Jump to content

Recommended Posts

Would an admin please delete this topic? http://forums.malwarebytes.org/index.php?showtopic=81026 I realize now that i should have put the logs in.

here are the logs. I'm also having malwarebytes scan again

Malwarebytes

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6253

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

4/3/2011 5:52:51 AM

mbam-log-2011-04-03 (05-52-51).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 305465

Time elapsed: 1 hour(s), 46 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP1606\A0210373.exe (Trojan.Agent) -> Quarantined and deleted successfully.

here is a newer log that doesnt show any infections. I also have older logs from a past infection i think malwarebytes fixed completely if you want to see those

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6292

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

4/7/2011 12:24:34 AM

mbam-log-2011-04-07 (00-24-33).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 100261

Time elapsed: 50 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Leo at 20:20:27.83 on Wed 04/06/2011

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.120 [GMT -5:00]

.

AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: Norton Internet Worm Protection *Disabled*

FW: AVG Firewall *Enabled*

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgfws.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\AVG\AVG10\avgam.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Documents and Settings\Leo\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page =

uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us

uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us

uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061113

uInternet Settings,ProxyOverride = <local>

mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File

BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"

uRun: [appmapNetM] rundll32.exe "c:\documents and settings\leo\local settings\application data\isamobilecdrom\appmapNetM.dll",isaapiPath EapMainPath

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\leo\start menu\programs\imvu\Run IMVU.lnk

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188932869063

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\leo\applic~1\mozilla\firefox\profiles\hvtntsy1.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.blackle.com/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc6e681&v=6.103.018.001&i=29&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\documents and settings\leo\application data\mozilla\firefox\profiles\hvtntsy1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\documents and settings\leo\application data\mozilla\firefox\profiles\hvtntsy1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

FF - component: c:\documents and settings\leo\application data\mozilla\firefox\profiles\hvtntsy1.default\extensions\gamebox@toolbar\components\toolbarhomewmp.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\documents and settings\leo\application data\mozilla\firefox\profiles\hvtntsy1.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll

FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com

FF - Ext: XHTML Ruby Support: {0620B69D-7B58-416d-A92A-0198860C2757} - %profile%\extensions\{0620B69D-7B58-416d-A92A-0198860C2757}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: GameBox: gamebox@toolbar - %profile%\extensions\gamebox@toolbar

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Amazon Wish List: amznUWL@amazon.com - %profile%\extensions\amznUWL@amazon.com

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realplayer\browserrecord\firefox\ext

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.01.01);user_pref(general.useragent.extra.zencast,

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]

R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2010-11-22 3226632]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]

R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2007-2-28 3744]

R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2007-2-28 3904]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 26192]

R3 whmice2k;Advanced Wheel Mouse Upper Filter Driver;c:\windows\system32\drivers\whmice2k.sys [2004-4-25 6885]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-31 135664]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-4-7 16512]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-6 947528]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]

S3 SaiHFF0C;SaiHFF0C;c:\windows\system32\drivers\SaiHFF0C.sys [2006-12-23 56576]

S3 SaiUFF0C;SaiUFF0C;c:\windows\system32\drivers\saiuFF0C.sys [2006-12-23 19584]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]

S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [2007-1-25 6784]

S3 XDva134;XDva134;\??\c:\windows\system32\xdva134.sys --> c:\windows\system32\XDva134.sys [?]

.

=============== Created Last 30 ================

.

2011-04-07 00:37:29 -------- dc----w- c:\docume~1\leo\applic~1\AVG10

2011-04-07 00:35:18 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\Common Files

2011-04-07 00:34:53 -------- dc----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar

2011-04-07 00:30:51 -------- dc----w- c:\windows\system32\drivers\AVG

2011-04-07 00:30:51 -------- dc----w- c:\docume~1\alluse~1\applic~1\AVG10

2011-04-07 00:23:28 -------- dc-h--w- C:\$AVG

2011-04-07 00:12:20 -------- dc----w- c:\docume~1\alluse~1\applic~1\MFAData

.

==================== Find3M ====================

.

2011-02-09 13:53:52 270848 -c--a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 -c--a-w- c:\windows\system32\encdec.dll

2011-02-02 07:58:35 2067456 -c--a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57:06 677888 -c--a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44:37 439296 -c--a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09:02 290048 -c--a-w- c:\windows\system32\atmfd.dll

.

============= FINISH: 20:22:18.63 ===============

I also had a problem running defogger so I'll include that log

Let me know if you need me to post anything else. Any help would be greatly appreciated. I need this computer for school.

ark.zip

Attach.zip

defogger_disable.zip

Link to post
Share on other sites

Hello miysis! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.
  • Post all of your log files, don't attach them.

Would an admin please delete this topic? http://forums.malwarebytes.org/index.php?showtopic=81026 I realize now that i should have put the logs in.

Will be done. :)

Step 1

Going over your logs I noticed that you have

Link to post
Share on other sites

ComboFix log

ComboFix 11-04-04.02 - Leo 04/07/2011 20:14:00.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.241 [GMT -5:00]

Running from: c:\documents and settings\Leo\Desktop\Combo-Fix.exe

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\AutoRun.inf

c:\windows\system32\html

c:\windows\system32\html\calendar.html

c:\windows\system32\html\calendarbottom.html

c:\windows\system32\html\calendartop.html

c:\windows\system32\html\crystalexportdialog.htm

c:\windows\system32\html\crystalprinthost.html

c:\windows\system32\images

c:\windows\system32\images\toolbar\calendar.gif

c:\windows\system32\images\toolbar\crlogo.gif

c:\windows\system32\images\toolbar\export.gif

c:\windows\system32\images\toolbar\export_over.gif

c:\windows\system32\images\toolbar\exportd.gif

c:\windows\system32\images\toolbar\First.gif

c:\windows\system32\images\toolbar\first_over.gif

c:\windows\system32\images\toolbar\Firstd.gif

c:\windows\system32\images\toolbar\gotopage.gif

c:\windows\system32\images\toolbar\gotopage_over.gif

c:\windows\system32\images\toolbar\gotopaged.gif

c:\windows\system32\images\toolbar\grouptree.gif

c:\windows\system32\images\toolbar\grouptree_over.gif

c:\windows\system32\images\toolbar\grouptreed.gif

c:\windows\system32\images\toolbar\grouptreepressed.gif

c:\windows\system32\images\toolbar\Last.gif

c:\windows\system32\images\toolbar\last_over.gif

c:\windows\system32\images\toolbar\Lastd.gif

c:\windows\system32\images\toolbar\Next.gif

c:\windows\system32\images\toolbar\next_over.gif

c:\windows\system32\images\toolbar\Nextd.gif

c:\windows\system32\images\toolbar\Prev.gif

c:\windows\system32\images\toolbar\prev_over.gif

c:\windows\system32\images\toolbar\Prevd.gif

c:\windows\system32\images\toolbar\print.gif

c:\windows\system32\images\toolbar\print_over.gif

c:\windows\system32\images\toolbar\printd.gif

c:\windows\system32\images\toolbar\Refresh.gif

c:\windows\system32\images\toolbar\refresh_over.gif

c:\windows\system32\images\toolbar\refreshd.gif

c:\windows\system32\images\toolbar\Search.gif

c:\windows\system32\images\toolbar\search_over.gif

c:\windows\system32\images\toolbar\searchd.gif

c:\windows\system32\images\toolbar\up.gif

c:\windows\system32\images\toolbar\up_over.gif

c:\windows\system32\images\toolbar\upd.gif

c:\windows\system32\images\tree\begindots.gif

c:\windows\system32\images\tree\beginminus.gif

c:\windows\system32\images\tree\beginplus.gif

c:\windows\system32\images\tree\blank.gif

c:\windows\system32\images\tree\blankdots.gif

c:\windows\system32\images\tree\dots.gif

c:\windows\system32\images\tree\lastdots.gif

c:\windows\system32\images\tree\lastminus.gif

c:\windows\system32\images\tree\lastplus.gif

c:\windows\system32\images\tree\Magnify.gif

c:\windows\system32\images\tree\minus.gif

c:\windows\system32\images\tree\minusbox.gif

c:\windows\system32\images\tree\plus.gif

c:\windows\system32\images\tree\plusbox.gif

c:\windows\system32\images\tree\singleminus.gif

c:\windows\system32\images\tree\singleplus.gif

c:\windows\system32\test.ttt

c:\windows\system32\uniq.tll

.

.

((((((((((((((((((((((((( Files Created from 2011-03-08 to 2011-04-08 )))))))))))))))))))))))))))))))

.

.

2011-04-08 01:05 . 2011-04-08 01:10 -------- dc----w- C:\Combo-Fix

2011-04-08 00:16 . 2011-04-08 00:16 -------- dc----w- c:\documents and settings\Leo\Local Settings\Application Data\AVG Security Toolbar

2011-04-07 00:37 . 2011-04-07 00:37 -------- dc----w- c:\documents and settings\Leo\Application Data\AVG10

2011-04-07 00:35 . 2011-04-07 00:35 -------- dc-h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-04-07 00:30 . 2011-04-08 00:36 -------- dc----w- c:\documents and settings\All Users\Application Data\AVG10

2011-04-07 00:12 . 2011-04-07 00:21 -------- dc----w- c:\documents and settings\All Users\Application Data\MFAData

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-09 13:53 . 2004-08-10 17:51 270848 -c--a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2004-08-10 17:51 186880 -c--a-w- c:\windows\system32\encdec.dll

2011-02-02 07:58 . 2004-08-10 18:01 2067456 -c--a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2004-08-10 18:01 677888 -c--a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2004-08-10 17:51 439296 -c--a-w- c:\windows\system32\shimgvw.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-17 389120]

"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

"Steam"="c:\program files\Steam\Steam.exe" [2011-01-07 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-10 198160]

"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 282624]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-24 118784]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 05:07 932288 -c--a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-09-23 10:47 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]

2011-02-23 21:23 2251064 -c--a-w- c:\program files\CCleaner\ccleaner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

2007-04-03 22:29 165784 -c--a-w- c:\program files\DAEMON Tools\daemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-04-02 21:11 342312 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 16:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2008-01-28 16:43 2097488 -csha-w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-01-07 01:16 1242448 -c--a-w- c:\program files\Steam\Steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2008-02-22 09:25 144784 -c--a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2009-07-18 23:15 1830128 -c--a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-02-10 11:16 198160 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

2006-12-01 03:49 4662776 -c--a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Magic Workstation\\MWSPlay.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\hpswp_EditClips.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

.

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 5:17 PM 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 5:17 PM 55024]

R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2/28/2007 1:51 AM 3744]

R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [2/28/2007 1:51 AM 3904]

R3 whmice2k;Advanced Wheel Mouse Upper Filter Driver;c:\windows\system32\drivers\whmice2k.sys [4/25/2004 7:38 PM 6885]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/31/2009 2:30 PM 135664]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [4/7/2008 9:34 PM 16512]

S3 SaiHFF0C;SaiHFF0C;c:\windows\system32\drivers\SaiHFF0C.sys [12/23/2006 7:38 PM 56576]

S3 SaiUFF0C;SaiUFF0C;c:\windows\system32\drivers\saiuFF0C.sys [12/23/2006 7:39 PM 19584]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 5:17 PM 7408]

S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [1/25/2007 10:45 AM 6784]

S3 XDva134;XDva134;\??\c:\windows\system32\XDva134.sys --> c:\windows\system32\XDva134.sys [?]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/1/2007 11:33 AM 682232]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-04-08 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-02 16:51]

.

2011-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 19:30]

.

2011-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 19:30]

.

.

------- Supplementary Scan -------

.

uStart Page =

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Leo\Start Menu\Programs\IMVU\Run IMVU.lnk

FF - ProfilePath - c:\documents and settings\Leo\Application Data\Mozilla\Firefox\Profiles\hvtntsy1.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.blackle.com/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d9d06ae&v=6.103.018.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com

FF - Ext: XHTML Ruby Support: {0620B69D-7B58-416d-A92A-0198860C2757} - %profile%\extensions\{0620B69D-7B58-416d-A92A-0198860C2757}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: GameBox: gamebox@toolbar - %profile%\extensions\gamebox@toolbar

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Amazon Wish List: amznUWL@amazon.com - %profile%\extensions\amznUWL@amazon.com

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.01.01);user_pref(general.useragent.extra.zencast,

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKCU-Run-appmapNetM - c:\documents and settings\Leo\Local Settings\Application Data\isaMobilecdrom\appmapNetM.dll

MSConfigStartUp-Orb - c:\program files\Orb Networks\Orb\bin\OrbTray.exe

MSConfigStartUp-PeerGuardian - c:\program files\PeerGuardian2\pg2.exe

MSConfigStartUp-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe

AddRemove-4Musics Multiformat Converter 4.7_is1 - c:\program files\4Musics Multiformat Converter\unins000.exe

AddRemove-Anyzip - c:\program files\AnyZip\Uninst.exe

AddRemove-AviSynth - c:\program files\AviSynth 2.5\Uninstall.exe

AddRemove-FBX Plugin 2006.08 for Max 9.0 - c:\program files\Autodesk\FBX\FbxPlugins\2006.08\Max90\Uninstall.exe

AddRemove-ffdshow_is1 - c:\program files\The FilmMachine\ffdshow\unins000.exe

AddRemove-GenericUstor2k - c:\windows\temp\ustordrv\remove.exe

AddRemove-KRISTAL Audio Engine - c:\program files\Kreatives.org\KRISTAL Audio Engine\Uninstall.exe

AddRemove-RTP - c:\program files\Yume Team\RM03\RTP\uninstall.exe

AddRemove-Total Video Converter 3.11_is1 - c:\program files\Total Video Converter\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-04-07 20:23

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1800859141-1989954271-1162210359-1008\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-1800859141-1989954271-1162210359-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)

@SACL=

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(616)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

.

Completion time: 2011-04-07 20:29:01

ComboFix-quarantined-files.txt 2011-04-08 01:28

.

Pre-Run: 17,132,515,328 bytes free

Post-Run: 17,162,850,304 bytes free

.

- - End Of File - - C7CD7CE4F64DE95A61929358FEC9339E

Link to post
Share on other sites

Open Notepad and copy and paste the text in the code box below into it:

FireFox::
FF - ProfilePath - c:\documents and settings\Leo\Application Data\Mozilla\Firefox\Profiles\hvtntsy1.default\
FF - Ext: GameBox: gamebox@toolbar - %profile%\extensions\gamebox@toolbar

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

Here's the ComboFix log you asked for

ComboFix 11-04-04.02 - Leo 04/09/2011 17:19:03.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.252 [GMT -5:00]

Running from: c:\documents and settings\Leo\Desktop\Combo-Fix.exe

Command switches used :: c:\documents and settings\Leo\Desktop\CFScript.txt

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Leo\Application Data\Mozilla\Firefox\Profiles\hvtntsy1.default\extensions\gamebox@toolbar

c:\documents and settings\Leo\Application Data\Mozilla\Firefox\Profiles\hvtntsy1.default\extensions\gamebox@toolbar\chrome.manifest

c:\documents and settings\Leo\Application Data\Mozilla\Firefox\Profiles\hvtntsy1.default\extensions\gamebox@toolbar\chrome\gamebox.jar

c:\documents and settings\Leo\Application Data\Mozilla\Firefox\Profiles\hvtntsy1.default\extensions\gamebox@toolbar\components\IToolbarhomewmp.xpt

c:\documents and settings\Leo\Application Data\Mozilla\Firefox\Profiles\hvtntsy1.default\extensions\gamebox@toolbar\components\toolbarhomewmp.dll

c:\documents and settings\Leo\Application Data\Mozilla\Firefox\Profiles\hvtntsy1.default\extensions\gamebox@toolbar\install.rdf

c:\documents and settings\Leo\Application Data\Mozilla\Firefox\Profiles\hvtntsy1.default\extensions\gamebox@toolbar\META-INF\manifest.mf

c:\documents and settings\Leo\Application Data\Mozilla\Firefox\Profiles\hvtntsy1.default\extensions\gamebox@toolbar\META-INF\PvkTmp.rsa

c:\documents and settings\Leo\Application Data\Mozilla\Firefox\Profiles\hvtntsy1.default\extensions\gamebox@toolbar\META-INF\PvkTmp.sf

.

.

((((((((((((((((((((((((( Files Created from 2011-03-09 to 2011-04-09 )))))))))))))))))))))))))))))))

.

.

2011-04-08 01:05 . 2011-04-08 01:10 -------- dc----w- C:\Combo-Fix

2011-04-08 00:16 . 2011-04-08 00:16 -------- dc----w- c:\documents and settings\Leo\Local Settings\Application Data\AVG Security Toolbar

2011-04-07 00:37 . 2011-04-07 00:37 -------- dc----w- c:\documents and settings\Leo\Application Data\AVG10

2011-04-07 00:35 . 2011-04-07 00:35 -------- dc-h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-04-07 00:30 . 2011-04-08 00:36 -------- dc----w- c:\documents and settings\All Users\Application Data\AVG10

2011-04-07 00:12 . 2011-04-07 00:21 -------- dc----w- c:\documents and settings\All Users\Application Data\MFAData

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-09 13:53 . 2004-08-10 17:51 270848 -c--a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2004-08-10 17:51 186880 -c--a-w- c:\windows\system32\encdec.dll

2011-02-02 07:58 . 2004-08-10 18:01 2067456 -c--a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2004-08-10 18:01 677888 -c--a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2004-08-10 17:51 439296 -c--a-w- c:\windows\system32\shimgvw.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-17 389120]

"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

"Steam"="c:\program files\Steam\Steam.exe" [2011-01-07 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-10 198160]

"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 282624]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-24 118784]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 05:07 932288 -c--a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-09-23 10:47 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]

2011-02-23 21:23 2251064 -c--a-w- c:\program files\CCleaner\ccleaner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

2007-04-03 22:29 165784 -c--a-w- c:\program files\DAEMON Tools\daemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-04-02 21:11 342312 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 16:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2008-01-28 16:43 2097488 -csha-w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-01-07 01:16 1242448 -c--a-w- c:\program files\Steam\Steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2008-02-22 09:25 144784 -c--a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2009-07-18 23:15 1830128 -c--a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-02-10 11:16 198160 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

2006-12-01 03:49 4662776 -c--a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Magic Workstation\\MWSPlay.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\hpswp_EditClips.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

.

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 5:17 PM 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 5:17 PM 55024]

R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2/28/2007 1:51 AM 3744]

R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [2/28/2007 1:51 AM 3904]

R3 whmice2k;Advanced Wheel Mouse Upper Filter Driver;c:\windows\system32\drivers\whmice2k.sys [4/25/2004 7:38 PM 6885]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/31/2009 2:30 PM 135664]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [4/7/2008 9:34 PM 16512]

S3 SaiHFF0C;SaiHFF0C;c:\windows\system32\drivers\SaiHFF0C.sys [12/23/2006 7:38 PM 56576]

S3 SaiUFF0C;SaiUFF0C;c:\windows\system32\drivers\saiuFF0C.sys [12/23/2006 7:39 PM 19584]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 5:17 PM 7408]

S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [1/25/2007 10:45 AM 6784]

S3 XDva134;XDva134;\??\c:\windows\system32\XDva134.sys --> c:\windows\system32\XDva134.sys [?]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/1/2007 11:33 AM 682232]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-04-09 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-02 16:51]

.

2011-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 19:30]

.

2011-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 19:30]

.

.

------- Supplementary Scan -------

.

uStart Page =

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Leo\Start Menu\Programs\IMVU\Run IMVU.lnk

FF - ProfilePath - c:\documents and settings\Leo\Application Data\Mozilla\Firefox\Profiles\hvtntsy1.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.blackle.com/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d9d06ae&v=6.103.018.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com

FF - Ext: XHTML Ruby Support: {0620B69D-7B58-416d-A92A-0198860C2757} - %profile%\extensions\{0620B69D-7B58-416d-A92A-0198860C2757}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Amazon Wish List: amznUWL@amazon.com - %profile%\extensions\amznUWL@amazon.com

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.01.01);user_pref(general.useragent.extra.zencast,

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-04-09 17:28

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1800859141-1989954271-1162210359-1008\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-1800859141-1989954271-1162210359-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)

@SACL=

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(616)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

.

Completion time: 2011-04-09 17:33:49

ComboFix-quarantined-files.txt 2011-04-09 22:33

ComboFix2.txt 2011-04-08 01:29

.

Pre-Run: 17,154,076,672 bytes free

Post-Run: 17,165,647,872 bytes free

.

- - End Of File - - DE768265EB0EE3676FA0DF559F0E4DC7

Link to post
Share on other sites

  • Staff

miysis,

My apologies for the delay. Maniac is unavailable and I will be taking over.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

ESET

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

can not get scanner. e_gle=1001

DLL:pipe not connected. attempts=120

# version=7

# iexplore.exe=7.00.6000.17095 (vista_gdr.101217-1830)

# OnlineScanner.ocx=1.0.0.6425

# api_version=3.0.2

# EOSSerial=d21297e58c6dac4ebb4d8676794254c7

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-04-14 12:43:48

# local_time=2011-04-13 07:43:48 (-0600, Central Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1024 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=131596

# found=0

# cleaned=0

# scan_time=3918

Security Check

Results of screen317's Security Check version 0.99.10

Windows XP Service Pack 3

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Online Scanner v3

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 17

Java SE Runtime Environment 6 Update 1

Java 6 Update 2

Java 6 Update 3

Java 6 Update 5

Out of date Java installed!

Adobe Flash Player 10.1.102.64

Adobe Reader 9.4.1

Out of date Adobe Reader installed!

Mozilla Firefox (3.6.16) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Java

Link to post
Share on other sites

The computer seems to be working great now. I still have some programs I was wondering about because they were not exactly like the ones you mentioned. I was wondering if they were redundant.

J2SE Runtime Environment 5.0 Update 10

J2SE Runtime Environment 5.0 Update 11

J2SE Runtime Environment 5.0 Update 6

Mbam log

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6369

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4/15/2011 12:51:44 PM

mbam-log-2011-04-15 (12-51-44).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 304744

Time elapsed: 1 hour(s), 28 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Staff

Hi,

J2SE Runtime Environment 5.0 Update 10

J2SE Runtime Environment 5.0 Update 11

J2SE Runtime Environment 5.0 Update 6

Yes, please uninstall these outdated versions of Java.

Run SecurityCheck again and post its log.

Check Windows Update again and see if anything else is available.

Let me know what issues remain. :)

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.