ladybluerr Posted November 6, 2011 ID:492193 Share Posted November 6, 2011 Hello,I have been locked out of almost everything on my pc. Malwarebytes will run for a sec then stop and disappear. Then when I go to re-run it my access is denied. I have tried to follow your self-help instructions posted in your Self Help Forum for TDL2 Rootkit infection aka WinNT-Alureon.... but that did not work because every time I tried to run the Rootkit Repeal for *files* is would shut down when it got to the "windows files". PLEASE HELP!!!!!ALSO, I have no noticed that there is a new virus that redirects to a fake yahoo search engine Link to post Share on other sites More sharing options...
Staff screen317 Posted November 10, 2011 Staff ID:493192 Share Posted November 10, 2011 Hi and welcome to Malwarebytes.Download the file TDSSKiller.zip and extract it into a folder on the infected PC.Execute the file TDSSKiller.exe by double-clicking on it.Wait for the scan and disinfection process to be over.When its work is over, the utility prompts for a reboot to complete the disinfection.By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).The log is like UtilityName.Version_Date_Time_log.txt.for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.Please post that log here.Next, download DDS by sUBs and save it to your Desktop.Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.-screen317 Link to post Share on other sites More sharing options...
ladybluerr Posted November 10, 2011 Author ID:493302 Share Posted November 10, 2011 .DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Run by Mathew at 6:22:29 on 2011-11-10.============== Running Processes ===============..============== Pseudo HJT Report ===============.uStart Page = hxxp://msn.com/uSearch Page = uDefault_Page_URL = hxxp://www.msn.comuSearch Bar = mDefault_Page_URL = hxxp://www.yahoo.commStart Page = hxxp://www.yahoo.comuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%smSearchAssistant = uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dlluURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dllmURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dllBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dllBHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No FileBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllBHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No FileEB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dllEB: {32683183-48a0-441b-a342-7c2a440a9478} - No FileuRun: [Google Update] "c:\documents and settings\mathew\local settings\application data\google\update\GoogleUpdate.exe" /cuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [nah_Shell] c:\documents and settings\mathew\nah_xvqy.exemRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymExplorerRun: [waults] c:\documents and settings\all users\application data\waults.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.htmlIE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exeIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllLSP: mswsock.dllDPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cabDPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cabDPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255025129312DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255031421296DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cabDPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cabTCP: DhcpNameServer = 172.16.10.1TCP: Interfaces\{8D0B0A99-A31C-486B-B9E2-54C59C5385C2} : DhcpNameServer = 172.16.10.1Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dllHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLNotify: avgrsstarter - avgrsstx.dllNotify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\mathew\application data\mozilla\firefox\profiles\pjwcb8xw.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=2&q=FF - component: c:\documents and settings\mathew\application data\mozilla\firefox\profiles\pjwcb8xw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dllFF - component: c:\documents and settings\mathew\application data\mozilla\firefox\profiles\pjwcb8xw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dllFF - component: c:\program files\avg\avg9\firefox\components\avgssff.dllFF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dllFF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dllFF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dllFF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dllFF - plugin: c:\documents and settings\mathew\application data\facebook\npfbplugin_1_0_3.dllFF - plugin: c:\documents and settings\mathew\application data\mozilla\firefox\profiles\pjwcb8xw.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dllFF - plugin: c:\documents and settings\mathew\application data\mozilla\plugins\npgoogletalk.dllFF - plugin: c:\documents and settings\mathew\application data\mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: c:\documents and settings\mathew\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\funwebproducts\installr\2.bin\NPFUNWEB.DLLFF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dllFF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dllFF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dllFF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dllFF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dllFF - plugin: c:\program files\microsoft silverlight\4.0.50524.0\npctrlui.dllFF - plugin: c:\program files\mozilla firefox\plugins\npgcplug.dllFF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dllFF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dllFF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dllFF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll.---- FIREFOX POLICIES ----FF - user.js: yahoo.homepage.dontask - true============= SERVICES / DRIVERS ===============..=============== Created Last 30 ================.2011-11-10 00:29:09 709968 ----a-w- c:\windows\isRS-000.tmp2011-11-08 13:32:30 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-11-08 13:32:29 -------- d-----w- C:\Malwarebytes' Anti-Malware2011-11-06 16:03:37 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-11-06 15:14:16 37760 ----a-w- c:\windows\system32\drivers\tsk30.tmp2011-11-06 15:01:10 -------- d-----w- c:\documents and settings\mathew\application data\SUPERAntiSpyware.com2011-11-06 15:01:09 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com2011-11-06 12:57:18 -------- d-----w- c:\documents and settings\mathew\New Folder2011-10-28 14:07:45 -------- d-----w- c:\documents and settings\all users\application data\MFAData2011-10-28 12:57:11 -------- d-----w- c:\windows\LMI1B.tmp2011-10-27 07:04:50 -------- d-----w- C:\832d669bcdce14cd5d2076bd2011-10-23 01:24:56 7168 ----a-w- c:\documents and settings\mathew\0.8969312446172838.exe2011-10-22 04:25:27 7168 ----a-w- c:\documents and settings\mathew\0.9222285357426925.exe2011-10-19 16:09:32 -------- d-----w- C:\?2011-10-19 00:34:36 132096 ----a-w- c:\documents and settings\mathew\nah_xvqy.exe2011-10-14 07:03:16 -------- d-----w- C:\91bfc267de54f476866a2011-10-11 21:43:42 -------- d-----w- c:\documents and settings\mathew\local settings\application data\Spotify2011-10-11 21:43:33 -------- d-----w- c:\documents and settings\mathew\application data\Spotify.==================== Find3M ====================.2011-11-09 23:07:32 48016 --sha-w- c:\windows\system32\c_96022.nl_2011-11-09 23:06:58 37760 ----a-w- c:\windows\system32\drivers\amdk7.sys2011-11-09 20:04:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-11-08 13:06:51 44544 ----a-w- c:\windows\system32\drivers\fips.sys2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-10-07 01:42:28 57600 ----a-w- c:\windows\system32\drivers\redbook.sys2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys2011-08-12 19:10:58 774144 ----a-w- c:\program files\RngInterstitial.dll.============= FINISH: 6:24:15.06 =============== Link to post Share on other sites More sharing options...
Staff screen317 Posted November 15, 2011 Staff ID:494969 Share Posted November 15, 2011 Did you run TDSSKiller as instructed?? Link to post Share on other sites More sharing options...
ladybluerr Posted November 15, 2011 Author ID:495004 Share Posted November 15, 2011 yes I did, and then all hell broke loose with my pc... had to reinstall some drivers and my print spooler kept stopping so I had to c:\windows\system32\spool and delete the driver and spooler files and reinstall them....then my keyboard went crazy so i had to reinstall the drivers for that...plus i also had that Anti-virus virus which started locking me out of the internet so i had to locate it by right clicking it and going to its properties and locate target....at that point I deleted the file.I hope that all that I've done has not in any way caused more damage then the original problem itself All in all Malwarebytes is currently working and has been for the last 2 days. Don't ask me how but it is. I was able to run it and it found 2 infected files which i quarantined. Please let me know if what i did was a no no, and if there was a correct way to resolve the issuesKee Link to post Share on other sites More sharing options...
Staff screen317 Posted November 21, 2011 Staff ID:496722 Share Posted November 21, 2011 Hi,My apologies for the delay.Please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
ladybluerr Posted November 24, 2011 Author ID:497640 Share Posted November 24, 2011 ComboFix 11-11-23.01 - Mathew 11/23/2011 16:17:51.1.1 - x86Running from: c:\documents and settings\Mathew\Desktop\ComboFix.exe * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Application Data\TEMPc:\documents and settings\All Users\Application Data\TEMP\AVG\avgfinst.datc:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avgc:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msic:\documents and settings\All Users\Application Data\TEMP\AVG\files.datc:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avgc:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avgc:\documents and settings\All Users\Application Data\TEMP\AVG\setup.datc:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exec:\documents and settings\All Users\Application Data\TEMP\AVG\setup.inic:\documents and settings\All Users\Application Data\TEMP\AVG\setupcz.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\setupda.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\setupfr.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\setupge.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\setuphu.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\setupid.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\setupin.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\setupit.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\setupjp.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\setupko.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\setupms.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\setupnl.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\setuppb.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\setuppl.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\setuppt.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\setupru.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\setupsc.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\setupsk.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\setupsp.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\setuptr.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\setupus.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\setupzh.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\setupzt.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cabc:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msic:\documents and settings\LocalService\Start Menu\Programs\Shop to Win 11c:\documents and settings\LocalService\Start Menu\Programs\Shop to Win 11\Check out Previous Winners.lnkc:\documents and settings\LocalService\Start Menu\Programs\Shop to Win 11\Frequently Asked Questions.lnkc:\documents and settings\LocalService\Start Menu\Programs\Shop to Win 11\How can I win $100,000.lnkc:\documents and settings\LocalService\Start Menu\Programs\Shop to Win 11\How can I win $500 Today.lnkc:\documents and settings\LocalService\Start Menu\Programs\Shop to Win 11\Shop To Win Privacy Policy.lnkc:\documents and settings\LocalService\Start Menu\Programs\Shop to Win 11\Shop to Win Terms and Conditions.lnkc:\documents and settings\LocalService\Start Menu\Programs\Shop to Win 11\Sweepstakes Official Rules.lnkc:\documents and settings\LocalService\Start Menu\Programs\Shop to Win 11\Uninstall.lnkc:\documents and settings\LocalService\Start Menu\Programs\Shop to Win 11\View My Shop to Win Account.lnkc:\documents and settings\LocalService\Start Menu\Programs\Shop to Win 11\Visit the Shop to Win Mall.lnkc:\documents and settings\Mathew\Application Data\Mozilla\Firefox\Profiles\pjwcb8xw.default\searchplugins\bing-zugo.xmlc:\documents and settings\Mathew\Systemc:\documents and settings\Mathew\System\win_qs8.jqxc:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}c:\windows\assembly\GAC_MSIL\desktop.inic:\windows\exe.exec:\windows\system32\ .c:\windows\system32\drivers\cdrom.sys was missing Restored copy from - c:\windows\system32\dllcache\cdrom.sys.c:\program files\AVG\AVG9\avgwdsvc.exe . . . is infected!!c:\program files\AVG\AVG9\avgwdsvc.exe . . . was deleted!! You should re-install the program it pertains to.c:\program files\AVG\AVG9\avgfws9.exe . . . is infected!!c:\program files\AVG\AVG9\avgfws9.exe . . . was deleted!! You should re-install the program it pertains to.c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe . . . is infected!!c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe . . . was deleted!! You should re-install the program it pertains to.Infected copy of c:\program files\Microsoft\BingBar\SeaPort.EXE was found and disinfected Restored copy from - c:\program files\Microsoft\BingBar\ .Infected copy of c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe was found and disinfected Restored copy from - c:\system volume information\_restore{61A03066-C4CC-4331-8D56-AFED29605E4B}\RP491\A0328631.exe .Infected copy of c:\program files\Google\Update\GoogleUpdate.exe was found and disinfected Restored copy from - c:\system volume information\_restore{61A03066-C4CC-4331-8D56-AFED29605E4B}\RP495\A0328835.exe .c:\program files\Java\jre6\bin\jqs.exe . . . is infected!!c:\program files\Java\jre6\bin\jqs.exe . . . was deleted!! You should re-install the program it pertains to.c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe . . . is infected!!c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe . . . was deleted!! You should re-install the program it pertains to..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_.i8042prt..((((((((((((((((((((((((( Files Created from 2011-10-23 to 2011-11-23 )))))))))))))))))))))))))))))))..2011-11-23 21:35 . 2008-04-13 18:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys2011-11-23 21:35 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys2011-11-20 18:42 . 2011-11-20 18:42 398760 ----a-r- c:\windows\system32\cpnprt2.cid2011-11-20 18:39 . 2011-11-20 18:42 -------- d-----w- c:\program files\Coupons2011-11-18 12:11 . 2011-11-18 15:27 -------- d-----w- C:\1ed5c16b4cbb0adcc29f44e60063332011-11-18 12:06 . 2011-11-18 12:06 -------- d-----w- C:\06fd66ed9abf5b9ab8918d59f3a62b2011-11-16 14:52 . 2011-11-16 14:52 -------- d-----w- c:\documents and settings\Mathew\Application Data\DriverCure2011-11-16 14:52 . 2011-11-16 14:52 -------- d-----w- c:\documents and settings\Mathew\Application Data\SpeedyPC Software2011-11-16 14:52 . 2011-11-16 14:52 -------- d-----w- c:\program files\Common Files\SpeedyPC Software2011-11-16 14:52 . 2011-11-16 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software2011-11-10 13:38 . 2011-11-10 13:38 -------- d-----w- c:\program files\Common Files\Logitech2011-11-08 13:32 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-11-08 13:32 . 2011-11-08 13:32 -------- d-----w- C:\Malwarebytes' Anti-Malware2011-11-06 15:14 . 2011-11-06 15:14 37760 ----a-w- c:\windows\system32\drivers\tsk30.tmp2011-11-06 15:01 . 2011-11-06 15:01 -------- d-----w- c:\documents and settings\Mathew\Application Data\SUPERAntiSpyware.com2011-11-06 15:01 . 2011-11-06 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com2011-11-06 12:57 . 2011-11-06 12:57 -------- d-----w- c:\documents and settings\Mathew\New Folder2011-11-06 11:03 . 2011-11-06 11:03 -------- d-----w- c:\documents and settings\All Users\Application Data\HPSSUPPLY2011-10-28 14:07 . 2011-10-28 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData2011-10-28 12:57 . 2011-10-28 14:21 -------- d-----w- c:\windows\LMI1B.tmp2011-10-27 07:04 . 2011-10-27 07:05 -------- d-----w- C:\832d669bcdce14cd5d2076bd...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-11-10 12:35 . 2002-08-29 12:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys2011-11-10 11:59 . 2002-08-29 01:05 37760 ----a-w- c:\windows\system32\drivers\amdk7.sys2011-11-09 20:04 . 2011-08-02 11:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-11-08 13:06 . 2002-08-29 12:00 44544 ----a-w- c:\windows\system32\drivers\fips.sys2011-10-10 14:22 . 2009-10-08 17:49 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-10-07 01:42 . 2009-10-08 13:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys2011-09-28 07:06 . 2002-08-29 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll2011-09-26 15:41 . 2002-08-29 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll2011-09-26 15:41 . 2002-08-29 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll2011-09-06 13:20 . 2002-08-29 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys2011-08-12 19:10 . 2011-08-12 19:11 774144 ----a-w- c:\program files\RngInterstitial.dll2011-11-09 19:00 . 2011-07-27 01:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..------- Sigcheck -------Note: Unsigned files aren't necessarily malware..[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll[-] 2002-08-29 . BF3C8CF53C77B48206B39910B6D6CBCC . 49152 . . [5.1.2600.1106] . . c:\windows\SoftwareDistribution\Download\eb5ff0ae9fdaa24285c4924997a7aa90\backup\eventlog.dll.[7] 2011-08-17 . 6A1D755C68C10863C598C78A597FA7C3 . 634632 . . [7.00.6000.17103] . . c:\windows\SoftwareDistribution\Download\7ca19747c08289c89633b8e50554b874\SP3GDR\iexplore.exe[7] 2011-08-17 . CB0AFAF9E5C5FE70EC7087E71275DD33 . 634632 . . [7.00.6000.21306] . . c:\windows\SoftwareDistribution\Download\7ca19747c08289c89633b8e50554b874\SP3QFE\iexplore.exe[7] 2010-04-16 . C4BA5E36FB57F547117305BF1E0FE454 . 634656 . . [7.00.6000.17055] . . c:\windows\SoftwareDistribution\Download\626f83f88e86511ae79d7ff76840cc8e\SP3GDR\iexplore.exe[7] 2010-04-16 . B24A4E23A2FEDB6976EB04D334AD82B2 . 634648 . . [7.00.6000.21256] . . c:\windows\SoftwareDistribution\Download\626f83f88e86511ae79d7ff76840cc8e\SP3QFE\iexplore.exe[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe[7] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe[-] 2002-08-29 . 418D301C3B1FA94B19584AEEB3D65166 . 91136 . . [6.00.2800.1106] . . c:\windows\SoftwareDistribution\Download\eb5ff0ae9fdaa24285c4924997a7aa90\backup\iexplore.exe.c:\windows\System32\eventlog.dll ... is missing !!.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]2010-10-06 15:31 2475336 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-10-06 2475336].[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}].[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-10-06 2475336].[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-03-15 2071904]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920].c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-2-6 805392].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]2010-06-22 13:35 12536 ----a-w- c:\windows\system32\avgrsstx.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]@="".[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkbackup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]2010-07-29 05:25 497648 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]2004-06-29 13:06 88363 ----a-w- c:\windows\AGRSMMSG.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]2004-09-07 17:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]2010-03-18 11:37 136176 ----atw- c:\documents and settings\Mathew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]2007-10-15 01:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]2007-08-22 20:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]2008-02-29 08:12 76304 ----a-w- c:\windows\KHALMNPR.Exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2009-10-15 02:40 417792 ----a-w- c:\program files\QuickTime\qttask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]2010-10-11 21:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]2010-01-11 20:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]2009-10-08 21:07 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]2004-10-22 15:53 53248 ----a-w- c:\windows\system32\VTTimer.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Messenger\\msmsgs.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"="c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"="c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"=.R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [10/27/2009 8:54 PM 25168]R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [10/9/2009 7:38 AM 52872]R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/9/2009 7:38 AM 216400]R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/9/2009 7:38 AM 243024]R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [11/23/2011 4:43 PM 249648]R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [10/9/2009 7:37 AM 30104]R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [10/27/2009 8:54 PM 122448]R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [10/27/2009 8:54 PM 30288]R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [10/27/2009 8:54 PM 26192]S0 71303367;71303367;c:\windows\system32\drivers\72589297.sys --> c:\windows\system32\drivers\72589297.sys [?]S0 wdhjekn;wdhjekn;c:\windows\system32\drivers\piawmbo.sys --> c:\windows\system32\drivers\piawmbo.sys [?]S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Mathew\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Mathew\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Mathew\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Mathew\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/29/2002 7:00 AM 14336]S2 avg9wd;AVG WatchDog;"c:\program files\AVG\AVG9\avgwdsvc.exe" --> c:\program files\AVG\AVG9\avgwdsvc.exe [?]S2 avgfws9;AVG Firewall;"c:\program files\AVG\AVG9\avgfws9.exe" --> c:\program files\AVG\AVG9\avgfws9.exe [?]S2 AVGIDSAgent;AVG9IDSAgent;"c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe" AVGIDSAgent --> c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/23/2011 4:45 PM 136176]S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [10/27/2009 6:39 AM 517448]S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [10/9/2009 7:37 AM 30104]S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 6:31 PM 195336]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/8/2011 8:32 AM 22216]S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/8/2011 8:37 AM 366152].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvcAkamai REG_MULTI_SZ Akamai.Contents of the 'Scheduled Tasks' folder.2010-10-21 c:\windows\Tasks\AdobeAAMUpdater-1.0 Fallback-NUMBER1-Mathew.job- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [2010-10-04 22:48].2010-10-05 c:\windows\Tasks\AdobeAAMUpdater-1.0-NUMBER1-Mathew.job- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29 05:25].2009-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34].2011-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc706449018f42.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-23 14:04].2011-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-602609370-682003330-1003Core1cc7154ea025638.job- c:\documents and settings\Mathew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-04 11:37].2011-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-602609370-682003330-1003Core1cc8c2422d22d14.job- c:\documents and settings\Mathew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-04 11:37].2011-11-16 c:\windows\Tasks\SpeedyPC Registration3.job- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2011-10-06 16:18].2011-11-16 c:\windows\Tasks\SpeedyPC Update Version3.job- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18].2009-11-02 c:\windows\Tasks\User_Feed_Synchronization-{9DFDB439-DA34-4124-B08E-04E5BF3C51CB}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]..------- Supplementary Scan -------.uStart Page = hxxp://msn.com/mStart Page = hxxp://www.yahoo.comuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.htmlTCP: DhcpNameServer = 172.16.10.1Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dllDPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cabDPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cabFF - ProfilePath - c:\documents and settings\Mathew\Application Data\Mozilla\Firefox\Profiles\pjwcb8xw.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=FF - user.js: yahoo.homepage.dontask - true.- - - - ORPHANS REMOVED - - - -.SafeBoot-10067677.sysSafeBoot-34256789.sysSafeBoot-41428562.sysSafeBoot-61865136.sysSafeBoot-71303367.sysSafeBoot-78995987.sysSafeBoot-83431963.sysSafeBoot-klmdb.sysMSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exeMSConfigStartUp-AdobeCS5ServiceManager - c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exeMSConfigStartUp-HPDJ Taskbar Utility - c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exeMSConfigStartUp-SelectRebates - c:\program files\SelectRebates\SelectRebates.exeMSConfigStartUp-wben - c:\program files\Starfield\Desktop Notifier\wben.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-11-23 16:58Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\redbook]"ImagePath"="system32\drivers\tsk1D4.tmp".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-1275210071-602609370-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F55135D6-8AE1-7D77-9B62-41CF32EB1FD4}*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)"iaahefklkndgpjpoel"=hex:6a,61,61,6d,6b,66,6d,70,67,6c,64,69,6e,6b,6a,61,69,66, 6e,62,00,f1"hakgodnfniohhpak"=hex:6a,61,61,6d,6b,66,6d,70,67,6c,64,69,6e,6b,6a,61,69,66, 6e,62,00,00.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(1112)c:\program files\common files\logishrd\bluetooth\LBTWlgn.dllc:\program files\common files\logishrd\bluetooth\LBTServ.dll.- - - - - - - > 'explorer.exe'(3704)c:\windows\system32\WININET.dllc:\program files\Logitech\SetPoint\lgscroll.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\program files\AVG\AVG9\avgchsvx.exec:\program files\AVG\AVG9\avgrsx.exec:\program files\AVG\AVG9\avgcsrvx.exec:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEc:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe.**************************************************************************.Completion time: 2011-11-23 17:07:27 - machine was rebootedComboFix-quarantined-files.txt 2011-11-23 22:07.Pre-Run: 42,158,739,456 bytes freePost-Run: 43,325,104,128 bytes free.- - End Of File - - 353618228F92E3C783998E4C80F49494 Link to post Share on other sites More sharing options...
ladybluerr Posted November 24, 2011 Author ID:497642 Share Posted November 24, 2011 .DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Run by Mathew at 19:05:42 on 2011-11-23Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.258 [GMT -5:00]..============== Running Processes ===============.C:\WINDOWS\system32\svchost.exe -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG\AVG9\avgcsrvx.exesvchost.exeC:\Program Files\Microsoft\BingBar\SeaPort.EXEC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\System32\svchost.exe -k imgsvcC:\PROGRA~1\AVG\AVG9\avgtray.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\WINDOWS\system32\wuauclt.exeC:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exeC:\WINDOWS\explorer.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\plugin-container.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://msn.com/mStart Page = hxxp://www.yahoo.comuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%smURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dllBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dllBHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No FileBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllBHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"EB: {32683183-48a0-441b-a342-7c2a440a9478} - No FileEB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dllmRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.htmlIE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exeIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllDPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cabDPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cabDPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255025129312DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255031421296DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cabDPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cabTCP: DhcpNameServer = 172.16.10.1TCP: Interfaces\{8D0B0A99-A31C-486B-B9E2-54C59C5385C2} : DhcpNameServer = 172.16.10.1Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dllHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLNotify: avgrsstarter - avgrsstx.dllNotify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\mathew\application data\mozilla\firefox\profiles\pjwcb8xw.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=FF - plugin: c:\documents and settings\mathew\application data\facebook\npfbplugin_1_0_3.dllFF - plugin: c:\documents and settings\mathew\application data\mozilla\firefox\profiles\pjwcb8xw.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dllFF - plugin: c:\documents and settings\mathew\application data\mozilla\plugins\npgoogletalk.dllFF - plugin: c:\documents and settings\mathew\application data\mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: c:\documents and settings\mathew\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\microsoft silverlight\4.0.50524.0\npctrlui.dllFF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dllFF - plugin: c:\program files\mozilla firefox\plugins\npgcplug.dllFF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dllFF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dllFF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dllFF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll.---- FIREFOX POLICIES ----FF - user.js: yahoo.homepage.dontask - true.============= SERVICES / DRIVERS ===============.R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2009-10-27 25168]R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-10-9 52872]R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-9 216400]R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-9 29584]R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-9 243024]R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-11-23 249648]R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-10-9 30104]R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-10-27 122448]R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-10-27 30288]R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2009-10-27 26192]S0 71303367;71303367;c:\windows\system32\drivers\72589297.sys --> c:\windows\system32\drivers\72589297.sys [?]S0 wdhjekn;wdhjekn;c:\windows\system32\drivers\piawmbo.sys --> c:\windows\system32\drivers\piawmbo.sys [?]S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\mathew\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\mathew\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\mathew\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\mathew\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2002-8-29 14336]S2 avg9wd;AVG WatchDog;"c:\program files\avg\avg9\avgwdsvc.exe" --> c:\program files\avg\avg9\avgwdsvc.exe [?]S2 avgfws9;AVG Firewall;"c:\program files\avg\avg9\avgfws9.exe" --> c:\program files\avg\avg9\avgfws9.exe [?]S2 AVGIDSAgent;AVG9IDSAgent;"c:\program files\avg\avg9\identity protection\agent\bin\avgidsagent.exe" avgidsagent --> c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [?]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-23 136176]S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2009-10-27 517448]S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-10-9 30104]S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-8 22216]S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-8 366152].=============== Created Last 30 ================.2011-11-23 21:35:21 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys2011-11-23 21:35:21 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys2011-11-20 18:42:00 398760 ----a-r- c:\windows\system32\cpnprt2.cid2011-11-20 18:39:55 -------- d-----w- c:\program files\Coupons2011-11-18 12:11:52 -------- d-----w- C:\1ed5c16b4cbb0adcc29f44e60063332011-11-18 12:06:28 -------- d-----w- C:\06fd66ed9abf5b9ab8918d59f3a62b2011-11-16 14:52:25 -------- d-----w- c:\documents and settings\mathew\application data\DriverCure2011-11-16 14:52:24 -------- d-----w- c:\documents and settings\mathew\application data\SpeedyPC Software2011-11-16 14:52:14 -------- d-----w- c:\program files\common files\SpeedyPC Software2011-11-16 14:52:13 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software2011-11-10 13:38:06 -------- d-----w- c:\program files\common files\Logitech2011-11-08 13:32:30 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-11-08 13:32:29 -------- d-----w- C:\Malwarebytes' Anti-Malware2011-11-06 15:14:16 37760 ----a-w- c:\windows\system32\drivers\tsk30.tmp2011-11-06 15:01:10 -------- d-----w- c:\documents and settings\mathew\application data\SUPERAntiSpyware.com2011-11-06 15:01:09 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com2011-11-06 12:57:18 -------- d-----w- c:\documents and settings\mathew\New Folder2011-10-28 14:07:45 -------- d-----w- c:\documents and settings\all users\application data\MFAData2011-10-28 12:57:11 -------- d-----w- c:\windows\LMI1B.tmp2011-10-27 07:04:50 -------- d-----w- C:\832d669bcdce14cd5d2076bd.==================== Find3M ====================.2011-11-10 12:35:37 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys2011-11-10 11:59:00 37760 ----a-w- c:\windows\system32\drivers\amdk7.sys2011-11-09 20:04:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-11-08 13:06:51 44544 ----a-w- c:\windows\system32\drivers\fips.sys2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-10-07 01:42:28 57600 ----a-w- c:\windows\system32\drivers\redbook.sys2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys2011-08-12 19:10:58 774144 ----a-w- c:\program files\RngInterstitial.dll.============= FINISH: 19:08:42.59 =============== Link to post Share on other sites More sharing options...
Staff screen317 Posted November 27, 2011 Staff ID:498528 Share Posted November 27, 2011 Hi,Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.Next, please open Notepad - don't use any other text editor than notepad or the script will fail.Copy/paste the text in the box below into Notepad:FCOPY::c:\windows\ServicePackFiles\i386\eventlog.dll | c:\windows\System32\eventlog.dllc:\windows\system32\dllcache\iexplore.exe | C:\Program Files\Internet Explorer\iexplore.exeKILLALL::Driver::wdhjekn71303367Save this as CFScript Then drag the CFScript into ComboFix.exe as you see in the screenshot below.This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.-screen317 Link to post Share on other sites More sharing options...
ladybluerr Posted November 27, 2011 Author ID:498549 Share Posted November 27, 2011 ComboFix 11-11-26.04 - Mathew 11/27/2011 6:38.2.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.748 [GMT -5:00]Running from: c:\documents and settings\Mathew\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Mathew\Desktop\CFScript.txt..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\Mathew\Local Settings\Application Data\{1278051B-C50C-4FAE-A63F-A4FC5CB6F439}c:\documents and settings\Mathew\Local Settings\Application Data\{1278051B-C50C-4FAE-A63F-A4FC5CB6F439}\chrome.manifestc:\documents and settings\Mathew\Local Settings\Application Data\{1278051B-C50C-4FAE-A63F-A4FC5CB6F439}\chrome\content\_cfg.jsc:\documents and settings\Mathew\Local Settings\Application Data\{1278051B-C50C-4FAE-A63F-A4FC5CB6F439}\chrome\content\overlay.xulc:\documents and settings\Mathew\Local Settings\Application Data\{1278051B-C50C-4FAE-A63F-A4FC5CB6F439}\install.rdf..--------------- FCopy ---------------.c:\windows\ServicePackFiles\i386\eventlog.dll --> c:\windows\System32\eventlog.dllc:\windows\system32\dllcache\iexplore.exe --> c:\program files\Internet Explorer\iexplore.exe.((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_71303367-------\Service_wdhjekn..((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))..2011-11-27 11:38 . 2008-04-14 00:11 56320 -c--a-w- c:\windows\system32\dllcache\eventlog.dll2011-11-27 11:38 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\eventlog.dll2011-11-23 21:35 . 2008-04-13 18:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys2011-11-23 21:35 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys2011-11-20 18:42 . 2011-11-20 18:42 398760 ----a-r- c:\windows\system32\cpnprt2.cid2011-11-20 18:39 . 2011-11-20 18:42 -------- d-----w- c:\program files\Coupons2011-11-18 12:11 . 2011-11-18 15:27 -------- d-----w- C:\1ed5c16b4cbb0adcc29f44e60063332011-11-18 12:06 . 2011-11-18 12:06 -------- d-----w- C:\06fd66ed9abf5b9ab8918d59f3a62b2011-11-16 14:52 . 2011-11-16 14:52 -------- d-----w- c:\documents and settings\Mathew\Application Data\DriverCure2011-11-16 14:52 . 2011-11-16 14:52 -------- d-----w- c:\documents and settings\Mathew\Application Data\SpeedyPC Software2011-11-16 14:52 . 2011-11-16 14:52 -------- d-----w- c:\program files\Common Files\SpeedyPC Software2011-11-16 14:52 . 2011-11-16 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software2011-11-10 13:38 . 2011-11-10 13:38 -------- d-----w- c:\program files\Common Files\Logitech2011-11-08 13:32 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-11-08 13:32 . 2011-11-08 13:32 -------- d-----w- C:\Malwarebytes' Anti-Malware2011-11-06 15:14 . 2011-11-06 15:14 37760 ----a-w- c:\windows\system32\drivers\tsk30.tmp2011-11-06 15:01 . 2011-11-06 15:01 -------- d-----w- c:\documents and settings\Mathew\Application Data\SUPERAntiSpyware.com2011-11-06 15:01 . 2011-11-06 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com2011-11-06 12:57 . 2011-11-06 12:57 -------- d-----w- c:\documents and settings\Mathew\New Folder2011-11-06 11:03 . 2011-11-06 11:03 -------- d-----w- c:\documents and settings\All Users\Application Data\HPSSUPPLY2011-10-28 14:07 . 2011-10-28 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData2011-10-28 12:57 . 2011-10-28 14:21 -------- d-----w- c:\windows\LMI1B.tmp...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-11-10 12:35 . 2002-08-29 12:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys2011-11-10 11:59 . 2002-08-29 01:05 37760 ----a-w- c:\windows\system32\drivers\amdk7.sys2011-11-09 20:04 . 2011-08-02 11:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-11-08 13:06 . 2002-08-29 12:00 44544 ----a-w- c:\windows\system32\drivers\fips.sys2011-10-10 14:22 . 2009-10-08 17:49 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-10-07 01:42 . 2009-10-08 13:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys2011-09-28 07:06 . 2002-08-29 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll2011-09-26 15:41 . 2002-08-29 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll2011-09-26 15:41 . 2002-08-29 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll2011-09-06 13:20 . 2002-08-29 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys2011-08-12 19:10 . 2011-08-12 19:11 774144 ----a-w- c:\program files\RngInterstitial.dll2011-11-09 19:00 . 2011-07-27 01:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((( SnapShot@2011-11-23_21.58.23 ))))))))))))))))))))))))))))))))))))))))).+ 2009-10-08 17:48 . 2009-03-08 18:09 638816 c:\windows\system32\dllcache\iexplore.exe- 2009-03-08 18:09 . 2009-03-08 18:09 638816 c:\windows\system32\dllcache\iexplore.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]2010-10-06 15:31 2475336 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-10-06 2475336].[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}].[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-10-06 2475336].[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-03-15 2071904]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920].c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-2-6 805392].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]2010-06-22 13:35 12536 ----a-w- c:\windows\system32\avgrsstx.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]@="".[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkbackup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]2010-07-29 05:25 497648 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]2004-06-29 13:06 88363 ----a-w- c:\windows\AGRSMMSG.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]2004-09-07 17:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]2010-03-18 11:37 136176 ----atw- c:\documents and settings\Mathew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]2007-10-15 01:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]2007-08-22 20:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]2008-02-29 08:12 76304 ----a-w- c:\windows\KHALMNPR.Exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2009-10-15 02:40 417792 ----a-w- c:\program files\QuickTime\qttask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]2010-10-11 21:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]2010-01-11 20:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]2009-10-08 21:07 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]2004-10-22 15:53 53248 ----a-w- c:\windows\system32\VTTimer.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Messenger\\msmsgs.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"="c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"="c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"=.R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [10/27/2009 8:54 PM 25168]R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [10/9/2009 7:38 AM 52872]R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/9/2009 7:38 AM 216400]R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/9/2009 7:38 AM 243024]R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [11/23/2011 4:43 PM 249648]R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [10/9/2009 7:37 AM 30104]R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [10/27/2009 8:54 PM 122448]R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [10/27/2009 8:54 PM 30288]R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [10/27/2009 8:54 PM 26192]S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Mathew\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Mathew\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Mathew\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Mathew\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/29/2002 7:00 AM 14336]S2 avg9wd;AVG WatchDog;"c:\program files\AVG\AVG9\avgwdsvc.exe" --> c:\program files\AVG\AVG9\avgwdsvc.exe [?]S2 avgfws9;AVG Firewall;"c:\program files\AVG\AVG9\avgfws9.exe" --> c:\program files\AVG\AVG9\avgfws9.exe [?]S2 AVGIDSAgent;AVG9IDSAgent;"c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe" AVGIDSAgent --> c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/23/2011 4:45 PM 136176]S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [10/27/2009 6:39 AM 517448]S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [10/9/2009 7:37 AM 30104]S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 6:31 PM 195336]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/8/2011 8:32 AM 22216]S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/8/2011 8:37 AM 366152].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvcAkamai REG_MULTI_SZ Akamai.Contents of the 'Scheduled Tasks' folder.2011-11-27 c:\windows\Tasks\AdobeAAMUpdater-1.0-NUMBER1-Mathew.job- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29 05:25].2009-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34].2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc706449018f42.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-23 14:04].2011-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-602609370-682003330-1003Core1cc7154ea025638.job- c:\documents and settings\Mathew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-04 11:37].2011-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-602609370-682003330-1003Core1cc8c2422d22d14.job- c:\documents and settings\Mathew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-04 11:37].2011-11-16 c:\windows\Tasks\SpeedyPC Registration3.job- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2011-10-06 16:18].2011-11-27 c:\windows\Tasks\SpeedyPC Update Version3.job- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18].2011-11-27 c:\windows\Tasks\User_Feed_Synchronization-{9DFDB439-DA34-4124-B08E-04E5BF3C51CB}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]..------- Supplementary Scan -------.uStart Page = hxxp://msn.com/mStart Page = hxxp://www.yahoo.comuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.htmlTCP: DhcpNameServer = 172.16.10.1Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dllDPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cabDPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cabFF - ProfilePath - c:\documents and settings\Mathew\Application Data\Mozilla\Firefox\Profiles\pjwcb8xw.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=FF - user.js: yahoo.homepage.dontask - true..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-11-27 07:08Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\redbook]"ImagePath"="system32\drivers\tsk1D4.tmp".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-1275210071-602609370-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F55135D6-8AE1-7D77-9B62-41CF32EB1FD4}*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)"iaahefklkndgpjpoel"=hex:6a,61,61,6d,6b,66,6d,70,67,6c,64,69,6e,6b,6a,61,69,66, 6e,62,00,f1"hakgodnfniohhpak"=hex:6a,61,61,6d,6b,66,6d,70,67,6c,64,69,6e,6b,6a,61,69,66, 6e,62,00,00.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(1108)c:\program files\common files\logishrd\bluetooth\LBTWlgn.dllc:\program files\common files\logishrd\bluetooth\LBTServ.dll.- - - - - - - > 'explorer.exe'(3748)c:\windows\system32\WININET.dllc:\program files\Logitech\SetPoint\lgscroll.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\program files\AVG\AVG9\avgchsvx.exec:\program files\AVG\AVG9\avgrsx.exec:\program files\AVG\AVG9\avgcsrvx.exec:\windows\system32\wscntfy.exec:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE.**************************************************************************.Completion time: 2011-11-27 07:15:27 - machine was rebootedComboFix-quarantined-files.txt 2011-11-27 12:15ComboFix2.txt 2011-11-23 22:07.Pre-Run: 43,597,574,144 bytes freePost-Run: 43,582,709,760 bytes free.- - End Of File - - 460B1DE3527F4DC8ADE31438D59F0B99 Link to post Share on other sites More sharing options...
ladybluerr Posted November 27, 2011 Author ID:498550 Share Posted November 27, 2011 .DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Run by Mathew at 7:44:49 on 2011-11-27Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.404 [GMT -5:00]..============== Running Processes ===============.C:\WINDOWS\system32\svchost.exe -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Microsoft\BingBar\SeaPort.EXEC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\System32\svchost.exe -k imgsvcC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\wuauclt.exeC:\PROGRA~1\AVG\AVG9\avgtray.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\WINDOWS\explorer.exeC:\WINDOWS\system32\notepad.exeC:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exeC:\Program Files\Mozilla Firefox\firefox.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://msn.com/mStart Page = hxxp://www.yahoo.comuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%smURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dllBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dllBHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No FileBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllBHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"EB: {32683183-48a0-441b-a342-7c2a440a9478} - No FileEB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dllmRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.htmlIE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exeIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllDPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cabDPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cabDPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255025129312DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255031421296DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cabDPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cabTCP: DhcpNameServer = 172.16.10.1TCP: Interfaces\{8D0B0A99-A31C-486B-B9E2-54C59C5385C2} : DhcpNameServer = 172.16.10.1Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dllHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLNotify: avgrsstarter - avgrsstx.dllNotify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\mathew\application data\mozilla\firefox\profiles\pjwcb8xw.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=FF - plugin: c:\documents and settings\mathew\application data\facebook\npfbplugin_1_0_3.dllFF - plugin: c:\documents and settings\mathew\application data\mozilla\firefox\profiles\pjwcb8xw.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dllFF - plugin: c:\documents and settings\mathew\application data\mozilla\plugins\npgoogletalk.dllFF - plugin: c:\documents and settings\mathew\application data\mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: c:\documents and settings\mathew\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\microsoft silverlight\4.0.50524.0\npctrlui.dllFF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dllFF - plugin: c:\program files\mozilla firefox\plugins\npgcplug.dllFF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dllFF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dllFF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dllFF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll.---- FIREFOX POLICIES ----FF - user.js: yahoo.homepage.dontask - true.============= SERVICES / DRIVERS ===============.R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2009-10-27 25168]R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-10-9 52872]R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-9 216400]R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-9 29584]R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-9 243024]R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-11-23 249648]R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-10-9 30104]R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-10-27 122448]R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-10-27 30288]R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2009-10-27 26192]S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\mathew\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\mathew\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\mathew\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\mathew\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2002-8-29 14336]S2 avg9wd;AVG WatchDog;"c:\program files\avg\avg9\avgwdsvc.exe" --> c:\program files\avg\avg9\avgwdsvc.exe [?]S2 avgfws9;AVG Firewall;"c:\program files\avg\avg9\avgfws9.exe" --> c:\program files\avg\avg9\avgfws9.exe [?]S2 AVGIDSAgent;AVG9IDSAgent;"c:\program files\avg\avg9\identity protection\agent\bin\avgidsagent.exe" avgidsagent --> c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [?]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-23 136176]S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2009-10-27 517448]S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-10-9 30104]S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-8 22216]S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-8 366152].=============== Created Last 30 ================.2011-11-27 11:38:36 56320 -c--a-w- c:\windows\system32\dllcache\eventlog.dll2011-11-27 11:38:36 56320 ----a-w- c:\windows\system32\eventlog.dll2011-11-23 21:35:21 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys2011-11-23 21:35:21 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys2011-11-20 18:42:00 398760 ----a-r- c:\windows\system32\cpnprt2.cid2011-11-20 18:39:55 -------- d-----w- c:\program files\Coupons2011-11-18 12:11:52 -------- d-----w- C:\1ed5c16b4cbb0adcc29f44e60063332011-11-18 12:06:28 -------- d-----w- C:\06fd66ed9abf5b9ab8918d59f3a62b2011-11-16 14:52:25 -------- d-----w- c:\documents and settings\mathew\application data\DriverCure2011-11-16 14:52:24 -------- d-----w- c:\documents and settings\mathew\application data\SpeedyPC Software2011-11-16 14:52:14 -------- d-----w- c:\program files\common files\SpeedyPC Software2011-11-16 14:52:13 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software2011-11-10 13:38:06 -------- d-----w- c:\program files\common files\Logitech2011-11-08 13:32:30 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-11-08 13:32:29 -------- d-----w- C:\Malwarebytes' Anti-Malware2011-11-06 15:14:16 37760 ----a-w- c:\windows\system32\drivers\tsk30.tmp2011-11-06 15:01:10 -------- d-----w- c:\documents and settings\mathew\application data\SUPERAntiSpyware.com2011-11-06 15:01:09 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com2011-11-06 12:57:18 -------- d-----w- c:\documents and settings\mathew\New Folder2011-10-28 14:07:45 -------- d-----w- c:\documents and settings\all users\application data\MFAData2011-10-28 12:57:11 -------- d-----w- c:\windows\LMI1B.tmp.==================== Find3M ====================.2011-11-10 12:35:37 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys2011-11-10 11:59:00 37760 ----a-w- c:\windows\system32\drivers\amdk7.sys2011-11-09 20:04:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-11-08 13:06:51 44544 ----a-w- c:\windows\system32\drivers\fips.sys2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-10-07 01:42:28 57600 ----a-w- c:\windows\system32\drivers\redbook.sys2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys2011-08-12 19:10:58 774144 ----a-w- c:\program files\RngInterstitial.dll.============= FINISH: 7:45:55.22 =============== Link to post Share on other sites More sharing options...
Staff screen317 Posted December 1, 2011 Staff ID:500243 Share Posted December 1, 2011 Hi, Next, please run a free online scan with the ESET Online Scanner Note: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan Wait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topic Next, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document. Let me know how things are running now and what issues remain. Link to post Share on other sites More sharing options...
Staff screen317 Posted December 12, 2011 Staff ID:503843 Share Posted December 12, 2011 Are you still with us? This topic will be closed in a few days if we do not hear back from you. Link to post Share on other sites More sharing options...
Staff screen317 Posted December 22, 2011 Staff ID:508149 Share Posted December 22, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts