Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect


  • This topic is locked This topic is locked
30 replies to this topic

#1 meanswing

meanswing

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 17 February 2010 - 02:05 AM

Sometimes when i search stuff on Google and click a link it takes me to another site. I tried to used DDS but it said i cant run it in DOS mode so i used Combofix. Here is the log:
ComboFix 10-02-16.02 - Chris 02/16/2010 22:53:46.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1342 [GMT -8:00]
Running from: e:\documents and settings\Chris\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\documents and settings\Chris\Favorites\nuvi660_470.exe
E:\setup.exe
e:\windows\COUPON~1.OCX
e:\windows\CouponPrinter.ocx
e:\windows\run.log
e:\windows\system32\advapi32new.dll
e:\windows\system32\apphelpnew.dll
e:\windows\system32\crypt32new.dll
e:\windows\system32\d3d10core.dll
e:\windows\system32\dwmapi.dll
e:\windows\system32\dxgi.dll
e:\windows\system32\kernel32new.dll
e:\windows\system32\msconfig.exe
e:\windows\system32\msvcrtnew.dll
e:\windows\system32\ntdsapinew.dll
e:\windows\system32\powrprofnew.dll
e:\windows\system32\secur32new.dll
e:\windows\system32\twain_32.dll
e:\windows\system32\user32new.dll
e:\windows\system32\winstanew.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-17 to 2010-02-17 )))))))))))))))))))))))))))))))
.

2010-02-13 02:11 . 2010-02-13 02:11 52224 ----a-w- e:\documents and settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-13 02:11 . 2010-02-13 02:11 117760 ----a-w- e:\documents and settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-13 02:10 . 2010-02-13 02:10 -------- d-----w- e:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-13 02:10 . 2010-02-13 07:08 -------- d-----w- e:\program files\SUPERAntiSpyware
2010-02-13 02:10 . 2010-02-13 02:10 -------- d-----w- e:\documents and settings\Chris\Application Data\SUPERAntiSpyware.com
2010-02-10 16:06 . 2010-02-10 16:09 23110 ----a-w- e:\windows\hpqins15.dat
2010-02-08 09:25 . 2010-02-08 09:25 -------- d-----w- e:\program files\Electronic Arts
2010-02-08 09:23 . 2010-02-08 09:23 138056 ----a-w- e:\documents and settings\Chris\Application Data\PnkBstrK.sys
2010-02-08 09:23 . 2010-02-08 09:23 2434856 ----a-w- e:\windows\system32\pbsvc_bc2.exe
2010-02-07 23:26 . 2010-02-07 23:26 -------- d-----w- e:\documents and settings\Chris\Local Settings\Application Data\AliensVsPredator
2010-02-07 20:44 . 2010-02-09 03:45 -------- d-----w- e:\windows\SxsCaPendDel
2010-02-03 05:37 . 2010-02-03 05:37 -------- d-----w- e:\program files\LizardTech
2010-01-30 20:41 . 2010-01-30 20:41 388096 ----a-r- e:\documents and settings\Chris\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-30 20:41 . 2010-01-30 20:41 -------- d-----w- e:\program files\TrendMicro
2010-01-30 02:22 . 2010-01-30 02:22 -------- d-----w- e:\documents and settings\Chris\Local Settings\Application Data\Blizzard Entertainment
2010-01-29 23:12 . 2010-01-29 23:27 -------- d-----w- e:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-01-29 22:16 . 2010-02-06 22:13 -------- d-----w- e:\program files\World of Warcraft
2010-01-29 06:12 . 2010-01-29 06:13 -------- d-----w- E:\New Folder
2010-01-29 03:30 . 2010-01-29 03:30 -------- d-----w- e:\documents and settings\All Users\Application Data\Blizzard
2010-01-29 03:28 . 2010-01-29 22:56 -------- d-----w- e:\program files\Common Files\Blizzard Entertainment
2010-01-25 05:34 . 1998-05-01 06:48 283648 ----a-w- e:\windows\uninst.exe
2010-01-22 08:40 . 2010-01-29 08:20 0 ----a-w- e:\windows\Lxukezusuqikuw.bin
2010-01-22 08:40 . 2010-01-29 08:20 120 ----a-w- e:\windows\Wmafis.dat
2010-01-22 08:40 . 2010-01-22 08:40 -------- d-----w- e:\documents and settings\Chris\Local Settings\Application Data\{8C4EA56F-D2F6-44B6-88FC-14502457D61F}
2010-01-21 06:24 . 2010-01-21 06:26 -------- d-----w- e:\program files\AutoCAD 2008
2010-01-21 06:03 . 2010-01-21 06:24 -------- d-----w- e:\documents and settings\All Users\Application Data\Autodesk
2010-01-21 06:03 . 2010-01-21 06:03 -------- d-----w- e:\documents and settings\Chris\Application Data\Autodesk
2010-01-21 06:00 . 2010-01-21 06:26 -------- d-----w- e:\program files\Common Files\Autodesk Shared
2010-01-21 06:00 . 2010-01-21 06:03 -------- d-----w- e:\documents and settings\Chris\Local Settings\Application Data\Autodesk
2010-01-21 06:00 . 2010-01-21 06:00 -------- d-----w- e:\program files\Autodesk
2010-01-20 19:16 . 2009-12-24 16:58 6515976 ---ha-w- e:\documents and settings\Chris\Application Data\mjusbsp\in00000\setup.exe
2010-01-20 19:16 . 2009-12-24 16:54 730032 ---ha-w- e:\documents and settings\Chris\Application Data\mjusbsp\ar00000\install.exe
2010-01-20 19:16 . 2008-02-29 12:42 386496 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\ar00000\magicJackSplash.exe
2010-01-20 02:01 . 2009-12-24 16:58 6515976 ---ha-w- e:\documents and settings\Chris\Application Data\mjusbsp\Upgrade\setup2.exe
2010-01-20 02:01 . 2009-12-24 16:54 730032 ---ha-w- e:\documents and settings\Chris\Application Data\mjusbsp\Upgrade\install2.exe
2010-01-19 18:12 . 2010-01-19 18:12 -------- d-----w- e:\documents and settings\All Users\Application Data\ATI
2010-01-19 08:06 . 2010-01-19 08:06 -------- d-----w- e:\program files\SystemRequirementsLab
2010-01-19 08:06 . 2010-01-19 08:06 138240 ----a-w- e:\documents and settings\Chris\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2010-01-19 08:06 . 2010-01-19 08:06 138240 ----a-w- e:\documents and settings\Chris\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2010-01-19 08:06 . 2010-01-19 08:06 138240 ----a-w- e:\documents and settings\Chris\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2010-01-19 08:06 . 2010-01-19 08:06 138240 ----a-w- e:\documents and settings\Chris\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2010-01-19 08:06 . 2010-01-19 08:06 -------- d-----w- e:\documents and settings\Chris\Application Data\SystemRequirementsLab
2010-01-19 06:15 . 2010-01-19 06:15 -------- d-----w- e:\windows\system32\wbem\Repository
2010-01-19 05:26 . 2010-01-19 06:13 -------- d-----w- e:\program files\MultiRes(2)
2010-01-19 05:25 . 2010-01-19 05:25 -------- d-----w- e:\program files\Radeon Omega Drivers

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-17 06:04 . 2009-07-11 19:58 -------- d-----w- e:\documents and settings\Chris\Application Data\HPAppData
2010-02-15 20:45 . 2009-07-18 07:05 -------- d-----w- e:\program files\FlashGet
2010-02-13 21:21 . 2009-01-20 02:31 -------- d-----w- e:\documents and settings\Chris\Application Data\Azureus
2010-02-13 19:35 . 2009-08-22 18:48 215128 ----a-w- e:\windows\system32\PnkBstrB.exe
2010-02-13 19:27 . 2009-08-22 19:18 139128 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys
2010-02-13 02:08 . 2009-02-07 06:35 -------- d-----w- e:\program files\Common Files\Wise Installation Wizard
2010-02-10 16:09 . 2009-08-21 06:29 -------- d-----w- e:\documents and settings\Chris\Application Data\HpUpdate
2010-01-29 22:31 . 2009-01-20 03:59 -------- d-----w- e:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-27 06:24 . 2009-12-23 01:19 -------- d-----w- e:\program files\MATLAB
2010-01-24 05:18 . 2009-09-01 01:20 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-01-22 22:31 . 2009-07-08 04:39 -------- d-----w- e:\documents and settings\Chris\Application Data\vlc
2010-01-21 06:28 . 2009-01-20 02:31 104464 -c--a-w- e:\documents and settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-20 19:16 . 2009-06-07 00:04 -------- d-----w- e:\documents and settings\Chris\Application Data\mjusbsp
2010-01-19 18:15 . 2010-01-16 10:55 -------- d-----w- e:\program files\ATI
2010-01-19 08:39 . 2009-01-31 03:39 -------- d-----w- e:\program files\ATI Technologies
2010-01-19 08:39 . 2010-01-19 08:39 10134 ----a-r- e:\documents and settings\Chris\Application Data\Microsoft\Installer\{A778A787-08A4-4089-CB68-02A9737DE532}\ARPPRODUCTICON.exe
2010-01-16 21:16 . 2010-01-16 21:16 -------- d-----w- e:\program files\IObit
2010-01-08 00:07 . 2009-09-01 01:20 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 00:07 . 2009-09-01 01:20 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-01-03 07:45 . 2010-01-03 07:45 -------- d-----w- e:\documents and settings\Chris\Application Data\GameRanger
2010-01-03 07:30 . 2009-06-07 14:30 -------- d-----w- e:\program files\DIFX
2010-01-03 07:30 . 2010-01-03 07:29 -------- d-----w- e:\program files\AGEIA Technologies
2010-01-03 07:15 . 2010-01-03 07:15 -------- d-----w- e:\program files\2K Games
2010-01-03 07:15 . 2009-01-27 08:23 -------- d--h--w- e:\program files\InstallShield Installation Information
2009-12-24 16:59 . 2009-12-24 16:59 93016 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\ug00000\magicJack.dll
2009-12-24 16:58 . 2009-12-24 16:58 6515976 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\ug00000\setup.exe
2009-12-24 16:58 . 2009-12-24 16:58 416328 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\magicJackLoader.exe
2009-12-24 16:58 . 2009-12-24 16:58 480608 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\octvqe1_apiw.dll
2009-12-24 16:58 . 2009-12-24 16:58 214360 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\TjVista.dll
2009-12-24 16:58 . 2009-12-24 16:58 337240 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\TjIpSys.dll
2009-12-24 16:58 . 2009-12-24 16:58 607600 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\SJHandsetMagicJack.dll
2009-12-24 16:58 . 2009-12-24 16:58 87384 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\st00000\mjsetup.exe
2009-12-24 16:57 . 2009-12-24 16:57 93016 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\st00000\magicJack.dll
2009-12-24 16:57 . 2009-12-24 16:57 93016 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\magicJack.dll
2009-12-24 16:55 . 2009-12-24 16:55 12482904 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\magicJack.exe
2009-12-24 16:54 . 2009-12-24 16:54 730032 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\ug00000\install.exe
2009-12-24 16:53 . 2009-12-24 16:53 87384 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\in00000\mjsetup.exe
2009-12-24 16:53 . 2009-12-24 16:53 93016 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\in00000\magicJack.dll
2009-12-24 16:52 . 2009-12-24 16:52 441704 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2009-12-24 16:52 . 2009-12-24 16:52 441704 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\st00000\magicJackSplash.exe
2009-12-24 16:52 . 2009-12-24 16:52 441704 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\magicJackSplash.exe
2009-12-24 16:52 . 2009-12-24 16:52 441704 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\in00000\magicJackSplash.exe
2009-12-24 16:52 . 2009-12-24 16:52 50520 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\cdloader2.exe
2009-12-23 01:52 . 2009-12-23 01:52 4844296 ----a-w- e:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-23 01:50 . 2009-12-23 01:50 -------- d-----w- e:\documents and settings\Chris\Application Data\MathWorks
2009-12-22 23:24 . 2009-01-20 02:30 -------- d-----w- e:\program files\Vuze
2009-12-11 02:25 . 2009-12-11 02:25 664 ----a-w- e:\windows\system32\d3d9caps.dat
2009-12-05 03:17 . 2009-01-17 18:27 102400 ----a-w- e:\windows\DUMP4507.tmp
2009-11-30 00:30 . 2009-11-27 22:51 77374 ----a-w- e:\windows\hpqins05.dat
2009-11-25 03:50 . 2010-01-19 08:39 4463104 ----a-w- e:\windows\system32\drivers\ati2mtag.sys
2009-11-25 03:27 . 2010-01-19 08:39 446464 ----a-w- e:\windows\system32\ATIDEMGX.dll
2009-11-25 03:27 . 2010-01-16 10:55 446464 ----a-w- e:\windows\system32\ATIDEMGX(9).dll
2009-11-25 03:27 . 2010-01-16 10:55 446464 ----a-w- e:\windows\system32\ATIDEMGX(8).dll
2009-11-25 03:27 . 2010-01-16 10:55 446464 ----a-w- e:\windows\system32\ATIDEMGX(7).dll
2009-11-25 03:27 . 2010-01-16 10:55 446464 ----a-w- e:\windows\system32\ATIDEMGX(6).dll
2009-11-25 03:27 . 2010-01-16 10:55 446464 ----a-w- e:\windows\system32\ATIDEMGX(10).dll
2009-11-25 03:26 . 2009-05-16 03:38 300032 ----a-w- e:\windows\system32\ati2dvag.dll
2009-11-25 03:26 . 2009-05-16 03:38 300032 ----a-w- e:\windows\system32\ati2dvag(7).dll
2009-11-25 03:26 . 2009-05-16 03:38 300032 ----a-w- e:\windows\system32\ati2dvag(6).dll
2009-11-25 03:26 . 2009-05-16 03:38 300032 ----a-w- e:\windows\system32\ati2dvag(5).dll
2009-11-25 03:26 . 2009-05-16 03:38 300032 ----a-w- e:\windows\system32\ati2dvag(4).dll
2009-11-25 03:26 . 2009-05-16 03:38 300032 ----a-w- e:\windows\system32\ati2dvag(3).dll
2009-11-25 03:11 . 2010-01-19 08:39 208896 ----a-w- e:\windows\system32\atipdlxx.dll
2009-11-25 03:11 . 2010-01-16 10:55 208896 ----a-w- e:\windows\system32\atipdlxx(6).dll
2009-11-25 03:11 . 2010-01-16 10:55 208896 ----a-w- e:\windows\system32\atipdlxx(5).dll
2009-11-25 03:11 . 2010-01-16 10:55 208896 ----a-w- e:\windows\system32\atipdlxx(4).dll
2009-11-25 03:11 . 2010-01-16 10:55 208896 ----a-w- e:\windows\system32\atipdlxx(3).dll
2009-11-25 03:11 . 2010-01-16 10:55 208896 ----a-w- e:\windows\system32\atipdlxx(2).dll
2009-11-25 03:11 . 2010-01-19 08:39 155648 ----a-w- e:\windows\system32\Oemdspif.dll
2009-11-25 03:09 . 2010-01-19 08:39 602112 ----a-w- e:\windows\system32\ati2evxx.exe
2009-11-25 03:09 . 2010-01-16 10:55 602112 ----a-w- e:\windows\system32\ati2evxx(6).exe
2009-11-25 03:09 . 2010-01-16 10:55 602112 ----a-w- e:\windows\system32\ati2evxx(5).exe
2009-11-25 03:09 . 2010-01-16 10:55 602112 ----a-w- e:\windows\system32\ati2evxx(4).exe
2009-11-25 03:09 . 2010-01-16 10:55 602112 ----a-w- e:\windows\system32\ati2evxx(3).exe
2009-11-25 03:09 . 2010-01-16 10:55 602112 ----a-w- e:\windows\system32\ati2evxx(2).exe
2009-11-25 03:07 . 2010-01-19 08:39 53248 ----a-w- e:\windows\system32\ATIDDC.DLL
2009-11-25 02:59 . 2010-01-19 08:39 311296 ----a-w- e:\windows\system32\atiiiexx.dll
2009-11-25 02:59 . 2009-05-16 03:07 3538496 ----a-w- e:\windows\system32\ati3duag.dll
2009-11-25 02:59 . 2009-05-16 03:07 3538496 ----a-w- e:\windows\system32\ati3duag(7).dll
2009-11-25 02:59 . 2009-05-16 03:07 3538496 ----a-w- e:\windows\system32\ati3duag(6).dll
2009-11-25 02:59 . 2009-05-16 03:07 3538496 ----a-w- e:\windows\system32\ati3duag(5).dll
2009-11-25 02:59 . 2009-05-16 03:07 3538496 ----a-w- e:\windows\system32\ati3duag(4).dll
2009-11-25 02:59 . 2009-05-16 03:07 3538496 ----a-w- e:\windows\system32\ati3duag(3).dll
2009-11-25 02:44 . 2010-01-19 08:39 13533184 ----a-w- e:\windows\system32\atioglxx.dll
2009-11-25 02:43 . 2009-05-16 02:54 2142848 ----a-w- e:\windows\system32\ativvaxx.dll
2009-11-25 02:43 . 2009-05-16 02:54 2142848 ----a-w- e:\windows\system32\ativvaxx(7).dll
2009-11-25 02:43 . 2009-05-16 02:54 2142848 ----a-w- e:\windows\system32\ativvaxx(6).dll
2009-11-25 02:43 . 2009-05-16 02:54 2142848 ----a-w- e:\windows\system32\ativvaxx(5).dll
2009-11-25 02:43 . 2009-05-16 02:54 2142848 ----a-w- e:\windows\system32\ativvaxx(4).dll
2009-11-25 02:43 . 2009-05-16 02:54 2142848 ----a-w- e:\windows\system32\ativvaxx(3).dll
2009-11-25 02:42 . 2010-01-19 08:39 887724 ----a-w- e:\windows\system32\ativva6x.dat
2009-11-25 02:42 . 2010-01-19 08:39 3 ----a-w- e:\windows\system32\ativva5x.dat
2009-11-25 02:26 . 2010-01-19 08:39 65024 ----a-w- e:\windows\system32\atimpc32.dll
2009-11-25 02:26 . 2010-01-19 08:39 65024 ----a-w- e:\windows\system32\amdpcom32.dll
2009-11-25 02:21 . 2010-01-19 08:39 565248 ----a-w- e:\windows\system32\atikvmag.dll
2009-11-25 02:21 . 2010-01-16 10:55 565248 ----a-w- e:\windows\system32\atikvmag(7).dll
2009-11-25 02:21 . 2010-01-16 10:55 565248 ----a-w- e:\windows\system32\atikvmag(6).dll
2009-11-25 02:21 . 2010-01-16 10:55 565248 ----a-w- e:\windows\system32\atikvmag(5).dll
2009-11-25 02:21 . 2010-01-16 10:55 565248 ----a-w- e:\windows\system32\atikvmag(4).dll
2009-11-25 02:21 . 2010-01-16 10:55 565248 ----a-w- e:\windows\system32\atikvmag(3).dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- e:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- e:\program files\mozilla firefox\plugins\ssldivx.dll
2006-02-23 13:16 . 2009-03-18 07:59 34048 -c--a-w- e:\program files\mozilla firefox\plugins\upd62i9x.dll
2006-02-23 13:16 . 2009-03-18 07:59 45056 -c--a-w- e:\program files\mozilla firefox\plugins\upd62int.dll
.

------- Sigcheck -------


[-] 2008-04-28 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . e:\windows\system32\drivers\tcpip.sys




e:\windows\System32\drivers\beep.sys ... is missing !!
e:\windows\System32\wscntfy.exe ... is missing !!
e:\windows\System32\eventlog.dll ... is missing !!
e:\windows\System32\regsvc.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-17 139264]
"NVIDIA nTune"="e:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
"cdloader"="e:\documents and settings\Chris\Application Data\mjusbsp\cdloader2.exe" [2009-12-24 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NeroFilterCheck"="e:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"AVG8_TRAY"="e:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-10 2043160]
"HP Software Update"="e:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"hpqSRMon"="e:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-25 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]

e:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - e:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2009-6-12 25214]
Device Detector 3.lnk - e:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-2-19 118784]
HP Digital Imaging Monitor.lnk - e:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "e:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- e:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-30 20:28 11952 ----a-w- e:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office-Logic Notify.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\Office-Logic Notify.lnk
backup=e:\windows\pss\Office-Logic Notify.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^SATARAID5.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\SATARAID5.lnk
backup=e:\windows\pss\SATARAID5.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 09:12 483328 ----a-w- e:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 -c--a-w- e:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 19:06 290088 -c--a-w- e:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-09-05 01:25 81920 -c--a-w- e:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 22:18 413696 -c--a-w- e:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-06-26 22:56 25604904 ----a-r- e:\program files\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"d:\\Program Files\\Steam\\steamapps\\triplesix877\\source sdk base 2007\\hl2.exe"=
"d:\\Program Files\\Steam\\steamapps\\triplesix877\\condition zero\\hl.exe"=
"d:\\Program Files\\Steam\\steamapps\\triplesix877\\counter-strike source\\hl2.exe"=
"d:\\Program Files\\Steam\\steamapps\\triplesix877\\counter-strike\\hl.exe"=
"d:\\Program Files\\Vuze\\Azureus.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\Trillian\\trillian.exe"=
"d:\\Program Files\\Steam\\steamapps\\triplesix877\\team fortress 2\\hl2.exe"=
"e:\\Program Files\\Vuze\\Azureus.exe"=
"e:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"e:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"e:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"e:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\FlashGet\\flashget.exe"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\srcds.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"e:\\Documents and Settings\\Chris\\Application Data\\mjusbsp\\magicJack.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator demo\\AvP.exe"=
"e:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2 - BETA\\BFBC2BetaUpdater.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"e:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"e:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"427:UDP"= 427:UDP:SLP_Port(427)
"9100:TCP"= 9100:TCP:HPc4580
"9100:UDP"= 9100:UDP:hpc4580

R0 AvgRkx86;avgrkx86.sys;e:\windows\system32\drivers\avgrkx86.sys [6/8/2009 11:35 AM 12552]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;e:\windows\system32\drivers\nvcchflt.sys [1/17/2009 10:32 AM 16640]
R1 AvgLdx86;AVG AVI Loader Driver x86;e:\windows\system32\drivers\avgldx86.sys [6/8/2009 11:35 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;e:\windows\system32\drivers\avgtdix.sys [6/8/2009 11:35 AM 108552]
R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 avg8wd;AVG8 WatchDog;e:\progra~1\AVG\AVG8\avgwdsvc.exe [6/8/2009 11:34 AM 297752]
S0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [2/18/2009 10:19 PM 717296]
S1 atitray;atitray;\??\e:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys --> e:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [?]
S3 SASENUM;SASENUM;e:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-08-27 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: &Download All with FlashGet - e:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - e:\program files\FlashGet\jc_link.htm
IE: Convert link target to Adobe PDF - e:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - e:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
FF - ProfilePath - e:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\y7nelnyu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.teslamotors.com/
FF - component: e:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: e:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: e:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: e:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: e:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: e:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: e:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: e:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: e:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: e:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: e:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: e:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: e:\program files\PayPal\PayPal Plug-In\components\PayPalPlugin.dll
FF - plugin: e:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: e:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - HiddenExtension: XULRunner: {8C4EA56F-D2F6-44B6-88FC-14502457D61F} - e:\documents and settings\Chris\Local Settings\Application Data\{8C4EA56F-D2F6-44B6-88FC-14502457D61F}
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - e:\program files\AskBarDis\bar\bin\askBar.dll
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - e:\program files\AskBarDis\bar\bin\askBar.dll
MSConfigStartUp-braviax - e:\windows\system32\braviax.exe
MSConfigStartUp-RivaTunerStartupDaemon - e:\program files\RivaTuner v2.22\RivaTuner.exe
MSConfigStartUp-system tool - e:\program files\julnuo\wiiosysguard.exe
AddRemove-Half-Life Dedicated Server Update Tool - c:\l4d\UNWISE.EXE
AddRemove-Microsoft Minesweeper for Palm-size PC - e:\program files\minesweeper\DeIsL1.isu



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
e:\program files\SUPERAntiSpyware\SASWINLO.dll
e:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-02-16 23:00:10
ComboFix-quarantined-files.txt 2010-02-17 07:00

Pre-Run: 104,013,565,952 bytes free
Post-Run: 105,252,675,584 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 50F760E1A086253BE520BEC24166980C

Edited by Orange Blossom, 20 February 2010 - 03:04 PM.
Move to Log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:12:53 PM

Posted 21 February 2010 - 10:39 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#3 meanswing

meanswing
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 28 February 2010 - 12:42 PM

Goggle Search links are hijacked

here is my gmer log. thanks

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-28 09:37:07
Windows 5.1.2600 Service Pack 3
Running: 9zf7f8mo.exe; Driver: E:\DOCUME~1\Chris\LOCALS~1\Temp\awayypog.sys


---- System - GMER 1.0.15 ----

SSDT spes.sys ZwCreateKey [0xF73670E0]
SSDT spes.sys ZwEnumerateKey [0xF7385CA2]
SSDT spes.sys ZwEnumerateValueKey [0xF7386030]
SSDT spes.sys ZwOpenKey [0xF73670C0]
SSDT spes.sys ZwQueryKey [0xF7386108]
SSDT spes.sys ZwQueryValueKey [0xF7385F88]
SSDT spes.sys ZwSetValueKey [0xF738619A]

INT 0x62 ? 89BCEBF8
INT 0x63 ? 89A1CF00
INT 0x73 ? 89BCEBF8
INT 0x82 ? 89BCEBF8
INT 0x83 ? 89BCEBF8
INT 0xB4 ? 89A1CF00

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 89BD12D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7398C4C] spes.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7398CA0] spes.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 89A1C5E0
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!RtlInitUnicodeString] 2266E852
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!swprintf] 478B0000
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!KeSetEvent] 50016A40
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoGetConfigurationInformation] E8510000
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00002254
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!MmFreeMappingAddress] 6A18538B
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 868D5200
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 00001C98
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!MmUnmapIoSpace] 2242E850
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 4B8B0000
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IofCompleteRequest] 51016A18
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 1CB4968D
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IofCallDriver] E8520000
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 00002230
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoConnectInterrupt] 001CBB8E
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoDetachDevice] 30C48300
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!KeWaitForSingleObject] 1CBD8688
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!KeInitializeEvent] 80E90000
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!KeCancelTimer] C6000000
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 001CBB86
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!RtlInitAnsiString] 438B0100
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 8E8D5018
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoQueueWorkItem] 00001C90
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!MmMapIoSpace] 2202E851
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 538B0000
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoReportDetectedDevice] 52016A18
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoReportResourceForDetection] 1CAC868D
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] E8500000
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!NlsMbCodePageTag] 000021F0
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!PoRequestPowerIrp] 8A05478A
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB8E
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 18C48300
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!sprintf] 1CBD8688
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 43EB0000
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!ObfDereferenceObject] 320C538A
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 88F93BC0
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 001CBB96
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!ZwClose] F6317300
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 74070647
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 75C0841A
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 05578A0B
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 968801B0
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoCreateDevice] 00001CBD
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 57B60F66
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 533B6604
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 03087408
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!ZwOpenKey] 72F93B3F
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 8A09EBDA
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoStartTimer] 86880547
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!KeInitializeTimer] 00001CBD
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoInitializeTimer] 88084B8A
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!KeInitializeDpc] 001CBE8E
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!KeInitializeSpinLock] 40578B00
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoInitializeIrp] 8D52006A
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!ZwCreateKey] 001CC086
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 81E85000
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 8B000021
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!ZwSetValueKey] 001CB88E
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!KeInsertQueueDpc] BC968B00
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 8900001C
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoStartPacket] 001CC48E
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] C8968900
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 8B00001C
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoFreeMdl] 016A4047
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!MmUnlockPages] CCC68150
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 5600001C
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 002157E8
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!KeSynchronizeExecution] CCCCCCC3
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoStartNextPacket] CCCCCCCC
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!KeBugCheckEx] CCCCCCCC
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] CCCCCCCC
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!KeSetTimer] 8BEC8B55
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!_allmul] 00C73445
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000000
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!_except_handler3] 830C458B
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!PoSetPowerState] C0840CEC
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 053C0D74
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B80974
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 8B000000
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!_aulldiv] 56C35DE5
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!strstr] 8D08758B
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!_strupr] 8D51FC4D
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!KeQuerySystemTime] 8D52FD55
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 8D51FE4D
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!KeTickCount] 8D52FF55
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 8D51F84D
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoDeleteDevice] 5052F455
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] EACAE856
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoAllocateWorkItem] C483FFFF
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoAllocateIrp] 0FC08520
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoAllocateMdl] 0001AD85
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 46B70F00
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!MmLockPagableDataSection] F44D8B48
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] C1815753
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 00002590
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!ExFreePoolWithTag] 467C8D51
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoFreeIrp] 7622E84A
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!IoFreeWorkItem] D88BFFFF
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!InitSafeBootMode] 8504C483
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!RtlCompareMemory] 5F0A75DB
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!PoCallDriver] 5B08438D
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!memmove] 5DE58B5E
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[ntoskrnl.exe!MmHighestUserAddress] 259068C3
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\at7daarl.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7378048] spes.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89B5D1F8
Device \FileSystem\Fastfat \FatCdrom 898D2500
Device \Driver\usbohci \Device\USBPDO-0 89A1D1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89B5F1F8
Device \Driver\dmio \Device\DmControl\DmConfig 89B5F1F8
Device \Driver\dmio \Device\DmControl\DmPnP 89B5F1F8
Device \Driver\dmio \Device\DmControl\DmInfo 89B5F1F8
Device \Driver\usbehci \Device\USBPDO-1 89AE81F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 89BCF1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89BCF1F8
Device \Driver\Cdrom \Device\CdRom0 89A221F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 89BCF1F8
Device \Driver\Cdrom \Device\CdRom1 89A221F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 89BCF1F8
Device \Driver\Cdrom \Device\CdRom2 89A221F8
Device \Driver\usbstor \Device\00000079 8998D1F8
Device \Driver\PCI_PNP0752 \Device\0000004c spes.sys
Device \Driver\sptd \Device\3311362002 spes.sys
Device \Driver\usbohci \Device\USBFDO-0 89A1D1F8
Device \Driver\usbehci \Device\USBFDO-1 89AE81F8
Device \Driver\usbstor \Device\0000007b 8998D1F8
Device \Driver\usbstor \Device\0000007c 8998D1F8
Device \Driver\usbstor \Device\0000007d 8998D1F8
Device \Driver\Ftdisk \Device\FtControl 89BCF1F8
Device \Driver\usbstor \Device\0000007e 8998D1F8
Device \Driver\at7daarl \Device\Scsi\at7daarl1 899E51F8
Device \Driver\at7daarl \Device\Scsi\at7daarl1Port3Path0Target0Lun0 899E51F8
Device \FileSystem\Fastfat \Fat 898D2500
Device \FileSystem\Cdfs \Cdfs 898D51F8

---- EOF - GMER 1.0.15 ----

Edited by Orange Blossom, 28 February 2010 - 03:48 PM.
Moved from Windows XP Home and Pro as logs are included ~Pandy: Merged topics. ~ OB


#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,113 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:53 PM

Posted 28 February 2010 - 03:50 PM

Hello meanswing,

I have merged your latest topic to your previously existing topic on the same issue. Please be sure to follow all the instructions provided in post number 2. Please keep all posts regarding this issue to this topic by using the Add Reply button found near the bottom of the topic. Starting new topics confuses things for everyone and delays the assistance you receive.

Orange Blossom fruits_cherry.gif
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#5 meanswing

meanswing
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 28 February 2010 - 05:29 PM

okay thnx. some1 informed me that the combofix log would be ignored so i posted a GMER log as soon as i had free time. I tried running dds.scr but i got this error: "This program cannot be run in DOS mode" I attached a copy of the notepad file that came up.

Edit 1: i had to uninstall Autocad to run DDS.scr properly

Here is my DDS.txt:



DDS (Ver_09-12-01.01) - NTFSx86
Run by Chris at 17:54:20.67 on Sun 02/28/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1329 [GMT -8:00]


============== Running Processes ===============

E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
svchost.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\system32\svchost.exe -k hpdevmgmt
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\svchost.exe -k imgsvc
E:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
E:\WINDOWS\system32\SearchIndexer.exe
E:\PROGRA~1\AVG\AVG8\avgam.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\PROGRA~1\AVG\AVG8\avgnsx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\WINDOWS\system32\svchost.exe -k HPService
E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
D:\Program Files\Steam\Steam.exe
E:\WINDOWS\System32\svchost.exe -k HTTPFilter
E:\WINDOWS\System32\svchost.exe -k HPZ12
E:\WINDOWS\System32\svchost.exe -k HPZ12
E:\WINDOWS\system32\msiexec.exe
E:\Documents and Settings\Chris\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - e:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - e:\program files\flashget\jccatch.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - e:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - e:\program files\paypal\paypal plug-in\OToolbar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - e:\program files\daemon tools toolbar\DTToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - e:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "e:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [NVIDIA nTune] "e:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [cdloader] "e:\documents and settings\chris\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [GrooveMonitor] "e:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] e:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [AVG8_TRAY] e:\progra~1\avg\avg8\avgtray.exe
mRun: [HP Software Update] e:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] e:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "e:\program files\quicktime\qttask.exe" -atboottime
mRun: [StartCCC] "e:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - e:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - e:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - e:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: &Download All with FlashGet - e:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - e:\program files\flashget\jc_link.htm
IE: Convert link target to Adobe PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - e:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - e:\program files\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - e:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - e:\progra~1\micros~1\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - e:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - e:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - e:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - e:\progra~1\micros~1\office12\GRA8E1~1.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - e:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - e:\program files\superantispyware\SASSEH.DLL
Hosts: 91.212.127.226 osguardpro.microsoft.com
Hosts: 91.212.127.226 os-guardpro.com
Hosts: 91.212.127.226 www.os-guardpro.com

================= FIREFOX ===================

FF - ProfilePath - e:\docume~1\chris\applic~1\mozilla\firefox\profiles\y7nelnyu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.teslamotors.com/
FF - component: e:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: e:\program files\paypal\paypal plug-in\components\PayPalPlugin.dll
FF - plugin: e:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - HiddenExtension: XULRunner: {8C4EA56F-D2F6-44B6-88FC-14502457D61F} - e:\documents and settings\chris\local settings\application data\{8C4EA56F-D2F6-44B6-88FC-14502457D61F}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;e:\windows\system32\drivers\avgrkx86.sys [2009-6-8 12552]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;e:\windows\system32\drivers\nvcchflt.sys [2009-1-17 16640]
R1 AvgLdx86;AVG AVI Loader Driver x86;e:\windows\system32\drivers\avgldx86.sys [2009-6-8 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;e:\windows\system32\drivers\avgmfx86.sys [2009-1-20 27784]
R1 AvgTdiX;AVG8 Network Redirector;e:\windows\system32\drivers\avgtdix.sys [2009-6-8 108552]
R1 SASDIFSV;SASDIFSV;e:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;e:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 avg8wd;AVG8 WatchDog;e:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-8 297752]
S1 atitray;atitray;\??\e:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys --> e:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys [?]
S3 SASENUM;SASENUM;e:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]

=============== Created Last 30 ================

2010-02-17 07:12:40 0 d-----w- e:\windows\srchasst
2010-02-17 07:12:40 0 d-----w- e:\program files\common files\speechengines
2010-02-17 07:12:39 0 d-----w- e:\windows\system32\xircom
2010-02-17 07:12:39 0 d-----w- e:\windows\system32\inetsrv
2010-02-17 07:12:39 0 d-----w- e:\windows\system32\ime
2010-02-17 07:12:39 0 d-----w- e:\program files\msn gaming zone
2010-02-17 06:52:28 0 d-----w- E:\ComboFix
2010-02-13 21:17:21 0 ----a-w- e:\documents and settings\chris\defogger_reenable
2010-02-13 07:54:20 77312 ----a-w- e:\windows\MBR.exe
2010-02-13 07:54:19 98816 ----a-w- e:\windows\sed.exe
2010-02-13 07:54:19 261632 ----a-w- e:\windows\PEV.exe
2010-02-13 07:54:19 161792 ----a-w- e:\windows\SWREG.exe
2010-02-13 02:10:24 0 d-----w- e:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-02-13 02:10:14 0 d-----w- e:\program files\SUPERAntiSpyware
2010-02-13 02:10:14 0 d-----w- e:\docume~1\chris\applic~1\SUPERAntiSpyware.com
2010-02-10 16:06:59 23110 ----a-w- e:\windows\hpqins15.dat
2010-02-08 09:23:53 138056 ----a-w- e:\docume~1\chris\applic~1\PnkBstrK.sys
2010-02-08 09:23:34 2434856 ----a-w- e:\windows\system32\pbsvc_bc2.exe
2010-02-07 20:44:35 0 d-----w- e:\windows\SxsCaPendDel
2010-02-03 05:37:58 0 d-----w- e:\program files\LizardTech
2010-01-30 20:41:42 0 d-----w- e:\program files\TrendMicro

==================== Find3M ====================

2010-02-13 19:35:13 215128 ----a-w- e:\windows\system32\PnkBstrB.exe
2010-02-13 19:27:45 139128 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys
2010-01-08 00:07:14 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 00:07:04 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2009-12-05 03:17:07 102400 ----a-w- e:\windows\DUMP4507.tmp
2008-03-09 13:25:10 236 -c-ha-w- e:\program files\common files\dx.reg
2003-09-11 00:07:18 11815 ----a-w- e:\windows\inf\Tjusbdev.sys

============= FINISH: 17:54:35.75 ===============

Attached Files


Edited by meanswing, 28 February 2010 - 09:02 PM.


#6 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:12:53 PM

Posted 01 March 2010 - 07:12 AM

Hello meanswing,

Welcome to Bleeping Computer.

My name is Tokek and I will be helping you with your Malware problem.

I apologize for the delay in replying to your post, the forum have been extremely busy.

Please make no further changes or run any other tools unless instructed to. This may hinder the cleaning of your machine.

Please give me some time to look over your log, I will post the reply as soon as I am able.

If I don't reply to your post in 3 days, please send me a PM as sometimes life gets hectic and I may inadvertently forgot.


If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#7 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:12:53 PM

Posted 02 March 2010 - 02:38 AM

Hello meanswing,

We Need to check for Rootkits with RootRepeal
  1. Download RootRepeal from the following location and save it to your desktop.
  2. Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  3. Open on your desktop.
  4. Click the tab.
  5. Click the button.
  6. Check all seven boxes:
  7. Push Ok
  8. Check the box for your main system drive (Usually C:), and press Ok.
  9. Allow RootRepeal to run a scan of your system. This may take some time.
  10. Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.


In your next reply, please include the following:
  • RootRepeal

If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#8 meanswing

meanswing
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 03 March 2010 - 02:01 PM

I tried running Root Repeal and i kept getting an error "Error - invalid PE image found!" but it lets me run the program. Once i check all the options in Report it hangs for a bit then goes to blue screen. I tried it both on Safe Mode and Regular. This is the blue screen error:

A process or thread crucial to system operation has unexpectedly exited or have been terminated....
...STOP: 0x000000F4 (0x00000003,0x8947E788,0x8947E8FC,0x80502970)

Beginning dump of physical memory

#9 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:12:53 PM

Posted 05 March 2010 - 09:06 AM

Hello meanswing,

Please download MBR.EXE by GMER. Save the file in your Root directory (C:\).

Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:

QUOTE
@echo off
cd\
mbr.exe -t
start mbr.log
  • Go to the File menu at the top of the Notepad and select Save as.
  • Select Save in: desktop
  • Fill in File name: look.bat
  • Save as type: All file types (*.*)
  • Click save.
  • Close the Notepad.
  • Locate and right-click look.bat on the desktop and select "Run as Administrator."
  • A notepad opens, copy and paste the content (mbr.log) to your reply.

In your next reply, please include the following:
  • MBR log
  • new DDS log

If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#10 meanswing

meanswing
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 05 March 2010 - 11:50 PM

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys sprs.sys >>UNKNOWN [0x89D80938]<<
kernel: MBR read successfully
user & kernel MBR OK


----------------------------------------------------------------------------------------------------------------------------------------------



DDS (Ver_09-12-01.01) - NTFSx86
Run by Chris at 19:34:08.03 on Fri 03/05/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1520 [GMT -8:00]


============== Running Processes ===============

E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
svchost.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\system32\svchost.exe -k hpdevmgmt
E:\WINDOWS\system32\svchost.exe -k HPService
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
E:\PROGRA~1\AVG\AVG8\avgam.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\PROGRA~1\AVG\AVG8\avgnsx.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\svchost.exe -k imgsvc
E:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
E:\WINDOWS\system32\SearchIndexer.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
E:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\Program Files\Steam\Steam.exe
E:\WINDOWS\System32\svchost.exe -k HPZ12
E:\WINDOWS\System32\svchost.exe -k HPZ12
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Documents and Settings\Chris\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - e:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - e:\program files\flashget\jccatch.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - e:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - e:\program files\paypal\paypal plug-in\OToolbar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - e:\program files\daemon tools toolbar\DTToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - e:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "e:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [NVIDIA nTune] "e:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [cdloader] "e:\documents and settings\chris\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [GrooveMonitor] "e:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] e:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [AVG8_TRAY] e:\progra~1\avg\avg8\avgtray.exe
mRun: [HP Software Update] e:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] e:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "e:\program files\quicktime\qttask.exe" -atboottime
mRun: [StartCCC] "e:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - e:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - e:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - e:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: &Download All with FlashGet - e:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - e:\program files\flashget\jc_link.htm
IE: Convert link target to Adobe PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - e:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - e:\program files\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - e:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267722244515
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - e:\progra~1\micros~1\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - e:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - e:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - e:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - e:\progra~1\micros~1\office12\GRA8E1~1.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - e:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - e:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - e:\docume~1\chris\applic~1\mozilla\firefox\profiles\y7nelnyu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.teslamotors.com/
FF - component: e:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: e:\program files\paypal\paypal plug-in\components\PayPalPlugin.dll
FF - plugin: e:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - HiddenExtension: XULRunner: {8C4EA56F-D2F6-44B6-88FC-14502457D61F} - e:\documents and settings\chris\local settings\application data\{8C4EA56F-D2F6-44B6-88FC-14502457D61F}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;e:\windows\system32\drivers\avgrkx86.sys [2009-6-8 12552]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;e:\windows\system32\drivers\nvcchflt.sys [2009-1-17 16640]
R1 AvgLdx86;AVG AVI Loader Driver x86;e:\windows\system32\drivers\avgldx86.sys [2009-6-8 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;e:\windows\system32\drivers\avgmfx86.sys [2009-1-20 27784]
R1 AvgTdiX;AVG8 Network Redirector;e:\windows\system32\drivers\avgtdix.sys [2009-6-8 108552]
R1 SASDIFSV;SASDIFSV;e:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;e:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 avg8wd;AVG8 WatchDog;e:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-8 297752]
S1 atitray;atitray;\??\e:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys --> e:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys [?]
S3 rootrepeal;rootrepeal;\??\e:\windows\system32\drivers\rootrepeal.sys --> e:\windows\system32\drivers\rootrepeal.sys [?]
S3 rootrepeal2;rootrepeal2;\??\e:\windows\system32\drivers\rootrepeal2.sys --> e:\windows\system32\drivers\rootrepeal2.sys [?]
S3 SASENUM;SASENUM;e:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]

=============== Created Last 30 ================

2010-02-17 07:12:40 0 d-----w- e:\windows\srchasst
2010-02-17 07:12:40 0 d-----w- e:\program files\common files\speechengines
2010-02-17 07:12:39 0 d-----w- e:\windows\system32\xircom
2010-02-17 07:12:39 0 d-----w- e:\windows\system32\inetsrv
2010-02-17 07:12:39 0 d-----w- e:\windows\system32\ime
2010-02-17 07:12:39 0 d-----w- e:\program files\msn gaming zone
2010-02-17 06:52:28 0 d-----w- E:\ComboFix
2010-02-13 21:17:21 0 ----a-w- e:\documents and settings\chris\defogger_reenable
2010-02-13 07:54:20 77312 ----a-w- e:\windows\MBR.exe
2010-02-13 07:54:19 98816 ----a-w- e:\windows\sed.exe
2010-02-13 07:54:19 261632 ----a-w- e:\windows\PEV.exe
2010-02-13 07:54:19 161792 ----a-w- e:\windows\SWREG.exe
2010-02-13 02:10:24 0 d-----w- e:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-02-13 02:10:14 0 d-----w- e:\program files\SUPERAntiSpyware
2010-02-13 02:10:14 0 d-----w- e:\docume~1\chris\applic~1\SUPERAntiSpyware.com
2010-02-10 16:06:59 23110 ----a-w- e:\windows\hpqins15.dat
2010-02-08 09:23:53 138056 ----a-w- e:\docume~1\chris\applic~1\PnkBstrK.sys
2010-02-08 09:23:34 2434856 ----a-w- e:\windows\system32\pbsvc_bc2.exe
2010-02-07 20:44:35 0 d-----w- e:\windows\SxsCaPendDel

==================== Find3M ====================

2010-02-13 19:35:13 215128 ----a-w- e:\windows\system32\PnkBstrB.exe
2010-02-13 19:27:45 139128 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys
2010-01-08 00:07:14 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 00:07:04 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2008-03-09 13:25:10 236 -c-ha-w- e:\program files\common files\dx.reg
2003-09-11 00:07:18 11815 ----a-w- e:\windows\inf\Tjusbdev.sys

============= FINISH: 19:34:30.37 ===============

Attached Files



#11 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:12:53 PM

Posted 07 March 2010 - 10:13 AM

Hello meanswing,

Let's do another run of Combofix so I can see where we're at. You may want to download a new version in case there's been updates to it.

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
If it asks you, please install the Windows Recovery Console (internet connection required).
    When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new DDS log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


In your next reply, please include the following:
  • ComboFix.txt

If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#12 meanswing

meanswing
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 07 March 2010 - 08:21 PM

ComboFix 10-03-07.02 - Chris 03/07/2010 16:18:09.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1554 [GMT -8:00]
Running from: e:\documents and settings\Chris\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-02-08 to 2010-03-08 )))))))))))))))))))))))))))))))
.

2010-03-06 18:28 . 2010-03-06 18:28 667648 ----a-w- e:\documents and settings\Chris\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv306a-1002180-0-main.dll
2010-03-06 18:28 . 2010-03-06 18:28 319488 ----a-w- e:\documents and settings\Chris\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
2010-03-06 01:09 . 2010-03-06 01:09 -------- d-----w- e:\program files\Google
2010-02-17 07:12 . 2010-02-17 07:12 -------- d-----w- e:\windows\srchasst
2010-02-17 07:12 . 2010-02-17 07:12 -------- d-----w- e:\windows\system32\xircom
2010-02-17 07:12 . 2010-02-17 07:12 -------- d-----w- e:\program files\microsoft frontpage
2010-02-13 02:11 . 2010-02-13 02:11 52224 ----a-w- e:\documents and settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-13 02:11 . 2010-02-13 02:11 117760 ----a-w- e:\documents and settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-13 02:10 . 2010-02-13 02:10 -------- d-----w- e:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-13 02:10 . 2010-02-13 07:08 -------- d-----w- e:\program files\SUPERAntiSpyware
2010-02-13 02:10 . 2010-02-13 02:10 -------- d-----w- e:\documents and settings\Chris\Application Data\SUPERAntiSpyware.com
2010-02-10 16:06 . 2010-02-10 16:09 23110 ----a-w- e:\windows\hpqins15.dat
2010-02-08 09:25 . 2010-02-08 09:25 -------- d-----w- e:\program files\Electronic Arts
2010-02-08 09:23 . 2010-02-08 09:23 138056 ----a-w- e:\documents and settings\Chris\Application Data\PnkBstrK.sys
2010-02-08 09:23 . 2010-02-08 09:23 2434856 ----a-w- e:\windows\system32\pbsvc_bc2.exe
2010-02-07 23:26 . 2010-02-07 23:26 -------- d-----w- e:\documents and settings\Chris\Local Settings\Application Data\AliensVsPredator
2010-02-07 20:44 . 2010-02-09 03:45 -------- d-----w- e:\windows\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 07:42 . 2009-01-20 02:31 -------- d-----w- e:\documents and settings\Chris\Application Data\Azureus
2010-03-07 07:33 . 2009-07-18 07:05 -------- d-----w- e:\program files\FlashGet
2010-03-07 02:29 . 2009-06-07 14:21 -------- d-----w- e:\documents and settings\Chris\Application Data\Thinstall
2010-03-06 01:33 . 2009-07-11 19:58 -------- d-----w- e:\documents and settings\Chris\Application Data\HPAppData
2010-03-05 05:24 . 2010-01-29 22:16 -------- d-----w- e:\program files\World of Warcraft
2010-03-01 02:14 . 2009-01-20 02:31 72896 -c--a-w- e:\documents and settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-01 01:50 . 2010-01-21 06:03 -------- d-----w- e:\documents and settings\All Users\Application Data\Autodesk
2010-03-01 01:50 . 2010-01-21 06:00 -------- d-----w- e:\program files\Common Files\Autodesk Shared
2010-02-27 02:28 . 2009-07-08 04:39 -------- d-----w- e:\documents and settings\Chris\Application Data\vlc
2010-02-17 16:28 . 2009-08-21 06:29 -------- d-----w- e:\documents and settings\Chris\Application Data\HpUpdate
2010-02-13 19:35 . 2009-08-22 18:48 215128 ----a-w- e:\windows\system32\PnkBstrB.exe
2010-02-13 19:27 . 2009-08-22 19:18 139128 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys
2010-02-13 02:08 . 2009-02-07 06:35 -------- d-----w- e:\program files\Common Files\Wise Installation Wizard
2010-02-03 05:37 . 2010-02-03 05:37 -------- d-----w- e:\program files\LizardTech
2010-01-30 20:41 . 2010-01-30 20:41 388096 ----a-r- e:\documents and settings\Chris\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-30 20:41 . 2010-01-30 20:41 -------- d-----w- e:\program files\TrendMicro
2010-01-29 23:27 . 2010-01-29 23:12 -------- d-----w- e:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-01-29 22:56 . 2010-01-29 03:28 -------- d-----w- e:\program files\Common Files\Blizzard Entertainment
2010-01-29 22:31 . 2009-01-20 03:59 -------- d-----w- e:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-29 08:20 . 2010-01-22 08:40 0 ----a-w- e:\windows\Lxukezusuqikuw.bin
2010-01-29 08:20 . 2010-01-22 08:40 120 ----a-w- e:\windows\Wmafis.dat
2010-01-29 03:30 . 2010-01-29 03:30 -------- d-----w- e:\documents and settings\All Users\Application Data\Blizzard
2010-01-27 06:24 . 2009-12-23 01:19 -------- d-----w- e:\program files\MATLAB
2010-01-24 05:18 . 2009-09-01 01:20 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-01-21 06:03 . 2010-01-21 06:03 -------- d-----w- e:\documents and settings\Chris\Application Data\Autodesk
2010-01-21 06:00 . 2010-01-21 06:00 -------- d-----w- e:\program files\Autodesk
2010-01-20 19:16 . 2009-06-07 00:04 -------- d-----w- e:\documents and settings\Chris\Application Data\mjusbsp
2010-01-19 18:15 . 2010-01-16 10:55 -------- d-----w- e:\program files\ATI
2010-01-19 18:12 . 2010-01-19 18:12 -------- d-----w- e:\documents and settings\All Users\Application Data\ATI
2010-01-19 08:39 . 2009-01-31 03:39 -------- d-----w- e:\program files\ATI Technologies
2010-01-19 08:39 . 2010-01-19 08:39 10134 ----a-r- e:\documents and settings\Chris\Application Data\Microsoft\Installer\{A778A787-08A4-4089-CB68-02A9737DE532}\ARPPRODUCTICON.exe
2010-01-19 08:06 . 2010-01-19 08:06 -------- d-----w- e:\program files\SystemRequirementsLab
2010-01-19 08:06 . 2010-01-19 08:06 138240 ----a-w- e:\documents and settings\Chris\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2010-01-19 08:06 . 2010-01-19 08:06 138240 ----a-w- e:\documents and settings\Chris\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2010-01-19 08:06 . 2010-01-19 08:06 138240 ----a-w- e:\documents and settings\Chris\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2010-01-19 08:06 . 2010-01-19 08:06 138240 ----a-w- e:\documents and settings\Chris\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2010-01-19 08:06 . 2010-01-19 08:06 -------- d-----w- e:\documents and settings\Chris\Application Data\SystemRequirementsLab
2010-01-19 06:13 . 2010-01-19 05:26 -------- d-----w- e:\program files\MultiRes(2)
2010-01-19 05:25 . 2010-01-19 05:25 -------- d-----w- e:\program files\Radeon Omega Drivers
2010-01-16 21:16 . 2010-01-16 21:16 -------- d-----w- e:\program files\IObit
2010-01-08 00:07 . 2009-09-01 01:20 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 00:07 . 2009-09-01 01:20 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2009-12-24 16:59 . 2009-12-24 16:59 93016 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\ug00000\magicJack.dll
2009-12-24 16:58 . 2010-01-20 19:16 6515976 ---ha-w- e:\documents and settings\Chris\Application Data\mjusbsp\in00000\setup.exe
2009-12-24 16:58 . 2010-01-20 02:01 6515976 ---ha-w- e:\documents and settings\Chris\Application Data\mjusbsp\Upgrade\setup2.exe
2009-12-24 16:58 . 2009-12-24 16:58 6515976 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\ug00000\setup.exe
2009-12-24 16:58 . 2009-12-24 16:58 416328 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\magicJackLoader.exe
2009-12-24 16:58 . 2009-12-24 16:58 480608 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\octvqe1_apiw.dll
2009-12-24 16:58 . 2009-12-24 16:58 214360 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\TjVista.dll
2009-12-24 16:58 . 2009-12-24 16:58 337240 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\TjIpSys.dll
2009-12-24 16:58 . 2009-12-24 16:58 607600 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\SJHandsetMagicJack.dll
2009-12-24 16:58 . 2009-12-24 16:58 87384 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\st00000\mjsetup.exe
2009-12-24 16:57 . 2009-12-24 16:57 93016 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\st00000\magicJack.dll
2009-12-24 16:57 . 2009-12-24 16:57 93016 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\magicJack.dll
2009-12-24 16:55 . 2009-12-24 16:55 12482904 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\magicJack.exe
2009-12-24 16:54 . 2010-01-20 19:16 730032 ---ha-w- e:\documents and settings\Chris\Application Data\mjusbsp\ar00000\install.exe
2009-12-24 16:54 . 2010-01-20 02:01 730032 ---ha-w- e:\documents and settings\Chris\Application Data\mjusbsp\Upgrade\install2.exe
2009-12-24 16:54 . 2009-12-24 16:54 730032 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\ug00000\install.exe
2009-12-24 16:53 . 2009-12-24 16:53 87384 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\in00000\mjsetup.exe
2009-12-24 16:53 . 2009-12-24 16:53 93016 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\in00000\magicJack.dll
2009-12-24 16:52 . 2009-12-24 16:52 441704 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2009-12-24 16:52 . 2009-12-24 16:52 441704 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\st00000\magicJackSplash.exe
2009-12-24 16:52 . 2009-12-24 16:52 441704 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\magicJackSplash.exe
2009-12-24 16:52 . 2009-12-24 16:52 441704 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\in00000\magicJackSplash.exe
2009-12-24 16:52 . 2009-12-24 16:52 50520 ----a-w- e:\documents and settings\Chris\Application Data\mjusbsp\cdloader2.exe
2009-12-23 01:52 . 2009-12-23 01:52 4844296 ----a-w- e:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-11 02:25 . 2009-12-11 02:25 664 ----a-w- e:\windows\system32\d3d9caps.dat
2008-03-09 13:25 . 2009-02-02 00:02 236 -c-ha-w- e:\program files\Common Files\dx.reg
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- e:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- e:\program files\mozilla firefox\plugins\ssldivx.dll
2006-02-23 13:16 . 2009-03-18 07:59 34048 -c--a-w- e:\program files\mozilla firefox\plugins\upd62i9x.dll
2006-02-23 13:16 . 2009-03-18 07:59 45056 -c--a-w- e:\program files\mozilla firefox\plugins\upd62int.dll
.

------- Sigcheck -------


[-] 2008-04-28 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . e:\windows\system32\drivers\tcpip.sys




e:\windows\System32\drivers\beep.sys ... is missing !!
e:\windows\System32\wscntfy.exe ... is missing !!
e:\windows\System32\eventlog.dll ... is missing !!
e:\windows\System32\regsvc.dll ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2010-02-17_06.59.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-08 00:17 . 2010-03-08 00:17 16384 e:\windows\Temp\Perflib_Perfdata_688.dat
+ 2010-03-08 00:16 . 2010-03-08 00:16 16384 e:\windows\Temp\Perflib_Perfdata_644.dat
+ 2009-01-18 00:55 . 2009-08-07 03:23 209624 e:\windows\system32\wuweb.dll
+ 2010-02-25 07:41 . 2006-02-28 12:00 158208 e:\windows\PCHealth\HelpCtr\Binaries\msconfig.exe
+ 2009-01-17 18:29 . 2010-03-02 21:10 1562728 e:\windows\system32\FNTCACHE.DAT
+ 2010-03-06 01:09 . 2010-03-06 01:09 14954496 e:\windows\Installer\43f078d.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-17 139264]
"NVIDIA nTune"="e:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
"cdloader"="e:\documents and settings\Chris\Application Data\mjusbsp\cdloader2.exe" [2009-12-24 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NeroFilterCheck"="e:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"AVG8_TRAY"="e:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-10 2043160]
"HP Software Update"="e:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"hpqSRMon"="e:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-25 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]

e:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - e:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2009-6-12 25214]
Device Detector 3.lnk - e:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-2-19 118784]
HP Digital Imaging Monitor.lnk - e:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "e:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- e:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-30 20:28 11952 ----a-w- e:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office-Logic Notify.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\Office-Logic Notify.lnk
backup=e:\windows\pss\Office-Logic Notify.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^SATARAID5.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\SATARAID5.lnk
backup=e:\windows\pss\SATARAID5.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 09:12 483328 ----a-w- e:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 -c--a-w- e:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
2007-09-25 08:10 2007088 ----a-w- e:\program files\FlashGet\flashget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 19:06 290088 -c--a-w- e:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-09-05 01:25 81920 -c--a-w- e:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 22:18 413696 -c--a-w- e:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-06-26 22:56 25604904 ----a-r- e:\program files\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"d:\\Program Files\\Steam\\steamapps\\triplesix877\\source sdk base 2007\\hl2.exe"=
"d:\\Program Files\\Steam\\steamapps\\triplesix877\\condition zero\\hl.exe"=
"d:\\Program Files\\Steam\\steamapps\\triplesix877\\counter-strike source\\hl2.exe"=
"d:\\Program Files\\Steam\\steamapps\\triplesix877\\counter-strike\\hl.exe"=
"d:\\Program Files\\Vuze\\Azureus.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\Trillian\\trillian.exe"=
"d:\\Program Files\\Steam\\steamapps\\triplesix877\\team fortress 2\\hl2.exe"=
"e:\\Program Files\\Vuze\\Azureus.exe"=
"e:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"e:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"e:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"e:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\FlashGet\\flashget.exe"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Documents and Settings\\Chris\\Application Data\\mjusbsp\\magicJack.exe"=
"e:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2 - BETA\\BFBC2BetaUpdater.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"e:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"e:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\srcds.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"427:UDP"= 427:UDP:SLP_Port(427)
"9100:TCP"= 9100:TCP:HPc4580
"9100:UDP"= 9100:UDP:hpc4580

R0 AvgRkx86;avgrkx86.sys;e:\windows\system32\drivers\avgrkx86.sys [6/8/2009 11:35 AM 12552]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;e:\windows\system32\drivers\nvcchflt.sys [1/17/2009 10:32 AM 16640]
R1 AvgLdx86;AVG AVI Loader Driver x86;e:\windows\system32\drivers\avgldx86.sys [6/8/2009 11:35 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;e:\windows\system32\drivers\avgtdix.sys [6/8/2009 11:35 AM 108552]
R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 avg8wd;AVG8 WatchDog;e:\progra~1\AVG\AVG8\avgwdsvc.exe [6/8/2009 11:34 AM 297752]
S0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [2/18/2009 10:19 PM 717296]
S1 atitray;atitray;\??\e:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys --> e:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [?]
S3 rootrepeal2;rootrepeal2;\??\e:\windows\system32\drivers\rootrepeal2.sys --> e:\windows\system32\drivers\rootrepeal2.sys [?]
S3 SASENUM;SASENUM;e:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-08-27 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: &Download All with FlashGet - e:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - e:\program files\FlashGet\jc_link.htm
IE: Convert link target to Adobe PDF - e:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - e:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
FF - ProfilePath - e:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\y7nelnyu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.teslamotors.com/
FF - component: e:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: e:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: e:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: e:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: e:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: e:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: e:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: e:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: e:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: e:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: e:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: e:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: e:\program files\PayPal\PayPal Plug-In\components\PayPalPlugin.dll
FF - plugin: e:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: e:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - HiddenExtension: XULRunner: {8C4EA56F-D2F6-44B6-88FC-14502457D61F} - e:\documents and settings\Chris\Local Settings\Application Data\{8C4EA56F-D2F6-44B6-88FC-14502457D61F}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-07 16:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
e:\program files\SUPERAntiSpyware\SASWINLO.dll
e:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-03-07 16:25:58
ComboFix-quarantined-files.txt 2010-03-08 00:25
ComboFix2.txt 2010-02-17 07:00

Pre-Run: 105,168,916,480 bytes free
Post-Run: 105,194,754,048 bytes free

- - End Of File - - 455E35F7DB1D998E643A1EC762F7578E




DDS (Ver_09-12-01.01) - NTFSx86
Run by Chris at 17:18:26.29 on Sun 03/07/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1401 [GMT -8:00]


============== Running Processes ===============

E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
svchost.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\system32\svchost.exe -k hpdevmgmt
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\System32\svchost.exe -k HPZ12
E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
E:\WINDOWS\System32\svchost.exe -k HPZ12
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\svchost.exe -k imgsvc
E:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
E:\PROGRA~1\AVG\AVG8\avgam.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\PROGRA~1\AVG\AVG8\avgnsx.exe
E:\WINDOWS\system32\SearchIndexer.exe
E:\WINDOWS\system32\svchost.exe -k HPService
E:\WINDOWS\explorer.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Documents and Settings\Chris\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - e:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - e:\program files\flashget\jccatch.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - e:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - e:\program files\paypal\paypal plug-in\OToolbar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - e:\program files\daemon tools toolbar\DTToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - e:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "e:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [NVIDIA nTune] "e:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [cdloader] "e:\documents and settings\chris\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [GrooveMonitor] "e:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] e:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [AVG8_TRAY] e:\progra~1\avg\avg8\avgtray.exe
mRun: [HP Software Update] e:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] e:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "e:\program files\quicktime\qttask.exe" -atboottime
mRun: [StartCCC] "e:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - e:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - e:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - e:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: &Download All with FlashGet - e:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - e:\program files\flashget\jc_link.htm
IE: Convert link target to Adobe PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - e:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - e:\program files\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - e:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267722244515
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - e:\progra~1\micros~1\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - e:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - e:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - e:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - e:\progra~1\micros~1\office12\GRA8E1~1.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - e:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - e:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - e:\docume~1\chris\applic~1\mozilla\firefox\profiles\y7nelnyu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.teslamotors.com/
FF - component: e:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: e:\program files\paypal\paypal plug-in\components\PayPalPlugin.dll
FF - plugin: e:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: e:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - HiddenExtension: XULRunner: {8C4EA56F-D2F6-44B6-88FC-14502457D61F} - e:\documents and settings\chris\local settings\application data\{8C4EA56F-D2F6-44B6-88FC-14502457D61F}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;e:\windows\system32\drivers\avgrkx86.sys [2009-6-8 12552]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;e:\windows\system32\drivers\nvcchflt.sys [2009-1-17 16640]
R1 AvgLdx86;AVG AVI Loader Driver x86;e:\windows\system32\drivers\avgldx86.sys [2009-6-8 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;e:\windows\system32\drivers\avgmfx86.sys [2009-1-20 27784]
R1 AvgTdiX;AVG8 Network Redirector;e:\windows\system32\drivers\avgtdix.sys [2009-6-8 108552]
R1 SASDIFSV;SASDIFSV;e:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;e:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 avg8wd;AVG8 WatchDog;e:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-8 297752]
S1 atitray;atitray;\??\e:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys --> e:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys [?]
S3 rootrepeal2;rootrepeal2;\??\e:\windows\system32\drivers\rootrepeal2.sys --> e:\windows\system32\drivers\rootrepeal2.sys [?]
S3 SASENUM;SASENUM;e:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
UnknownUnknown rootrepeal;rootrepeal; [x]

=============== Created Last 30 ================

2010-03-08 00:14:32 0 d-----w- E:\ComboFix
2010-02-17 07:12:40 0 d-----w- e:\windows\srchasst
2010-02-17 07:12:40 0 d-----w- e:\program files\common files\speechengines
2010-02-17 07:12:39 0 d-----w- e:\windows\system32\xircom
2010-02-17 07:12:39 0 d-----w- e:\windows\system32\inetsrv
2010-02-17 07:12:39 0 d-----w- e:\windows\system32\ime
2010-02-17 07:12:39 0 d-----w- e:\program files\msn gaming zone
2010-02-13 21:17:21 0 ----a-w- e:\documents and settings\chris\defogger_reenable
2010-02-13 07:54:20 77312 ----a-w- e:\windows\MBR.exe
2010-02-13 07:54:19 98816 ----a-w- e:\windows\sed.exe
2010-02-13 07:54:19 261632 ----a-w- e:\windows\PEV.exe
2010-02-13 07:54:19 161792 ----a-w- e:\windows\SWREG.exe
2010-02-13 02:10:24 0 d-----w- e:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-02-13 02:10:14 0 d-----w- e:\program files\SUPERAntiSpyware
2010-02-13 02:10:14 0 d-----w- e:\docume~1\chris\applic~1\SUPERAntiSpyware.com
2010-02-10 16:06:59 23110 ----a-w- e:\windows\hpqins15.dat
2010-02-08 09:23:53 138056 ----a-w- e:\docume~1\chris\applic~1\PnkBstrK.sys
2010-02-08 09:23:34 2434856 ----a-w- e:\windows\system32\pbsvc_bc2.exe
2010-02-07 20:44:35 0 d-----w- e:\windows\SxsCaPendDel

==================== Find3M ====================

2010-02-13 19:35:13 215128 ----a-w- e:\windows\system32\PnkBstrB.exe
2010-02-13 19:27:45 139128 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys
2010-01-08 00:07:14 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 00:07:04 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2008-03-09 13:25:10 236 -c-ha-w- e:\program files\common files\dx.reg
2003-09-11 00:07:18 11815 ----a-w- e:\windows\inf\Tjusbdev.sys

============= FINISH: 17:18:33.07 ===============


#13 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:12:53 PM

Posted 09 March 2010 - 10:41 AM

Hello meanswing,

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    CODE
    :filefind
    tcpip.sys
    beep.sys
    wscntfy.exe
    eventlog.dll
    regsvc.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

In your next reply, please include the following:
  • Systemlook.txt

If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#14 meanswing

meanswing
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 10 March 2010 - 12:41 AM

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 21:37 on 09/03/2010 by Chris (Administrator - Elevation successful)

========== filefind ==========

Searching for "tcpip.sys"
E:\WINDOWS\system32\drivers\tcpip.sys --a--c 361344 bytes [13:29 28/04/2008] [13:29 28/04/2008] 68F06FE0021B01E670AF37B8C5964FDF

Searching for "beep.sys"
No files found.

Searching for "wscntfy.exe"
No files found.

Searching for "eventlog.dll"
E:\Program Files\MATLAB\R2009a\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll --a--- 32890 bytes [05:34 29/01/2010] [00:22 24/01/2007] 4FA5D1120762802A741F374F8B391E69

Searching for "regsvc.dll"
No files found.

-=End Of File=-

#15 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:12:53 PM

Posted 10 March 2010 - 02:50 AM

Hello meanswing,

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

In your next reply, please include the following:
  • Gooredfix.txt

If I have not replied back to your post in 3 days, please send me a PM.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users