 15:00:00 290048 ----a-w- C:\WINDOWS\system32\atmfd.dll

2010-10-26 13:25:00 . 2004-08-10 15:00:00 1853312 ----a-w- C:\WINDOWS\system32\win32k.sys

2010-10-19 20:51:33 . 2009-10-03 11:12:22 222080 ------w- C:\WINDOWS\system32\MpSigStub.exe

2010-10-14 23:44:02 . 2010-10-14 23:44:02 4280320 ----a-w- C:\WINDOWS\system32\GPhotos.scr

2010-10-07 17:23:02 . 2010-10-07 17:23:02 91424 ----a-w- C:\WINDOWS\system32\dnssd.dll

2010-10-07 17:23:02 . 2010-10-07 17:23:02 75040 ----a-w- C:\WINDOWS\system32\jdns_sd.dll

2010-10-07 17:23:02 . 2010-10-07 17:23:02 197920 ----a-w- C:\WINDOWS\system32\dnssdX.dll

2010-10-07 17:23:02 . 2010-10-07 17:23:02 107808 ----a-w- C:\WINDOWS\system32\dns-sd.exe

2010-09-28 20:44:52 . 2009-12-25 18:10:32 41984 ----a-w- C:\WINDOWS\system32\drivers\usbaapl.sys

2010-09-28 20:44:52 . 2009-12-25 18:10:32 4184352 ----a-w- C:\WINDOWS\system32\usbaaplrc.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="C:\Documents and Settings\Home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-05-23 19:11:04 136176]

"QuickenScheduledUpdates"="C:\Program Files\Quicken\bagent.exe" [2010-06-02 20:22:38 77656]

"OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 06:58:36 718208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-02 02:05:00 344064]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 19:36:40 827392]

"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 15:57:10 405504]

"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 21:26:42 233534]

"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 20:45:58 507904]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 23:50:18 81920]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 04:56:34 64512]

"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 14:49:16 2652056]

"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 17:08:54 49208]

"MSSE"="c:\Program Files\Microsoft Security Essentials\msseces.exe" [2010-09-15 08:34:02 1094224]

"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 18:54:26 91520]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2010-09-08 15:17:42 421888]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-11-18 01:59:04 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 06:09:14 519584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 17:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21:41 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]

backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Home^Start Menu^Programs^Startup^Microsoft SharePoint Workspace.lnk]

backup=C:\WINDOWS\pss\Microsoft SharePoint Workspace.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmazonGSDownloaderTray]

2009-10-23 17:31:44 326144 ----a-w- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANT Agent]

2010-05-20 18:34:30 12026216 ----a-w- C:\Garmin\ANT Agent\ANT Agent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-05-23 19:11:04 136176 ----atw- C:\Documents and Settings\Home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

2007-01-01 21:22:02 3739648 ----a-w- C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-11-18 01:59:04 421160 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

2005-12-12 18:39:52 94208 ----a-w- C:\Program Files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 15:17:42 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-05-13 22:57:20 26192168 ----a-r- D:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\WINDOWS\\system32\\lxddcoms.exe"=

"D:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"C:\\Documents and Settings\\Home\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"C:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=

"C:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"C:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"C:\\Program Files\\Sococo\\HUD\\Sococo.exe"=

"C:\\Program Files\\Sococo\\SococoService.exe"=

"D:\\Program Files\\Skype\\Phone\\Skype.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [12/13/2010 9:00:29 PM 28552]

R1 pctgntdi;pctgntdi;C:\WINDOWS\system32\drivers\pctgntdi.sys [5/24/2009 11:43:23 AM 159600]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25:48 PM 12872]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41:30 PM 67656]

R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe -service --> C:\WINDOWS\system32\lxddcoms.exe -service [?]

R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [9/17/2010 12:14:28 AM 196912]

R2 PCTAppEvent;PCTAppEvent Driver;C:\WINDOWS\system32\drivers\PCTAppEvent.sys [5/24/2009 11:43:25 AM 73840]

R2 SococoSvc;Sococo Service;C:\Program Files\Sococo\SococoService.exe [10/15/2010 12:27:46 PM 35016]

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\drivers\HSFHWATI.sys [8/22/2005 4:06:00 AM 231424]

R3 pctplfw;pctplfw;C:\WINDOWS\system32\drivers\pctplfw.sys [5/24/2009 11:42:57 AM 95640]

S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [1/25/2010 8:29:05 PM 401920]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 9:25:22 AM 30969208]

S3 NUVision;NUVision II Video Service;C:\WINDOWS\system32\drivers\nuvvid2.sys [10/22/2007 6:21:35 PM 153760]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37:50 PM 4640000]

S3 PSI;PSI;C:\WINDOWS\system32\drivers\psi_mf.sys [6/17/2009 7:20:34 AM 12648]

.

Contents of the 'Scheduled Tasks' folder

2010-12-14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57:18 . 2008-07-30 16:34:12]

2010-12-26 C:\WINDOWS\Tasks\GlaryInitialize.job

- C:\Program Files\Glary Utilities\initialize.exe [2010-01-23 14:48:24 . 2010-11-24 15:47:04]

2010-12-26 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2115378315-2538759319-2741073628-1005Core.job

- C:\Documents and Settings\Home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-23 19:11:09 . 2010-05-23 19:11:04]

2010-12-26 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2115378315-2538759319-2741073628-1005UA.job

- C:\Documents and Settings\Home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-23 19:11:09 . 2010-05-23 19:11:04]

2010-12-26 C:\WINDOWS\Tasks\MP Scheduled Scan.job

- c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40:42 . 2010-03-26 01:40:42]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/go/notebookaccessories

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr/200

IE: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105

TCP: {644741CF-8E8B-436E-BDE5-DDA4D2C14E03} = 71.252.0.12 68.237.161.12

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

DPF: {5BDBA960-6534-11D3-97C7-00500422B550} - hxxps://amer-ml22.amer.csc.com/download/dolcontrol.cab

FF - ProfilePath - C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\e7rfrmjt.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - C:\Program Files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Move Media Player: moveplayer@movenetworks.com - C:\Documents and Settings\Home\Application Data\Move Networks

.

- - - - ORPHANS REMOVED - - - -

SafeBoot-AVG Anti-Spyware Driver

SafeBoot-AVG Anti-Spyware Guard

AddRemove-{5D26BF7B-BEF6-477D-8FC1-0C1C159B6364}_is1 - C:\Program Files\Quicksys\RegDefrag\unins000.exe

Link to post
Share on other sites

No, don't worry.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, change it to Cure and then click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Link to post
Share on other sites

I've completed the action requested. Nothing suspicious was found. The log file is as follows:

2010/12/26 17:58:45.0046 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46

2010/12/26 17:58:45.0046 ================================================================================

2010/12/26 17:58:45.0046 SystemInfo:

2010/12/26 17:58:45.0046

2010/12/26 17:58:45.0046 OS Version: 5.1.2600 ServicePack: 3.0

2010/12/26 17:58:45.0046 Product type: Workstation

2010/12/26 17:58:45.0046 ComputerName: WIESBADEN

2010/12/26 17:58:45.0046 UserName: Home

2010/12/26 17:58:45.0046 Windows directory: C:\WINDOWS

2010/12/26 17:58:45.0046 System windows directory: C:\WINDOWS

2010/12/26 17:58:45.0046 Processor architecture: Intel x86

2010/12/26 17:58:45.0046 Number of processors: 1

2010/12/26 17:58:45.0046 Page size: 0x1000

2010/12/26 17:58:45.0046 Boot type: Normal boot

2010/12/26 17:58:45.0046 ================================================================================

2010/12/26 17:58:46.0734 Initialize success

2010/12/26 17:58:52.0609 ================================================================================

2010/12/26 17:58:52.0609 Scan started

2010/12/26 17:58:52.0609 Mode: Manual;

2010/12/26 17:58:52.0609 ================================================================================

2010/12/26 17:58:53.0437 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys

2010/12/26 17:58:53.0625 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/12/26 17:58:53.0671 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2010/12/26 17:58:53.0781 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/12/26 17:58:53.0875 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/12/26 17:58:54.0015 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2010/12/26 17:58:54.0125 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

2010/12/26 17:58:54.0203 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/12/26 17:58:54.0421 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/12/26 17:58:54.0640 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/12/26 17:58:54.0796 ati2mtag (d81980c64543ba5c39dd2a92dc1d2daf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/12/26 17:58:55.0062 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/12/26 17:58:55.0156 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/12/26 17:58:55.0203 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys

2010/12/26 17:58:55.0328 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

2010/12/26 17:58:55.0500 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/12/26 17:58:55.0625 BTWUSB (e76dc88f00d50f46072feb2371769978) C:\WINDOWS\system32\Drivers\btwusb.sys

2010/12/26 17:58:55.0687 CAMCAUD (c2ef37f09cfee9665e6cd7c0b0afb84f) C:\WINDOWS\system32\drivers\camc6aud.sys

2010/12/26 17:58:55.0765 CAMCHALA (512df898de5c0654647acd5c82f0bd99) C:\WINDOWS\system32\drivers\camc6hal.sys

2010/12/26 17:58:55.0953 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/12/26 17:58:56.0015 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/12/26 17:58:56.0109 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/12/26 17:58:56.0187 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/12/26 17:58:56.0234 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/12/26 17:58:56.0484 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/12/26 17:58:56.0562 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/12/26 17:58:56.0687 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

2010/12/26 17:58:56.0781 CVPNDRVA (1c2999966f0f36aa44eaecbee70cf770) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

2010/12/26 17:58:56.0921 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/12/26 17:58:57.0015 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/12/26 17:58:57.0125 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/12/26 17:58:57.0343 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/12/26 17:58:57.0406 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/12/26 17:58:57.0484 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys

2010/12/26 17:58:57.0578 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/12/26 17:58:57.0640 DSI_SiUSBXp_3_1 (bc9c2ef22ee0320c079e3ff9b4d29951) C:\WINDOWS\system32\drivers\DSI_SiUSBXp_3_1.sys

2010/12/26 17:58:57.0703 eabfiltr (c6aca0190ee7b614673ee0c91863b1eb) C:\WINDOWS\system32\drivers\EABFiltr.sys

2010/12/26 17:58:57.0750 eabusb (da1011db09ad641de40cd5cca70c0c43) C:\WINDOWS\system32\drivers\eabusb.sys

2010/12/26 17:58:57.0843 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/12/26 17:58:57.0921 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2010/12/26 17:58:57.0968 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/12/26 17:58:58.0031 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/12/26 17:58:58.0093 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/12/26 17:58:58.0140 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/12/26 17:58:58.0203 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/12/26 17:58:58.0296 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2010/12/26 17:58:58.0359 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/12/26 17:58:58.0640 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/12/26 17:58:58.0781 HSFHWATI (14794f142befc962ab142584607a6631) C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys

2010/12/26 17:58:58.0921 HSF_DP (f99bb4e2b462198b2b0a82d0949f0c41) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

2010/12/26 17:58:59.0093 HSF_DPV (0e44af3828111d4c3e73c33ac95226d8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2010/12/26 17:58:59.0343 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/12/26 17:58:59.0484 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/12/26 17:58:59.0546 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/12/26 17:58:59.0828 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/12/26 17:58:59.0921 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/12/26 17:58:59.0984 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/12/26 17:59:00.0078 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/12/26 17:59:00.0234 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/12/26 17:59:00.0312 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/12/26 17:59:00.0390 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/12/26 17:59:00.0468 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/12/26 17:59:00.0500 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/12/26 17:59:00.0578 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/12/26 17:59:00.0640 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/12/26 17:59:00.0796 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys

2010/12/26 17:59:00.0843 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2010/12/26 17:59:00.0921 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

2010/12/26 17:59:00.0968 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/12/26 17:59:01.0078 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/12/26 17:59:01.0125 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/12/26 17:59:01.0265 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/12/26 17:59:01.0375 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/12/26 17:59:01.0437 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

2010/12/26 17:59:01.0546 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/12/26 17:59:01.0640 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/12/26 17:59:01.0734 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys

2010/12/26 17:59:01.0781 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/12/26 17:59:01.0828 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/12/26 17:59:01.0890 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/12/26 17:59:01.0921 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/12/26 17:59:02.0015 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/12/26 17:59:02.0312 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/12/26 17:59:02.0437 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/12/26 17:59:02.0593 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/12/26 17:59:02.0687 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/12/26 17:59:02.0781 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/12/26 17:59:02.0875 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/12/26 17:59:02.0953 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/12/26 17:59:03.0031 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/12/26 17:59:03.0125 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/12/26 17:59:03.0171 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/12/26 17:59:03.0265 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/12/26 17:59:03.0406 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/12/26 17:59:03.0468 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/12/26 17:59:03.0593 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/12/26 17:59:03.0781 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/12/26 17:59:03.0921 nuvaud2 (363be28dda6160610d7361ed368f1813) C:\WINDOWS\system32\DRIVERS\nuvaud2.sys

2010/12/26 17:59:04.0187 NUVision (45c4a903426c96b5a824f69c859f9ca1) C:\WINDOWS\system32\DRIVERS\nuvvid2.sys

2010/12/26 17:59:04.0484 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/12/26 17:59:04.0515 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/12/26 17:59:04.0578 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/12/26 17:59:04.0671 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2010/12/26 17:59:04.0734 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/12/26 17:59:04.0765 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/12/26 17:59:04.0828 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys

2010/12/26 17:59:04.0859 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/12/26 17:59:04.0953 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/12/26 17:59:04.0984 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2010/12/26 17:59:05.0109 PCTAppEvent (3379e7a840de135fb7a829e03bc9cc25) C:\WINDOWS\system32\drivers\PCTAppEvent.sys

2010/12/26 17:59:05.0281 pctgntdi (bf770a5817fa8fba1402b2286a7f394c) C:\WINDOWS\system32\drivers\pctgntdi.sys

2010/12/26 17:59:05.0515 pctplfw (0eec24affc5ab0a2bbe4a6a886230aa5) C:\WINDOWS\system32\drivers\pctplfw.sys

2010/12/26 17:59:05.0812 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/12/26 17:59:05.0859 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/12/26 17:59:05.0937 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/12/26 17:59:06.0015 PSI (365622e1f0b6d5f9871d76e89bf0501a) C:\WINDOWS\system32\DRIVERS\psi_mf.sys

2010/12/26 17:59:06.0078 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/12/26 17:59:06.0156 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/12/26 17:59:06.0375 QV2KUX (0087f01d35a65b32393cc8bba46ee4a6) C:\WINDOWS\system32\DRIVERS\qv2kux.sys

2010/12/26 17:59:06.0437 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/12/26 17:59:06.0593 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/12/26 17:59:06.0734 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/12/26 17:59:06.0781 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/12/26 17:59:06.0843 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/12/26 17:59:06.0921 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/12/26 17:59:07.0000 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/12/26 17:59:07.0125 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/12/26 17:59:07.0187 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/12/26 17:59:07.0312 RTL8023xp (7889e3981e0a5d347e037abd467d53a5) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

2010/12/26 17:59:07.0406 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

2010/12/26 17:59:07.0515 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2010/12/26 17:59:07.0546 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2010/12/26 17:59:07.0687 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2010/12/26 17:59:07.0828 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/12/26 17:59:07.0937 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2010/12/26 17:59:08.0078 SFilter (975f4e44fd48c36beed30c96a115b2b8) C:\WINDOWS\system32\DRIVERS\pctfw.sys

2010/12/26 17:59:08.0171 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/12/26 17:59:08.0296 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/12/26 17:59:08.0375 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

2010/12/26 17:59:08.0468 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/12/26 17:59:08.0531 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/12/26 17:59:08.0734 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/12/26 17:59:08.0875 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2010/12/26 17:59:08.0968 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/12/26 17:59:09.0015 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/12/26 17:59:09.0078 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/12/26 17:59:09.0375 SynTP (5876072999220ef2fba1ddec86d2b97e) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2010/12/26 17:59:09.0484 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/12/26 17:59:09.0593 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/12/26 17:59:09.0718 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/12/26 17:59:09.0828 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/12/26 17:59:09.0890 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/12/26 17:59:09.0968 tifm21 (f779ba4cd37963ab4600c9871b7752a3) C:\WINDOWS\system32\drivers\tifm21.sys

2010/12/26 17:59:10.0093 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/12/26 17:59:10.0203 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/12/26 17:59:10.0296 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/12/26 17:59:10.0390 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/12/26 17:59:10.0437 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/12/26 17:59:10.0546 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/12/26 17:59:10.0687 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/12/26 17:59:10.0765 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/12/26 17:59:10.0843 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/12/26 17:59:10.0906 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/12/26 17:59:10.0937 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/12/26 17:59:11.0000 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/12/26 17:59:11.0046 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/12/26 17:59:11.0140 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys

2010/12/26 17:59:11.0281 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/12/26 17:59:11.0515 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/12/26 17:59:11.0656 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2010/12/26 17:59:11.0781 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2010/12/26 17:59:11.0875 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/12/26 17:59:11.0937 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/12/26 17:59:11.0984 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/12/26 17:59:12.0125 ================================================================================

2010/12/26 17:59:12.0125 Scan finished

2010/12/26 17:59:12.0125 ================================================================================

Link to post
Share on other sites

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Now click on Advanced Settings and select the following:

    • Remove found threats
    • Scan archives
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites

Hello:

I completed the ESET scan with the following results. Looks like I might have run this program a few weeks ago when I was trying to figure out what was going on with the computer and that during the earlier scan a few files were quarantined. I am ready to proceed further as you direct. Thank you again for the help....

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6415

# api_version=3.0.2

# EOSSerial=3d06f3fc8a4bf44799820891614b94a0

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-12-14 07:25:12

# local_time=2010-12-14 02:25:12 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=2560 16777215 100 0 0 0 0 0

# compatibility_mode=5891 16776533 100 100 0 21812699 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=118222

# found=2

# cleaned=2

# scan_time=10193

C:\MGtools\Process.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP378\A0041260.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6419

# api_version=3.0.2

# EOSSerial=3d06f3fc8a4bf44799820891614b94a0

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-12-27 04:30:30

# local_time=2010-12-27 11:30:30 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=2560 16777215 100 0 0 0 0 0

# compatibility_mode=5891 16776869 100 100 0 22975829 0 0

# compatibility_mode=8192 67108863 100 0 245505 245505 0 0

# scanned=68858

# found=0

# cleaned=0

# scan_time=2981

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6419

# api_version=3.0.2

# EOSSerial=3d06f3fc8a4bf44799820891614b94a0

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-12-30 08:23:28

# local_time=2010-12-30 03:23:28 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=2560 16777215 100 0 0 0 0 0

# compatibility_mode=5891 16776533 100 100 0 23242627 0 0

# compatibility_mode=8192 67108863 100 0 512303 512303 0 0

# scanned=117749

# found=0

# cleaned=0

# scan_time=9360

Link to post
Share on other sites

It's enough. turn them on.

Last steps:

Step 1

  1. Go to Start => Run... and copy & paste next command in the field:
    ComboFix /uninstall


  2. Then hit Enter button.

This procedure will do the following:

  • Uninstall ComboFix
  • Delete its related folders and files
  • Reset your clock settings
  • Hide file extensions
  • Hide the system/hidden files
  • Resets System Restore again

P.S.: Make sure there's a space between ComboFix and /uninstall

Step 2

Please manually delete TDSSKiller, DDS and GMER.

Step 3

Please uninstall ESET Online Scanner.

Step 4

Keep your software up-to-date:

http://www.bleepingcomputer.com/tutorials/tutorial174.html

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=9365

Safe surfing! :welcome:

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.