Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Thousands of Compromised WordPress Sites Redirect to Tech Support Scams

Featured Deal: Get 96% off a Xamarin Cross Platform Development Bundle Deal

Combo Fix Log File; Problems with Rootkit Virus--Help, Google redirects automatically-

Started by jbaker1010 , Jul 20 2010 08:10 PM

This topic is locked

2 replies to this topic

#1 jbaker1010

Members
2 posts
OFFLINE

Local time:11:28 AM

Posted 20 July 2010 - 08:10 PM

Pasting in additional info. from another post. ~ OB

Ran ComboFix now my computer will begin to start up and then can't.

End of added info. ~ OB

ComboFix 10-07-20.01 - Administrator 07/20/2010 19:42:05.1.4 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.3052 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\vlc-0.9.4-win32.exe
c:\documents and settings\All Users\Application Data\vlc-1.0.2-win32.exe
c:\windows\system32\AutoRun.inf
c:\windows\xpsp1hfm.log
F:\Autorun.inf

Infected copy of c:\windows\system32\drivers\kbdclass.sys was found and disinfected
Restored copy from - Kitty had a snack

.
((((((((((((((((((((((((( Files Created from 2010-06-21 to 2010-07-21 )))))))))))))))))))))))))))))))
.

2010-10-20 19:14 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-18 16:22 . 2010-07-18 16:22 -------- d-----w- c:\documents and settings\Jules\Application Data\Malwarebytes
2010-07-18 15:50 . 2010-07-18 15:50 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-18 15:50 . 2010-07-18 15:50 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-18 15:50 . 2010-07-18 15:50 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-18 15:50 . 2010-07-18 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-18 15:50 . 2010-07-18 15:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-07-18 15:50 . 2010-07-18 15:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-18 15:46 . 2010-07-18 15:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-07-18 15:45 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-18 15:45 . 2010-07-18 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-18 15:45 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-18 15:45 . 2010-07-18 15:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-18 15:31 . 2010-07-18 15:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2010-07-18 15:31 . 2010-07-18 15:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-07-18 15:30 . 2010-07-18 15:30 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-18 15:26 . 2010-07-18 15:52 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-07-18 15:14 . 2010-07-18 16:24 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-07-18 15:14 . 2010-07-18 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-07-18 15:14 . 2010-07-18 15:14 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-07-17 14:12 . 2010-07-17 14:12 452104 ----a-w- c:\documents and settings\Jules\Application Data\Real\Update\setup3.12\setup.exe
2010-07-17 14:12 . 2010-07-17 14:12 452104 ----a-w- c:\documents and settings\Jules\Application Data\Real\Update\temp\~Upg1\setup.exe
2010-07-16 16:04 . 2010-07-16 16:04 79368 ----a-w- c:\documents and settings\Grandma\Application Data\Real\Update\setup3.12\RUP\vista.exe
2010-07-16 16:04 . 2010-07-16 16:04 73344 ----a-w- c:\documents and settings\Grandma\Application Data\Real\Update\setup3.12\RUP\inst_config\gtapi_v6.dll
2010-07-16 16:04 . 2010-07-16 16:04 64000 ----a-w- c:\documents and settings\Grandma\Application Data\Real\Update\setup3.12\RUP\inst_config\gcapi_dll.dll
2010-07-16 16:04 . 2010-07-16 16:04 52288 ----a-w- c:\documents and settings\Grandma\Application Data\Real\Update\setup3.12\RUP\inst_config\gtapi.dll
2010-07-16 16:04 . 2010-07-16 16:04 122880 ----a-w- c:\documents and settings\Grandma\Application Data\Real\Update\setup3.12\RUP\inst_config\compat.dll
2010-07-13 13:35 . 2010-07-13 13:37 26641904 ----a-w- c:\documents and settings\Grandma\Application Data\Real\Update\setup3.12\rp\RealPlayerSPGold.exe
2010-07-13 13:35 . 2010-07-13 13:35 220272 ----a-w- c:\documents and settings\Grandma\Application Data\Real\Update\setup3.12\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-07-13 13:35 . 2010-07-13 13:35 149000 ----a-w- c:\documents and settings\Grandma\Application Data\Real\Update\setup3.12\chr_helper\LaunchHelper.exe
2010-07-13 13:34 . 2010-07-13 13:34 13407072 ----a-w- c:\documents and settings\Grandma\Application Data\Real\Update\setup3.12\chr\ChromeInstaller.exe
2010-07-13 07:28 . 2010-07-13 07:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-11 02:31 . 2010-07-18 15:19 0 ----a-w- c:\documents and settings\Grandma\Local Settings\Application Data\prvlcl.dat
2010-07-11 02:29 . 2010-07-11 02:29 452104 ----a-w- c:\documents and settings\Grandma\Application Data\Real\Update\setup3.12\setup.exe
2010-07-10 03:11 . 2010-07-10 03:11 2956168 ----a-w- c:\documents and settings\Grandma\Application Data\Mozilla\Firefox\Profiles\ytt2dr5e.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-07-06 23:53 . 2010-07-01 18:52 1496064 ----a-w- c:\documents and settings\Morgana\Application Data\Mozilla\Firefox\Profiles\g4cpmvcl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-07-06 23:53 . 2010-07-01 18:51 43008 ----a-w- c:\documents and settings\Morgana\Application Data\Mozilla\Firefox\Profiles\g4cpmvcl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-07-06 23:53 . 2010-07-01 18:51 338944 ----a-w- c:\documents and settings\Morgana\Application Data\Mozilla\Firefox\Profiles\g4cpmvcl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-07-06 23:53 . 2010-07-01 18:51 346112 ----a-w- c:\documents and settings\Morgana\Application Data\Mozilla\Firefox\Profiles\g4cpmvcl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-06-29 12:21 . 2010-06-29 12:21 439816 ----a-w- c:\documents and settings\Jules\Application Data\Real\Update\temp\~Upg0\setup.exe
2010-06-28 22:02 . 2010-06-28 22:02 1039712 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-06-27 01:15 . 2010-06-27 01:16 -------- d-----w- C:\temp
2010-06-23 20:16 . 2010-07-05 11:50 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-06-23 20:16 . 2010-06-23 20:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-06-22 19:20 . 2010-06-22 19:20 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-22 19:20 . 2010-06-22 19:20 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-22 19:20 . 2010-06-22 19:20 74760 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\UniversalDD.sys
2010-06-22 19:20 . 2010-06-22 19:20 30216 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSFilter.sys
2010-06-22 19:20 . 2010-06-22 19:20 26120 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSShim.sys
2010-06-22 19:20 . 2010-06-22 19:20 25096 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSxx.sys
2010-06-22 19:20 . 2010-06-22 19:20 122376 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSDriver.sys
2010-06-22 19:20 . 2010-06-22 19:20 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-06-22 19:20 . 2010-06-22 19:20 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-22 19:18 . 2010-06-22 19:18 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-06-22 19:18 . 2010-06-22 19:18 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-06-22 19:18 . 2010-06-22 19:18 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-18 19:20 . 2009-12-02 00:47 256 ----a-w- c:\windows\system32\pool.bin
2010-07-18 19:08 . 2010-04-13 20:58 -------- d-----w- c:\documents and settings\Grandma\Application Data\OpenOffice.org2
2010-07-18 15:19 . 2008-10-07 00:58 0 ----a-w- c:\documents and settings\Morgana\Local Settings\Application Data\prvlcl.dat
2010-07-18 15:19 . 2008-10-12 23:39 0 ----a-w- c:\documents and settings\Jules\Local Settings\Application Data\prvlcl.dat
2010-07-17 19:43 . 2008-12-25 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-07-17 18:54 . 2008-11-21 19:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-17 14:47 . 2008-09-17 20:20 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-17 14:01 . 2010-04-29 21:11 -------- d-----w- c:\program files\Ask.com
2010-06-29 12:21 . 2010-04-28 00:57 439816 ----a-w- c:\documents and settings\Jules\Application Data\Real\Update\setup3.10\setup.exe
2010-06-28 00:15 . 2010-04-09 21:48 439816 ----a-w- c:\documents and settings\Grandma\Application Data\Real\Update\setup3.10\setup.exe
2010-06-22 19:20 . 2008-10-04 21:54 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-22 19:20 . 2008-10-04 21:54 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-22 19:20 . 2010-05-08 18:58 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-06-22 19:20 . 2008-10-04 21:54 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-19 05:16 . 2010-06-19 05:14 -------- d-----w- c:\program files\iTunes
2010-06-19 05:15 . 2010-06-19 05:15 -------- d-----w- c:\program files\iPod
2010-06-19 05:14 . 2008-09-17 04:18 -------- d-----w- c:\program files\Common Files\Apple
2010-06-19 05:08 . 2010-06-19 05:08 -------- d-----w- c:\program files\Bonjour
2010-06-19 05:01 . 2010-06-19 05:01 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-13 03:18 . 2009-12-02 00:46 -------- d-----w- c:\documents and settings\Jules\Application Data\Research In Motion
2010-06-08 14:45 . 2009-01-10 23:31 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 01:01 . 2010-06-03 01:01 61440 ----a-w- c:\documents and settings\Morgana\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-529c6d93-n\decora-sse.dll
2010-06-03 01:01 . 2010-06-03 01:01 12800 ----a-w- c:\documents and settings\Morgana\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-529c6d93-n\decora-d3d.dll
2010-06-03 01:01 . 2010-06-03 01:01 503808 ----a-w- c:\documents and settings\Morgana\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-26b78b55-n\msvcp71.dll
2010-06-03 01:01 . 2010-06-03 01:01 499712 ----a-w- c:\documents and settings\Morgana\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-26b78b55-n\jmc.dll
2010-06-03 01:01 . 2010-06-03 01:01 348160 ----a-w- c:\documents and settings\Morgana\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-26b78b55-n\msvcr71.dll
2010-06-02 21:05 . 2010-06-02 21:05 -------- d-----w- c:\documents and settings\Morgana\Application Data\AVG9
2010-06-01 16:32 . 2008-09-17 03:52 96384 ----a-w- c:\windows\system32\drivers\sptd5533.sys
2010-06-01 14:31 . 2008-09-17 03:56 223128 ----a-w- c:\windows\system32\drivers\dtscsi.sys
2010-06-01 10:17 . 2010-01-17 02:01 -------- d-----w- c:\documents and settings\Grandma\Application Data\Apple Computer
2010-05-30 03:22 . 2010-05-30 03:22 -------- d-----w- c:\program files\Gradkell Systems, Inc
2010-05-27 00:06 . 2010-05-27 00:06 503808 ----a-w- c:\documents and settings\Jules\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6908a412-n\msvcp71.dll
2010-05-27 00:06 . 2010-05-27 00:06 499712 ----a-w- c:\documents and settings\Jules\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6908a412-n\jmc.dll
2010-05-27 00:06 . 2010-05-27 00:06 61440 ----a-w- c:\documents and settings\Jules\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-30041be1-n\decora-sse.dll
2010-05-27 00:06 . 2010-05-27 00:06 348160 ----a-w- c:\documents and settings\Jules\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6908a412-n\msvcr71.dll
2010-05-27 00:06 . 2010-05-27 00:06 12800 ----a-w- c:\documents and settings\Jules\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-30041be1-n\decora-d3d.dll
2010-05-25 21:33 . 2010-05-25 21:33 503808 ----a-w- c:\documents and settings\Grandma\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-109ed8f5-n\msvcp71.dll
2010-05-25 21:33 . 2010-05-25 21:33 499712 ----a-w- c:\documents and settings\Grandma\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-109ed8f5-n\jmc.dll
2010-05-25 21:33 . 2010-05-25 21:33 348160 ----a-w- c:\documents and settings\Grandma\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-109ed8f5-n\msvcr71.dll
2010-05-25 21:33 . 2010-05-25 21:33 61440 ----a-w- c:\documents and settings\Grandma\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3c3465cd-n\decora-sse.dll
2010-05-25 21:33 . 2010-05-25 21:33 12800 ----a-w- c:\documents and settings\Grandma\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3c3465cd-n\decora-d3d.dll
2010-05-23 15:57 . 2010-04-11 13:26 -------- d-----w- c:\documents and settings\Grandma\Application Data\vlc
2010-05-21 19:14 . 2009-10-02 16:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-20 20:11 . 2008-08-24 18:15 98304 ----a-w- c:\windows\DUMPf3f5.tmp
2010-05-20 20:08 . 2008-08-24 18:15 98304 ----a-w- c:\windows\DUMPe0f9.tmp
2010-05-20 20:06 . 2008-08-24 18:15 98304 ----a-w- c:\windows\DUMPcb7d.tmp
2010-05-20 20:04 . 2008-08-24 18:15 98304 ----a-w- c:\windows\DUMPc6ab.tmp
2010-05-20 20:02 . 2008-08-24 18:15 98304 ----a-w- c:\windows\DUMPc67c.tmp
2010-05-20 20:00 . 2008-08-24 18:15 98304 ----a-w- c:\windows\DUMPc553.tmp
2010-05-18 21:35 . 2010-05-18 21:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 21:35 . 2010-05-18 21:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-09 20:18 . 2010-05-09 20:18 212992 ----a-w- c:\windows\system32\stacsv.exe
2010-05-09 20:15 . 2010-05-08 18:58 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-05-08 18:57 . 2010-05-08 18:57 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-05-08 18:57 . 2010-05-08 18:57 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-05-06 10:41 . 2004-08-04 00:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-03 23:17 1851264 ------w- c:\windows\system32\win32k.sys
2010-05-01 16:40 . 2009-03-27 02:56 143502 ----a-w- c:\windows\hpoins16.dat
2010-04-25 14:19 . 2010-04-13 21:00 1 ----a-w- c:\documents and settings\Grandma\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2008-08-16 22:42 . 2008-08-16 22:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 22:42 . 2008-08-16 22:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 22:42 . 2008-08-16 22:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 22:42 . 2008-08-16 22:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 22:43 . 2008-08-16 22:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 22:42 . 2008-08-16 22:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 22:42 . 2008-08-16 22:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 13:41 . 2008-05-21 13:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 13:41 . 2008-05-21 13:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 13:41 . 2008-05-21 13:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 18:58 . 2008-06-05 18:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 22:42 . 2008-08-16 22:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2008-10-15 13:43 . 2008-10-04 22:17 17934368 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-03-03 21:42 1362824 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-03-03 1362824]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-29 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 102400]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-03-16 127037]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"DriverUpdate"="c:\windows\system32\UpdateDriver.exe" [2002-07-30 57344]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"QuickPassword"="c:\program files\ActivCard\ActivCard Gold\agquickp.exe" [2002-08-29 131072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-18 198160]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-22 623960]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"VX6000"="c:\windows\vVX6000.exe" [2008-08-04 713744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Grandma\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\Jules\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2009-8-21 1799512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2008-10-23 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2009-8-21 1799512]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-22 19:20 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gamevance

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2006-10-23 04:24 620152 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 07:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 18:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX6000]
2008-08-04 23:22 713744 ----a-w- c:\windows\vVX6000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\SonicWALL\\SonicWALL Global VPN Client\\SWGVpnClient.exe"=
"f:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"f:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56396:TCP"= 56396:TCP:Pando Media Booster
"56396:UDP"= 56396:UDP:Pando Media Booster

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [5/8/2010 1:58 PM 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5/8/2010 1:58 PM 52872]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/4/2008 4:54 PM 243024]
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [12/6/2009 3:33 PM 86552]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/8/2010 1:57 PM 30104]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/4/2008 4:54 PM 216400]
S1 bcbus;BestCrypt bus driver;c:\windows\system32\DRIVERS\bcbus.sys --> c:\windows\system32\DRIVERS\bcbus.sys [?]
S1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [3/31/2010 11:13 PM 33824]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
S2 acautoreg;ActivCard Gold Autoregister;c:\program files\Common Files\ActivCard\acautoreg.exe [9/12/2002 4:16 AM 53248]
S2 Accoca;ActivCard Gold service;c:\program files\Common Files\ActivCard\accoca.exe [8/12/2002 1:54 PM 159744]
S2 AMDRAIDXpert;AMD RAIDXpert;c:\program files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe [9/29/2003 9:30 AM 110592]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/22/2010 2:20 PM 308136]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [6/22/2010 2:20 PM 2331032]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [6/22/2010 2:20 PM 5897808]
S2 gupdate1c9662baf6f08ea;Google Update Service (gupdate1c9662baf6f08ea);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2008 7:56 PM 133104]
S2 PBParallel;PBParallel;c:\windows\system32\drivers\pbparallel.sys [3/17/2002 10:51 AM 27152]
S2 PBSmartcard;PBSmartcard;c:\windows\system32\drivers\pbsmartcard.sys [10/10/2001 7:05 AM 24020]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 actccid;ActivCard USB Reader V2;c:\windows\system32\drivers\actccid.sys [8/2/2002 2:41 PM 47660]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [9/8/2008 9:07 PM 37376]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/8/2010 1:57 PM 30104]
S3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [5/8/2010 1:58 PM 122448]
S3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [5/8/2010 1:58 PM 30288]
S3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [5/8/2010 1:58 PM 26192]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [7/18/2010 10:14 AM 16968]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [12/6/2009 3:32 PM 24876]
S3 SCRx31 USB Reader;SCRx31 USB Reader;c:\windows\system32\drivers\stc2.sys [5/16/2002 2:38 PM 56192]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [9/16/2008 9:35 PM 2077840]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/16/2008 10:52 PM 643072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-07-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-25 01:29]

2010-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-25 05:04]

2010-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-25 05:04]

2010-07-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2010-07-18 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 21:07]

2010-07-18 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-03-03 21:42]

2010-07-18 c:\windows\Tasks\User_Feed_Synchronization-{E6ADB127-5730-456F-A3B3-D4FF39A6BF15}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8p3muf04.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
FF - component: c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Gradkell Systems, Inc\DBsign Data Security Suite\Common\Lib\npDbsGscInfo.dll
FF - plugin: c:\program files\Gradkell Systems, Inc\DBsign Data Security Suite\Common\Lib\npDBsignWeb.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
AddRemove-DVD Decrypter - c:\documents and settings\Miguel\My Documents\Downloads\DVD Decrypter\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-20 19:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1772)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-07-20 19:57:08
ComboFix-quarantined-files.txt 2010-07-21 00:57

Pre-Run: 260,117,204,992 bytes free
Post-Run: 263,583,301,632 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 013672A8E885BEA156EF25C1CD28DFB1

Edited by Orange Blossom, 21 July 2010 - 02:57 PM.

Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 myrti

Sillyberry

Malware Study Hall Admin
33,774 posts
ONLINE

Gender:Female
Location:At home
Local time:06:28 PM

Posted 27 July 2010 - 06:28 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Does your PC still not start?

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird? a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

Follow BleepingComputer on: Facebook | Twitter | Google+

Back to top

#3 myrti

Sillyberry

Malware Study Hall Admin
33,774 posts
ONLINE

Gender:Female
Location:At home
Local time:06:28 PM

Posted 06 August 2010 - 04:34 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti