Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

tdl3 virus


  • This topic is locked This topic is locked
40 replies to this topic

#1 ghaskell

ghaskell

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 16 August 2010 - 11:09 AM

almost every time i search i get redirected to an ad site. it started with a virus that would do a pop up that said I have a virus and needed to buy their anti-virus software. I did research it and found it to be a virus and though a bunch of different scans removed that but the redirect is kicking my but.

I have ran, Malwarebytes, ad-aware, super-antispyware free edition, Eusing Free Registry Cleaner, Hitman Pro 3.5. I removed the sun java and nothing.

when i try to run the gmer it will go for awhile and reboot the computer, so I couldn't get it attached but I have the dds in the zip file attached. please help..... im sinking.

thank you in advance

Attached Files

  • Attached File  dds.zip   11.13KB   5 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:46 AM

Posted 19 August 2010 - 08:57 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


MBRCheck

Please also download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3. report from MBRchecker
      4.let me know of any problems you may have had

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ghaskell

ghaskell
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 19 August 2010 - 11:13 AM

Thanks for what you are doing. Here are the reports:

Attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/9/2007 5:53:48 PM
System Uptime: 8/17/2010 2:35:48 PM (43 hours ago)

Motherboard: Dell Computer Corp. | | 0U1325
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 17.55 GiB free.
D: is CDROM (CDFS)
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: Intel® 82801EB USB Universal Host Controller - 24D2
Device ID: PCI\VEN_8086&DEV_24D2&SUBSYS_01511028&REV_02\3&172E68DD&0&E8
Manufacturer: Intel
Name: Intel® 82801EB USB Universal Host Controller - 24D2
PNP Device ID: PCI\VEN_8086&DEV_24D2&SUBSYS_01511028&REV_02\3&172E68DD&0&E8
Service: usbuhci

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: Intel® 82801EB USB Universal Host Controller - 24D4
Device ID: PCI\VEN_8086&DEV_24D4&SUBSYS_01511028&REV_02\3&172E68DD&0&E9
Manufacturer: Intel
Name: Intel® 82801EB USB Universal Host Controller - 24D4
PNP Device ID: PCI\VEN_8086&DEV_24D4&SUBSYS_01511028&REV_02\3&172E68DD&0&E9
Service: usbuhci

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: Intel® 82801EB USB Universal Host Controller - 24D7
Device ID: PCI\VEN_8086&DEV_24D7&SUBSYS_01511028&REV_02\3&172E68DD&0&EA
Manufacturer: Intel
Name: Intel® 82801EB USB Universal Host Controller - 24D7
PNP Device ID: PCI\VEN_8086&DEV_24D7&SUBSYS_01511028&REV_02\3&172E68DD&0&EA
Service: usbuhci

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: Intel® 82801EB USB Universal Host Controller - 24DE
Device ID: PCI\VEN_8086&DEV_24DE&SUBSYS_01511028&REV_02\3&172E68DD&0&EB
Manufacturer: Intel
Name: Intel® 82801EB USB Universal Host Controller - 24DE
PNP Device ID: PCI\VEN_8086&DEV_24DE&SUBSYS_01511028&REV_02\3&172E68DD&0&EB
Service: usbuhci

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: Standard Enhanced PCI to USB Host Controller
Device ID: PCI\VEN_8086&DEV_24DD&SUBSYS_01511028&REV_02\3&172E68DD&0&EF
Manufacturer: (Standard USB Host Controller)
Name: Standard Enhanced PCI to USB Host Controller
PNP Device ID: PCI\VEN_8086&DEV_24DD&SUBSYS_01511028&REV_02\3&172E68DD&0&EF
Service: usbehci

==== System Restore Points ===================

RP725: 5/21/2010 3:42:54 PM - System Checkpoint
RP726: 5/22/2010 4:42:54 PM - System Checkpoint
RP727: 5/23/2010 5:42:54 PM - System Checkpoint
RP728: 5/24/2010 5:44:01 PM - System Checkpoint
RP729: 5/25/2010 6:42:55 PM - System Checkpoint
RP730: 5/26/2010 3:00:18 AM - Software Distribution Service 3.0
RP731: 6/1/2010 11:36:40 AM - System Checkpoint
RP732: 6/2/2010 8:45:53 AM - Avg Update
RP733: 6/3/2010 9:37:26 AM - System Checkpoint
RP734: 6/4/2010 3:00:16 AM - Software Distribution Service 3.0
RP735: 6/5/2010 3:13:24 AM - System Checkpoint
RP736: 6/6/2010 3:37:24 AM - System Checkpoint
RP737: 6/7/2010 4:25:24 AM - System Checkpoint
RP738: 6/8/2010 5:10:53 AM - System Checkpoint
RP739: 6/8/2010 12:45:45 PM - Removed Scan
RP740: 6/8/2010 12:47:22 PM - Removed Destinations
RP741: 6/8/2010 12:48:40 PM - Installed Scan
RP742: 6/8/2010 12:49:05 PM - Installed Destinations
RP743: 6/9/2010 3:02:42 PM - System Checkpoint
RP744: 6/10/2010 4:50:02 PM - System Checkpoint
RP745: 6/11/2010 4:51:18 PM - System Checkpoint
RP746: 6/12/2010 3:00:52 AM - Software Distribution Service 3.0
RP747: 6/13/2010 3:48:52 AM - System Checkpoint
RP748: 6/14/2010 3:53:22 AM - System Checkpoint
RP749: 6/15/2010 5:05:23 AM - System Checkpoint
RP750: 6/16/2010 6:01:25 AM - System Checkpoint
RP751: 6/17/2010 7:01:28 AM - System Checkpoint
RP752: 6/18/2010 7:49:53 AM - System Checkpoint
RP753: 6/19/2010 8:49:54 AM - System Checkpoint
RP754: 6/20/2010 9:49:53 AM - System Checkpoint
RP755: 6/21/2010 11:52:23 AM - System Checkpoint
RP756: 6/22/2010 4:38:51 PM - System Checkpoint
RP757: 6/23/2010 4:49:56 PM - System Checkpoint
RP758: 6/24/2010 3:00:18 AM - Software Distribution Service 3.0
RP759: 6/25/2010 3:50:08 AM - System Checkpoint
RP760: 6/25/2010 8:01:36 AM - Avg Update
RP761: 6/26/2010 8:50:05 AM - System Checkpoint
RP762: 6/27/2010 9:26:05 AM - System Checkpoint
RP763: 6/28/2010 11:44:28 AM - System Checkpoint
RP764: 6/29/2010 1:36:18 PM - System Checkpoint
RP765: 6/30/2010 5:08:32 PM - System Checkpoint
RP766: 7/1/2010 5:08:44 PM - System Checkpoint
RP767: 7/6/2010 3:41:52 PM - System Checkpoint
RP768: 7/7/2010 4:20:32 PM - System Checkpoint
RP769: 7/8/2010 6:09:18 PM - System Checkpoint
RP770: 7/12/2010 1:52:14 PM - System Checkpoint
RP771: 7/13/2010 4:40:11 PM - System Checkpoint
RP772: 7/14/2010 5:30:54 PM - System Checkpoint
RP773: 7/15/2010 3:00:32 AM - Software Distribution Service 3.0
RP774: 7/15/2010 9:58:13 AM - Avg Update
RP775: 7/15/2010 10:00:41 AM - Avg Update
RP776: 7/16/2010 10:24:07 AM - System Checkpoint
RP777: 7/17/2010 11:24:04 AM - System Checkpoint
RP778: 7/18/2010 12:24:04 PM - System Checkpoint
RP779: 7/19/2010 3:46:41 PM - System Checkpoint
RP780: 7/20/2010 4:35:52 PM - System Checkpoint
RP781: 7/21/2010 8:03:34 AM - Avg Update
RP782: 7/22/2010 9:02:55 AM - System Checkpoint
RP783: 7/23/2010 10:02:53 AM - System Checkpoint
RP784: 7/24/2010 11:02:52 AM - System Checkpoint
RP785: 7/25/2010 12:02:52 PM - System Checkpoint
RP786: 7/26/2010 1:02:57 PM - System Checkpoint
RP787: 7/27/2010 1:44:29 PM - System Checkpoint
RP788: 7/28/2010 1:48:08 PM - System Checkpoint
RP789: 7/29/2010 3:28:30 PM - System Checkpoint
RP790: 7/30/2010 4:15:17 PM - System Checkpoint
RP791: 7/31/2010 4:42:39 PM - System Checkpoint
RP792: 8/1/2010 5:26:40 PM - System Checkpoint
RP793: 8/2/2010 1:40:52 PM - Restore Operation
RP794: 8/2/2010 1:44:42 PM - Restore Operation
RP795: 8/3/2010 11:53:31 AM - Installed Belkin Wireless USB Utility
RP796: 8/4/2010 10:37:13 AM - Removed Java™ 6 Update 17
RP797: 8/4/2010 10:38:37 AM - Removed Java™ 6 Update 3
RP798: 8/4/2010 10:42:14 AM - Removed J2SE Runtime Environment 5.0
RP799: 8/5/2010 12:40:01 PM - System Checkpoint
RP800: 8/9/2010 11:27:56 AM - ComboFix created restore point
RP801: 8/10/2010 7:23:09 PM - System Checkpoint
RP802: 8/11/2010 7:28:58 PM - System Checkpoint
RP803: 8/12/2010 8:28:59 PM - System Checkpoint
RP804: 8/13/2010 3:00:33 AM - Software Distribution Service 3.0
RP805: 8/14/2010 3:59:10 AM - System Checkpoint
RP806: 8/15/2010 4:03:33 AM - System Checkpoint
RP807: 8/16/2010 5:03:33 AM - System Checkpoint
RP808: 8/16/2010 2:20:25 PM - Installed Java™ 6 Update 21
RP809: 8/16/2010 7:01:49 PM - Avg Update
RP810: 8/17/2010 7:40:23 PM - System Checkpoint
RP811: 8/18/2010 7:41:08 PM - System Checkpoint

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 2 (SP2)
32 Bit HP CIO Components Installer
7-Zip 4.65
Ad-Aware
Add or Remove Adobe Creative Suite 3 Web Premium
Adobe Acrobat 8 Professional
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Web Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avery Wizard 3.1
AVG Free 9.0
Belkin 11Mbps Wireless USB Network Adapter
Belkin 54g USB Network Adapter
Belkin Wireless USB Utility
BitTorrent
Bonjour
ColorPic
CoverFactory 2.50
DAEMON Tools
DeviceFunctionQFolder
Eusing Free Registry Cleaner
FileZilla Client 3.3.4.1
Google Talk (remove only)
HijackThis 2.0.2
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet 5400 series
HP Image Zone Express
HP Update
HPDeskjet5400Series
HPProductAssistant
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Connections Drivers
iTunes
Java Auto Updater
Java™ 6 Update 21
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft English TTS Engine
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel Viewer
Microsoft Office Excel Viewer 2003
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Streets & Trips 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Media Video 9 VCM
Mozilla Firefox (3.6.8)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MultipleIEs
Nero Media Player
Nero OEM
NeroVision Express 2
ObjectDock
OGA Notifier 2.0.0048.0
Panda ActiveScan 2.0
PC Pitstop Driver Alert2 2.0.0.0
PDF Settings
PSPad editor
QMC
QuickTime
RealPlayer
RealUpgrade 1.0
Safari
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SoundMAX
StumbleUpon IE Toolbar
SUPERAntiSpyware
Traffic Maximizer Pro 2.0
TTS Wrapper
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb2279264)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WampServer 2.0
WebFldrs XP
Website Submitter 2.0
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows XP Service Pack 3
WinRAR archiver
WinZip
Xara Xtreme Pro
XML4
Yahoo! Browser Services

==== Event Viewer Messages From Past Week ========

8/17/2010 2:38:00 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000000, parameter2 0000001c, parameter3 00000001, parameter4 84cbf85c.
8/13/2010 3:30:51 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
8/13/2010 10:07:16 AM, error: System Error [1003] - Error code 10000050, parameter1 e3fc0000, parameter2 00000000, parameter3 f1953c3e, parameter4 00000001.

==== End Of File ===========================


DDS

DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 9:55:19.53 on Thu 08/19/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.300 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Xara\Xara XtremePro\Xtreme.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://uage.net/
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [MSMSGS] "c:\program files\messenger\MSMSGS.EXE" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdloader] "c:\documents and settings\administrator\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10h_Plugin.exe -update plugin
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Irinugune] rundll32.exe "c:\windows\asorifucipis.dll",Startup
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\usb f5d7050\wireless utility\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0006F063-0000-0000-C000-000000000046} - hxxp://activex.microsoft.com/activex/controls/office/outlctlx.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\7vp4wktk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {06A468B6-D711-4DA8-AEC7-4500F6749227} - c:\documents and settings\administrator\local settings\application data\{06A468B6-D711-4DA8-AEC7-4500F6749227}
FF - HiddenExtension: Adobe Flash Plugin: No Registry Reference - c:\program files\mozilla firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s=c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-8-14 28544]
R0 stwlfbus;stwlfbus;c:\windows\system32\drivers\stwlfbus.sys [2003-4-27 8704]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-27 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-27 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-27 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R3 st3wolf;st3wolf;c:\windows\system32\drivers\st3wolf.sys [2003-4-27 99360]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1355416]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-8-17 430152]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\stumbleupon\StumbleUponUpdateService.exe [2008-12-18 120168]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-12-15 85504]

=============== Created Last 30 ================

2010-08-19 15:52:53 0 ----a-w- c:\documents and settings\administrator\defogger_reenable
2010-08-17 16:15:17 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-08-16 20:21:21 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-08-16 20:21:20 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-09 20:04:36 0 d-s---w- C:\ComboFix
2010-08-09 17:32:23 0 d-sha-r- C:\cmdcons
2010-08-09 17:27:32 98816 ----a-w- c:\windows\sed.exe
2010-08-09 17:27:32 77312 ----a-w- c:\windows\MBR.exe
2010-08-09 17:27:32 256512 ----a-w- c:\windows\PEV.exe
2010-08-09 17:27:32 161792 ----a-w- c:\windows\SWREG.exe
2010-08-09 16:34:59 0 d-----w- c:\program files\Trend Micro
2010-08-05 21:24:40 652 ------w- c:\windows\hpomdl36.dat.temp
2010-08-05 21:24:40 166562 ------w- c:\windows\hpoins36.dat.temp
2010-08-05 21:18:55 2 ----a-w- c:\windows\Twain001.Mtx
2010-08-05 21:18:55 156 ----a-w- c:\windows\Twunk001.MTX
2010-08-05 21:18:55 0 ----a-w- c:\windows\Twunk002.MTX
2010-08-05 16:56:55 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-05 16:55:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-08-05 16:55:41 0 d-----w- c:\program files\Hitman Pro 3.5
2010-08-03 18:06:32 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-08-03 17:50:03 45056 ----a-w- c:\windows\NCUNINST.EXE
2010-08-03 17:49:23 73728 ----a-w- c:\windows\system32\install.dll
2010-08-03 17:49:23 61440 ----a-w- c:\windows\system32\w32n50.dll
2010-08-03 17:49:23 462848 ----a-w- c:\windows\system32\monitorbk.exe
2010-08-03 17:49:23 36864 ----a-w- c:\windows\system32\WRLSetup.exe
2010-08-03 17:49:23 16068 ----a-w- c:\windows\system32\pcandis5.sys
2010-08-03 17:49:23 141 ----a-w- c:\windows\filespec
2010-08-03 17:49:23 11847 ----a-w- c:\windows\system32\monitorbk.hlp
2010-08-03 17:49:23 101099 ----a-w- c:\windows\system32\drivers\bkusbxp.sys
2010-08-03 17:49:23 0 ----a-w- c:\windows\bkusb.cat
2010-08-03 17:48:08 0 d-----w- c:\program files\common files\SWF Studio
2010-08-03 17:48:04 0 d-----w- C:\Belkin
2010-08-02 21:17:06 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-02 20:59:23 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-02 19:59:53 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-02 19:57:47 0 d-----w- c:\program files\Lavasoft
2010-07-30 18:50:32 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-07-30 18:50:32 0 d-----w- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2010-07-30 18:49:56 0 d-----w- c:\program files\SUPERAntiSpyware
2010-07-30 16:57:08 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-07-30 16:57:08 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-07-30 16:56:55 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-07-30 16:56:55 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-29 21:34:01 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-29 21:34:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-07-28 22:26:35 0 d-----w- c:\program files\Eusing Free Registry Cleaner
2010-07-26 22:10:12 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-07-26 22:10:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-26 22:09:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-26 22:09:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-26 22:09:55 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-26 21:54:13 2284 ----a-w- c:\windows\lsrslt.ini
2010-07-26 21:31:48 150 ----a-w- C:\zrpt.xml
2010-07-26 21:31:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Update
2010-07-26 21:30:25 0 d-----w- c:\program files\iPod

==================== Find3M ====================

2010-07-15 16:00:27 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 16:00:24 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 15:59:31 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27:11 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 18:45:15 23113 ----a-w- c:\windows\hpqins15.dat
2009-08-10 21:52:57 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009081020090811\index.dat

============= FINISH: 9:56:25.90 ===============



MBRCheck

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000002d

Kernel Drivers (total 113):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7B21000 \WINDOWS\system32\KDCOM.DLL
0xF7A31000 \WINDOWS\system32\BOOTVID.dll
0xF75D2000 ACPI.sys
0xF7B23000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF75C1000 pci.sys
0xF7621000 isapnp.sys
0xF7A35000 stwlfbus.sys
0xF7BE9000 pciide.sys
0xF78A1000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF7631000 MountMgr.sys
0xF75A2000 ftdisk.sys
0xF7B25000 dmload.sys
0xF757C000 dmio.sys
0xF78A9000 PartMgr.sys
0xF78B1000 pavboot.sys
0xF7641000 VolSnap.sys
0xF7564000 atapi.sys
0xF7651000 disk.sys
0xF7661000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF7544000 fltmgr.sys
0xF7532000 sr.sys
0xF751B000 KSecDD.sys
0xF748E000 Ntfs.sys
0xF7461000 NDIS.sys
0xF7447000 Mup.sys
0xF7671000 agp440.sys
0xF703C000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF6BF2000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF6BDE000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6BB6000 \SystemRoot\System32\DRIVERS\e1000325.sys
0xF78F9000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF702C000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF7901000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7909000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF701C000 \SystemRoot\System32\DRIVERS\serial.sys
0xF7402000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF6BA2000 \SystemRoot\System32\DRIVERS\parport.sys
0xF700C000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF7691000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF76A1000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF6B7F000 \SystemRoot\System32\DRIVERS\ks.sys
0xF7911000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF6AF9000 \SystemRoot\system32\drivers\smwdm.sys
0xF6AD5000 \SystemRoot\system32\drivers\portcls.sys
0xF76B1000 \SystemRoot\system32\drivers\drmk.sys
0xF7B69000 \SystemRoot\system32\drivers\aeaudio.sys
0xF7C79000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF76C1000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF73FA000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF6ABE000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF76D1000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF76E1000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7919000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF6AAD000 \SystemRoot\System32\DRIVERS\psched.sys
0xF76F1000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7921000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7929000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF6A7D000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF7701000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7B6B000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF6A1F000 \SystemRoot\System32\DRIVERS\update.sys
0xF6DDA000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF6A06000 \SystemRoot\system32\DRIVERS\st3wolf.sys
0xF69EE000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0xF7711000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF79F1000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF7B87000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C8C000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B89000 \SystemRoot\System32\Drivers\Beep.SYS
0xF568B000 \SystemRoot\System32\drivers\vga.sys
0xF7B8B000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B8D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF562B000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF5623000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7AE5000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF5560000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF5507000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF54CD000 \SystemRoot\System32\Drivers\avgtdix.sys
0xF54A7000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF7741000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF5457000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF5435000 \SystemRoot\System32\drivers\afd.sys
0xF7751000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF5413000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF561B000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF53E8000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF5378000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF7771000 \SystemRoot\System32\Drivers\Fips.SYS
0xF5613000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xF5344000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF7811000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF532C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7BDF000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF5483000 \SystemRoot\System32\drivers\Dxapi.sys
0xF559B000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C6B000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF55E3000 \SystemRoot\System32\DRIVERS\AegisP.sys
0xF3594000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF316B000 \SystemRoot\system32\drivers\wdmaud.sys
0xF33F8000 \SystemRoot\system32\drivers\sysaudio.sys
0xF2F08000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF7BB1000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF2DC1000 \SystemRoot\System32\DRIVERS\srv.sys
0xF2C85000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF27BC000 \SystemRoot\System32\Drivers\HTTP.sys
0xF1108000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 54):
0 System Idle Process
4 System
572 C:\WINDOWS\system32\smss.exe
652 csrss.exe
676 C:\WINDOWS\system32\winlogon.exe
720 C:\WINDOWS\system32\services.exe
740 C:\WINDOWS\system32\lsass.exe
912 C:\WINDOWS\system32\svchost.exe
980 svchost.exe
1076 C:\WINDOWS\system32\svchost.exe
1204 svchost.exe
1288 svchost.exe
1404 C:\Program Files\AVG\AVG9\avgchsvx.exe
1412 C:\Program Files\AVG\AVG9\avgrsx.exe
1520 C:\Program Files\AVG\AVG9\avgcsrvx.exe
304 C:\WINDOWS\explorer.exe
452 svchost.exe
484 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
496 C:\Program Files\AVG\AVG9\avgwdsvc.exe
528 C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
580 C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
596 C:\Program Files\Bonjour\mDNSResponder.exe
696 C:\Program Files\Java\jre6\bin\jqs.exe
1164 C:\WINDOWS\system32\svchost.exe
1400 C:\WINDOWS\system32\svchost.exe
1236 C:\WINDOWS\system32\svchost.exe
2032 C:\Program Files\AVG\AVG9\avgnsx.exe
2380 C:\Program Files\iTunes\iTunesHelper.exe
2560 unsecapp.exe
2936 wmiprvse.exe
2948 alg.exe
3068 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
3080 C:\Program Files\iPod\bin\iPodService.exe
3284 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3324 C:\Program Files\Google\Google Talk\googletalk.exe
3368 C:\PROGRA~1\AVG\AVG9\avgtray.exe
3472 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
3512 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3608 C:\WINDOWS\system32\ctfmon.exe
3640 C:\Program Files\Messenger\msmsgs.exe
3832 C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
3876 C:\Program Files\WinZip\WZQKPICK.EXE
3888 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
1588 C:\WINDOWS\system32\svchost.exe
3504 C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
3168 C:\Program Files\Xara\Xara XtremePro\Xtreme.exe
2424 C:\WINDOWS\system32\igfxsrvc.exe
3688 C:\WINDOWS\system32\notepad.exe
4724 C:\WINDOWS\system32\spoolsv.exe
4680 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2804 C:\WINDOWS\system32\spider.exe
2192 C:\Program Files\Mozilla Firefox\firefox.exe
5208 C:\Program Files\Mozilla Firefox\plugin-container.exe
4108 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: MDTMD800BB-00DKA0, Rev: 77.07W77

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

RKUnhookerLE

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 4276224 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 56.73 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2260992 bytes
0x804D7000 RAW 2260992 bytes
0x804D7000 WMIxWDM 2260992 bytes
0xF6BF2000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 1900544 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 )
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF748E000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF6AF9000 C:\WINDOWS\system32\drivers\smwdm.sys 548864 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF5378000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6A1F000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF5507000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF2DC1000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF27BC000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF54CD000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xF5344000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xF6A7D000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF75D2000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF2F08000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7461000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF1108000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF53E8000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF6BB6000 C:\WINDOWS\System32\DRIVERS\e1000325.sys 163840 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.1 deserialized driver)
0xF5457000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF757C000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF54A7000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF2C85000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF6AD5000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6B7F000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF5435000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF5413000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806FF000 ACPI_HAL 134400 bytes
0x806FF000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7544000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF75A2000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7447000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF6A06000 C:\WINDOWS\system32\DRIVERS\st3wolf.sys 102400 bytes ( , SCSI miniport)
0xF7564000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF532C000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF69EE000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF751B000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6ABE000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF316B000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6BA2000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6BDE000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF5560000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7532000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF75C1000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6AAD000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7811000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7691000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF701C000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF76B1000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF76A1000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF33F8000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7661000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF702C000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF76C1000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7641000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF76E1000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7671000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF7771000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF700C000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7631000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF76D1000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7621000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7711000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7701000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7651000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF703C000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF76F1000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7751000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF1912000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7741000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF5623000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF78F9000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF78A1000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF5613000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF7911000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7901000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7909000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF78B1000 pavboot.sys 24576 bytes (Panda Security, S.L., Panda Boot Driver)
0xF561B000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF568B000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF55E3000 C:\WINDOWS\System32\DRIVERS\AegisP.sys 20480 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF79F1000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF562B000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF78A9000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7921000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7929000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7919000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF559B000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF6DDA000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF3594000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7402000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7A31000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF5483000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF73FA000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7AE5000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7A35000 stwlfbus.sys 12288 bytes ( , PnP BIOS Extension)
0xF7B69000 C:\WINDOWS\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)
0xF7B89000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B25000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7BDF000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7B87000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B21000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B8B000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7BB1000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7B8D000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B6B000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B23000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C79000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7C6B000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7C8C000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7BE9000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x86C6B2B8 unknown_irp_handler 3400 bytes
0x86C6F2C0 unknown_irp_handler 3392 bytes
0x86F2C960 unknown_irp_handler 1696 bytes
==============================================
>Stealth
==============================================




#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:46 AM

Posted 19 August 2010 - 11:16 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ghaskell

ghaskell
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 19 August 2010 - 12:16 PM

The problems I am having is a Google redirect. When i search I get ads when I click on the searched links. It happens about 75% of the time.

The computer right now is still doing the same thing. I gave it a quick try and seached for search. The second option was google.com and when I click on it to go to google I was redirected to http://www.asktofriends.com/search/a002/se...;aff=itcg-21008

it seems to only happen on searches and I haven't tried it on yahoo or any other search engine but everything i am reading points to google and is calling it the tdl3 virus.

here is the combofox report:

ComboFix 10-08-18.04 - Administrator 08/19/2010 10:39:30.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.617 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\My Documents\regbackup.reg
c:\progra~1\TRAFFI~1\MAXImi~1.exe
c:\windows\daemon.dll
c:\windows\My.ini

.
((((((((((((((((((((((((( Files Created from 2010-07-19 to 2010-08-19 )))))))))))))))))))))))))))))))
.

2010-08-17 16:16 . 2010-08-17 16:16 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
2010-08-17 16:15 . 2010-08-17 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-08-16 20:41 . 2010-08-16 20:42 -------- d-----w- c:\program files\FileZilla FTP Client
2010-08-16 20:21 . 2010-08-16 20:21 -------- d-----w- c:\program files\Common Files\Java
2010-08-16 20:21 . 2010-08-16 20:20 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-09 16:34 . 2010-08-09 16:34 -------- d-----w- c:\program files\Trend Micro
2010-08-05 16:56 . 2010-08-17 20:39 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-05 16:55 . 2010-08-05 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-08-05 16:55 . 2010-08-05 16:55 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-08-03 18:06 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-08-03 17:50 . 2010-08-03 17:50 45056 ----a-w- c:\windows\NCUNINST.EXE
2010-08-03 17:49 . 2003-04-09 16:29 101099 ----a-w- c:\windows\system32\drivers\bkusbxp.sys
2010-08-03 17:49 . 2002-08-27 21:40 462848 ----a-w- c:\windows\system32\monitorbk.exe
2010-08-03 17:49 . 2002-08-10 05:01 73728 ----a-w- c:\windows\system32\install.dll
2010-08-03 17:49 . 2002-05-24 00:44 36864 ----a-w- c:\windows\system32\WRLSetup.exe
2010-08-03 17:49 . 2000-10-15 23:38 16068 ----a-w- c:\windows\system32\pcandis5.sys
2010-08-03 17:49 . 2000-10-15 23:22 61440 ----a-w- c:\windows\system32\w32n50.dll
2010-08-03 17:48 . 2010-08-03 17:48 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-08-03 17:48 . 2010-08-03 17:48 -------- d-----w- C:\Belkin
2010-08-02 21:17 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-02 20:59 . 2010-08-02 20:59 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-02 20:01 . 2010-08-02 20:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sunbelt Software
2010-08-02 19:59 . 2010-08-02 20:00 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-02 19:57 . 2010-08-02 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-08-02 19:57 . 2010-08-02 19:57 -------- d-----w- c:\program files\Lavasoft
2010-07-30 18:50 . 2010-07-30 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-30 18:50 . 2010-07-30 18:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-07-30 18:49 . 2010-07-30 18:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-30 16:57 . 2008-04-14 00:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-07-30 16:57 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-07-30 16:56 . 2001-08-17 19:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-07-30 16:56 . 2001-08-17 19:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-29 21:34 . 2010-08-04 16:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-29 21:34 . 2010-08-04 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-28 22:26 . 2010-07-28 22:26 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-07-27 22:13 . 2010-07-27 22:13 -------- d-----w- c:\documents and settings\NetworkService\PrivacIE
2010-07-27 21:57 . 2010-07-27 22:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\bewkyqcea
2010-07-27 21:55 . 2010-07-27 21:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-27 20:19 . 2010-07-27 20:19 5626702 ----a-w- c:\documents and settings\backup0700virus.zip
2010-07-26 22:10 . 2010-07-26 22:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-07-26 22:10 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-26 22:09 . 2010-07-26 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-26 22:09 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-26 22:09 . 2010-07-27 16:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-26 21:34 . 2010-07-26 21:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{06A468B6-D711-4DA8-AEC7-4500F6749227}
2010-07-26 21:31 . 2010-07-27 22:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\guugtsogc
2010-07-26 21:31 . 2010-07-30 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-07-26 21:30 . 2010-07-26 21:30 -------- d-----w- c:\program files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-19 16:52 . 2008-01-15 20:45 -------- d-----w- c:\program files\Traffic Maximizer Pro
2010-08-19 16:23 . 2009-10-28 21:02 0 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\prvlcl.dat
2010-08-18 23:01 . 2009-08-10 22:12 -------- d--h--w- c:\documents and settings\Administrator\Application Data\FileZilla
2010-08-17 16:33 . 2007-08-10 00:22 81360 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-16 20:22 . 2010-08-16 20:22 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-36bab2dd-n\msvcp71.dll
2010-08-16 20:22 . 2010-08-16 20:22 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-36bab2dd-n\jmc.dll
2010-08-16 20:22 . 2010-08-16 20:22 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-36bab2dd-n\msvcr71.dll
2010-08-16 20:21 . 2010-08-16 20:21 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3c9cafdf-n\decora-sse.dll
2010-08-16 20:21 . 2010-08-16 20:21 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3c9cafdf-n\decora-d3d.dll
2010-08-13 09:12 . 2010-02-26 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-09 16:47 . 2007-08-10 00:28 -------- d-----w- c:\program files\HP
2010-08-09 16:47 . 2007-08-10 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-08-05 21:30 . 2010-06-08 20:04 -------- d--h--w- c:\documents and settings\Administrator\Application Data\Image Zone Express
2010-08-04 16:42 . 2007-10-02 19:30 -------- d-----w- c:\program files\Java
2010-08-03 18:03 . 2010-07-15 20:25 -------- d--h--w- c:\documents and settings\Administrator\Application Data\HPAppData
2010-08-03 17:55 . 2007-08-10 00:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-03 17:53 . 2007-08-09 23:58 -------- d-----w- c:\program files\Belkin
2010-07-30 18:52 . 2010-07-30 18:52 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-30 18:51 . 2010-07-30 18:51 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-30 18:51 . 2010-07-30 18:51 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-28 16:24 . 2009-10-27 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-26 21:36 . 2010-07-01 18:31 -------- d-----w- c:\program files\iTunes
2010-07-26 21:31 . 2007-12-11 23:02 -------- d--h--w- c:\documents and settings\Administrator\Application Data\BitTorrent
2010-07-26 21:30 . 2009-08-10 15:58 -------- d-----w- c:\program files\Common Files\Apple
2010-07-26 21:16 . 2010-07-26 21:16 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-21 14:03 . 2010-07-21 14:03 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-21 14:03 . 2010-07-21 14:03 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-21 14:03 . 2010-07-21 14:03 1373536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-07-21 14:03 . 2010-07-21 14:03 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-07-15 16:00 . 2009-10-27 16:23 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 16:00 . 2010-07-15 16:00 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 15:59 . 2009-10-27 16:23 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-12 08:56 . 2010-08-02 19:59 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-08 22:04 . 2010-07-08 22:04 -------- d-----w- c:\program files\CoverFactory 2.50
2010-07-06 16:44 . 2010-07-09 17:36 221184 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7vp4wktk.default\extensions\browserhighlighter@ebay.com\components\Shim.dll
2010-07-01 21:38 . 2007-10-26 20:10 -------- d--h--w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-07-01 18:24 . 2007-08-15 17:16 -------- d-----w- c:\program files\Bonjour
2010-07-01 18:03 . 2009-08-10 16:06 -------- d-----w- c:\program files\Safari
2010-07-01 17:55 . 2010-07-01 17:55 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-30 12:31 . 2003-11-08 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2006-06-23 17:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2003-11-08 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2003-11-08 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2003-11-08 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2007-08-09 23:49 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2006-09-13 05:09 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 18:45 . 2010-06-08 18:41 23113 ----a-w- c:\windows\hpqins15.dat
2010-06-02 14:45 . 2009-10-27 16:23 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-01 17:23 . 2010-06-01 17:23 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7c2ea8a8-n\msvcp71.dll
2010-06-01 17:23 . 2010-06-01 17:23 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7c2ea8a8-n\jmc.dll
2010-06-01 17:23 . 2010-06-01 17:23 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7c2ea8a8-n\msvcr71.dll
2010-05-27 17:19 . 2010-05-27 17:19 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 16:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]
"cdloader"="c:\documents and settings\Administrator\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe" [2010-06-15 231888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-22 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"igfxtray"="c:\windows\System32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\System32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\System32\hkcmd.exe" [2005-09-20 77824]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-08-05 6289216]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 1404928]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-8-13 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 16:00 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
backup=c:\windows\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [8/14/2009 3:10 PM 28544]
R0 stwlfbus;stwlfbus;c:\windows\system32\drivers\stwlfbus.sys [4/27/2003 12:39 PM 8704]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/27/2009 10:23 AM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/27/2009 10:23 AM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 10:00 AM 308136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 2:55 AM 1355416]
R3 st3wolf;st3wolf;c:\windows\system32\drivers\st3wolf.sys [4/27/2003 11:43 AM 99360]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [8/17/2010 10:15 AM 430152]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [12/18/2008 4:05 PM 120168]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [12/15/2009 6:00 PM 85504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-08-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 20:13]

2010-08-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-08-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-1383384898-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2010-08-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-1383384898-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2010-08-19 c:\windows\Tasks\User_Feed_Synchronization-{CB872C42-838F-48C1-A078-D994E7718670}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uage.net/
uInternet Connection Wizard,ShellNext = iexplore
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7vp4wktk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {06A468B6-D711-4DA8-AEC7-4500F6749227} - c:\documents and settings\Administrator\Local Settings\Application Data\{06A468B6-D711-4DA8-AEC7-4500F6749227}

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Irinugune - c:\windows\asorifucipis.dll
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-19 10:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x86E85848]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7665f28
\Driver\ACPI -> ACPI.sys @ 0xf75d8cb8
\Driver\atapi -> 0x86e85848
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
NDIS: Intel® PRO/1000 MT Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf7476bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7483a21
SendHandler -> NDIS.sys @ 0xf746187b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1123561945-1383384898-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,14,5e,32,76,45,fc,4c,a3,ed,18,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,14,5e,32,76,45,fc,4c,a3,ed,18,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2010-08-19 11:00:00
ComboFix-quarantined-files.txt 2010-08-19 16:59

Pre-Run: 19,713,708,032 bytes free
Post-Run: 23,848,202,240 bytes free

- - End Of File - - E1E8FBF544495D7A4883458014C3EC47


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:46 AM

Posted 19 August 2010 - 12:39 PM

Hello

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

CODE
Folder::
c:\documents and settings\NetworkService\Local Settings\Application Data\bewkyqcea
c:\documents and settings\Administrator\Local Settings\Application Data\{06A468B6-D711-4DA8-AEC7-4500F6749227}
c:\documents and settings\Administrator\Local Settings\Application Data\guugtsogc


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"
    In your next post I need the following
    1. report from Combofix
    2. report from TDSKiller
    3. let me know of any problems you may have had
    4. How is the computer doing now after running the script?
Gringo

Edited by gringo_pr, 19 August 2010 - 12:39 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 ghaskell

ghaskell
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 19 August 2010 - 01:23 PM

The computer is still redirecting searches and when I went to run combofix it unexpectedly rebooted. after the reboot there was no problem, running combofix.

after running combo fix did a search and same results. still not working

tdsskiller:
2010/08/19 11:42:11.0500 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
2010/08/19 11:42:11.0500 ================================================================================
2010/08/19 11:42:11.0500 SystemInfo:
2010/08/19 11:42:11.0500
2010/08/19 11:42:11.0500 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/19 11:42:11.0500 Product type: Workstation
2010/08/19 11:42:11.0500 ComputerName: GERALD
2010/08/19 11:42:11.0500 UserName: Administrator
2010/08/19 11:42:11.0500 Windows directory: C:\WINDOWS
2010/08/19 11:42:11.0500 System windows directory: C:\WINDOWS
2010/08/19 11:42:11.0500 Processor architecture: Intel x86
2010/08/19 11:42:11.0500 Number of processors: 2
2010/08/19 11:42:11.0500 Page size: 0x1000
2010/08/19 11:42:11.0500 Boot type: Normal boot
2010/08/19 11:42:11.0500 ================================================================================
2010/08/19 11:42:12.0265 Initialize success
2010/08/19 11:42:17.0890 ================================================================================
2010/08/19 11:42:17.0890 Scan started
2010/08/19 11:42:17.0890 Mode: Manual;
2010/08/19 11:42:17.0890 ================================================================================
2010/08/19 11:42:19.0203 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/19 11:42:19.0359 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/19 11:42:19.0546 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/08/19 11:42:19.0656 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/19 11:42:19.0796 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/08/19 11:42:19.0937 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/19 11:42:20.0140 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/08/19 11:42:20.0906 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/19 11:42:21.0046 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/19 11:42:21.0328 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/19 11:42:21.0453 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/19 11:42:21.0625 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/08/19 11:42:21.0843 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/08/19 11:42:22.0109 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
2010/08/19 11:42:22.0359 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/19 11:42:22.0531 BLKWGU(Belkin) (ed910b63a75863a89aab65f2763d5b71) C:\WINDOWS\system32\DRIVERS\BLKWGU.sys
2010/08/19 11:42:22.0718 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2010/08/19 11:42:22.0734 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2010/08/19 11:42:23.0046 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/19 11:42:23.0234 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/19 11:42:23.0359 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/19 11:42:23.0500 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/19 11:42:24.0375 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/19 11:42:24.0562 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/19 11:42:24.0765 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/19 11:42:24.0984 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/19 11:42:25.0125 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/19 11:42:25.0296 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/19 11:42:25.0421 E1000 (d94437e7ee086677b266099f695cdea1) C:\WINDOWS\system32\DRIVERS\e1000325.sys
2010/08/19 11:42:25.0562 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/19 11:42:25.0671 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/19 11:42:25.0812 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/19 11:42:25.0984 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/19 11:42:26.0125 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/19 11:42:26.0296 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/19 11:42:26.0421 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/19 11:42:26.0609 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/08/19 11:42:26.0718 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/19 11:42:26.0828 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/19 11:42:27.0031 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/08/19 11:42:27.0140 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/08/19 11:42:27.0234 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/08/19 11:42:27.0359 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/19 11:42:27.0703 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/19 11:42:27.0984 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/08/19 11:42:28.0218 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/19 11:42:28.0640 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/19 11:42:28.0812 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/19 11:42:28.0968 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/19 11:42:29.0062 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/19 11:42:29.0171 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/19 11:42:29.0328 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/19 11:42:29.0500 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/19 11:42:29.0656 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/19 11:42:29.0843 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/19 11:42:29.0968 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/19 11:42:30.0140 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/19 11:42:30.0468 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/19 11:42:30.0625 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/19 11:42:30.0750 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/19 11:42:30.0906 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/19 11:42:31.0046 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/19 11:42:31.0328 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/19 11:42:31.0531 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/19 11:42:31.0812 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/19 11:42:32.0000 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/19 11:42:32.0203 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/19 11:42:32.0328 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/19 11:42:32.0484 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/19 11:42:32.0640 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/19 11:42:32.0953 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/19 11:42:33.0140 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/19 11:42:33.0234 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/19 11:42:33.0343 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/19 11:42:33.0453 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/19 11:42:33.0593 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/19 11:42:33.0765 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/19 11:42:34.0031 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/19 11:42:34.0203 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/19 11:42:34.0375 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/19 11:42:34.0609 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/08/19 11:42:34.0828 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/19 11:42:34.0984 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/19 11:42:35.0109 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/19 11:42:35.0234 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/19 11:42:35.0406 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/19 11:42:35.0546 pavboot (210a628a0d7b3f45257850efbff27538) C:\WINDOWS\system32\drivers\pavboot.sys
2010/08/19 11:42:35.0718 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/19 11:42:35.0984 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/19 11:42:36.0125 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/19 11:42:36.0750 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/19 11:42:36.0921 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/08/19 11:42:37.0093 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/19 11:42:37.0187 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/19 11:42:37.0656 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/19 11:42:37.0781 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/19 11:42:37.0921 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/19 11:42:38.0000 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/19 11:42:38.0156 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/19 11:42:38.0359 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/19 11:42:38.0500 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/19 11:42:38.0609 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/19 11:42:38.0765 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/19 11:42:38.0984 RT73 (bf4709c002d632170dc15a282813d6b3) C:\WINDOWS\system32\DRIVERS\rt73.sys
2010/08/19 11:42:39.0109 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/08/19 11:42:39.0140 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/08/19 11:42:39.0312 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/19 11:42:39.0437 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/19 11:42:39.0578 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/19 11:42:39.0781 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/19 11:42:40.0078 smwdm (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys
2010/08/19 11:42:40.0296 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/19 11:42:40.0453 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/19 11:42:40.0625 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/19 11:42:40.0828 st3wolf (1e9a652d898cc96038e5e5554f79c49f) C:\WINDOWS\system32\DRIVERS\st3wolf.sys
2010/08/19 11:42:41.0031 stwlfbus (24e09d134304fbc605626fced3e4cb50) C:\WINDOWS\system32\DRIVERS\stwlfbus.sys
2010/08/19 11:42:41.0218 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/19 11:42:41.0359 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/19 11:42:41.0750 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/19 11:42:41.0953 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/19 11:42:42.0156 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/19 11:42:42.0250 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/19 11:42:42.0390 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/19 11:42:42.0625 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/19 11:42:42.0875 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/19 11:42:43.0078 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/08/19 11:42:43.0187 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/19 11:42:43.0312 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/19 11:42:43.0421 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/19 11:42:43.0515 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/19 11:42:43.0656 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/19 11:42:43.0750 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/19 11:42:43.0890 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/19 11:42:44.0015 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/19 11:42:44.0250 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/19 11:42:44.0468 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/19 11:42:44.0625 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/19 11:42:44.0859 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
2010/08/19 11:42:44.0953 ================================================================================
2010/08/19 11:42:44.0953 Scan finished
2010/08/19 11:42:44.0953 ================================================================================


combofix
ComboFix 10-08-18.04 - Administrator 08/19/2010 12:00:13.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.620 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Local Settings\Application Data\{06A468B6-D711-4DA8-AEC7-4500F6749227}
c:\documents and settings\Administrator\Local Settings\Application Data\{06A468B6-D711-4DA8-AEC7-4500F6749227}\chrome.manifest
c:\documents and settings\Administrator\Local Settings\Application Data\{06A468B6-D711-4DA8-AEC7-4500F6749227}\chrome\content\_cfg.js
c:\documents and settings\Administrator\Local Settings\Application Data\{06A468B6-D711-4DA8-AEC7-4500F6749227}\chrome\content\overlay.xul
c:\documents and settings\Administrator\Local Settings\Application Data\{06A468B6-D711-4DA8-AEC7-4500F6749227}\install.rdf
c:\documents and settings\Administrator\Local Settings\Application Data\guugtsogc
c:\documents and settings\NetworkService\Local Settings\Application Data\bewkyqcea

.
((((((((((((((((((((((((( Files Created from 2010-07-19 to 2010-08-19 )))))))))))))))))))))))))))))))
.

2010-08-17 16:16 . 2010-08-17 16:16 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
2010-08-17 16:15 . 2010-08-17 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-08-16 20:41 . 2010-08-16 20:42 -------- d-----w- c:\program files\FileZilla FTP Client
2010-08-16 20:21 . 2010-08-16 20:21 -------- d-----w- c:\program files\Common Files\Java
2010-08-16 20:21 . 2010-08-16 20:20 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-09 16:34 . 2010-08-09 16:34 -------- d-----w- c:\program files\Trend Micro
2010-08-05 16:56 . 2010-08-19 17:47 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-05 16:55 . 2010-08-05 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-08-05 16:55 . 2010-08-05 16:55 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-08-03 18:06 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-08-03 17:50 . 2010-08-03 17:50 45056 ----a-w- c:\windows\NCUNINST.EXE
2010-08-03 17:49 . 2003-04-09 16:29 101099 ----a-w- c:\windows\system32\drivers\bkusbxp.sys
2010-08-03 17:49 . 2002-08-27 21:40 462848 ----a-w- c:\windows\system32\monitorbk.exe
2010-08-03 17:49 . 2002-08-10 05:01 73728 ----a-w- c:\windows\system32\install.dll
2010-08-03 17:49 . 2002-05-24 00:44 36864 ----a-w- c:\windows\system32\WRLSetup.exe
2010-08-03 17:49 . 2000-10-15 23:38 16068 ----a-w- c:\windows\system32\pcandis5.sys
2010-08-03 17:49 . 2000-10-15 23:22 61440 ----a-w- c:\windows\system32\w32n50.dll
2010-08-03 17:48 . 2010-08-03 17:48 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-08-03 17:48 . 2010-08-03 17:48 -------- d-----w- C:\Belkin
2010-08-02 21:17 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-02 20:59 . 2010-08-02 20:59 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-02 20:01 . 2010-08-02 20:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sunbelt Software
2010-08-02 19:59 . 2010-08-02 20:00 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-02 19:57 . 2010-08-02 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-08-02 19:57 . 2010-08-02 19:57 -------- d-----w- c:\program files\Lavasoft
2010-07-30 18:50 . 2010-07-30 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-30 18:50 . 2010-07-30 18:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-07-30 18:49 . 2010-07-30 18:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-30 16:57 . 2008-04-14 00:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-07-30 16:57 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-07-30 16:56 . 2001-08-17 19:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-07-30 16:56 . 2001-08-17 19:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-29 21:34 . 2010-08-04 16:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-29 21:34 . 2010-08-04 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-28 22:26 . 2010-07-28 22:26 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-07-27 22:13 . 2010-07-27 22:13 -------- d-----w- c:\documents and settings\NetworkService\PrivacIE
2010-07-27 21:55 . 2010-07-27 21:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-27 20:19 . 2010-07-27 20:19 5626702 ----a-w- c:\documents and settings\backup0700virus.zip
2010-07-26 22:10 . 2010-07-26 22:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-07-26 22:10 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-26 22:09 . 2010-07-26 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-26 22:09 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-26 22:09 . 2010-07-27 16:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-26 21:31 . 2010-07-30 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-07-26 21:30 . 2010-07-26 21:30 -------- d-----w- c:\program files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-19 17:24 . 2009-10-28 21:02 0 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\prvlcl.dat
2010-08-19 16:52 . 2008-01-15 20:45 -------- d-----w- c:\program files\Traffic Maximizer Pro
2010-08-18 23:01 . 2009-08-10 22:12 -------- d--h--w- c:\documents and settings\Administrator\Application Data\FileZilla
2010-08-17 16:33 . 2007-08-10 00:22 81360 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-16 20:22 . 2010-08-16 20:22 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-36bab2dd-n\msvcp71.dll
2010-08-16 20:22 . 2010-08-16 20:22 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-36bab2dd-n\jmc.dll
2010-08-16 20:22 . 2010-08-16 20:22 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-36bab2dd-n\msvcr71.dll
2010-08-16 20:21 . 2010-08-16 20:21 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3c9cafdf-n\decora-sse.dll
2010-08-16 20:21 . 2010-08-16 20:21 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3c9cafdf-n\decora-d3d.dll
2010-08-13 09:12 . 2010-02-26 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-09 16:47 . 2007-08-10 00:28 -------- d-----w- c:\program files\HP
2010-08-09 16:47 . 2007-08-10 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-08-05 21:30 . 2010-06-08 20:04 -------- d--h--w- c:\documents and settings\Administrator\Application Data\Image Zone Express
2010-08-04 16:42 . 2007-10-02 19:30 -------- d-----w- c:\program files\Java
2010-08-03 18:03 . 2010-07-15 20:25 -------- d--h--w- c:\documents and settings\Administrator\Application Data\HPAppData
2010-08-03 17:55 . 2007-08-10 00:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-03 17:53 . 2007-08-09 23:58 -------- d-----w- c:\program files\Belkin
2010-07-30 18:52 . 2010-07-30 18:52 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-30 18:51 . 2010-07-30 18:51 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-30 18:51 . 2010-07-30 18:51 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-28 16:24 . 2009-10-27 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-26 21:36 . 2010-07-01 18:31 -------- d-----w- c:\program files\iTunes
2010-07-26 21:31 . 2007-12-11 23:02 -------- d--h--w- c:\documents and settings\Administrator\Application Data\BitTorrent
2010-07-26 21:30 . 2009-08-10 15:58 -------- d-----w- c:\program files\Common Files\Apple
2010-07-26 21:16 . 2010-07-26 21:16 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-21 14:03 . 2010-07-21 14:03 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-21 14:03 . 2010-07-21 14:03 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-21 14:03 . 2010-07-21 14:03 1373536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-07-21 14:03 . 2010-07-21 14:03 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-07-15 16:00 . 2009-10-27 16:23 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 16:00 . 2010-07-15 16:00 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 15:59 . 2009-10-27 16:23 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-12 08:56 . 2010-08-02 19:59 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-08 22:04 . 2010-07-08 22:04 -------- d-----w- c:\program files\CoverFactory 2.50
2010-07-06 16:44 . 2010-07-09 17:36 221184 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7vp4wktk.default\extensions\browserhighlighter@ebay.com\components\Shim.dll
2010-07-01 21:38 . 2007-10-26 20:10 -------- d--h--w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-07-01 18:24 . 2007-08-15 17:16 -------- d-----w- c:\program files\Bonjour
2010-07-01 18:03 . 2009-08-10 16:06 -------- d-----w- c:\program files\Safari
2010-07-01 17:55 . 2010-07-01 17:55 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-30 12:31 . 2003-11-08 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2006-06-23 17:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2003-11-08 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2003-11-08 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2003-11-08 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2007-08-09 23:49 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2006-09-13 05:09 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 18:45 . 2010-06-08 18:41 23113 ----a-w- c:\windows\hpqins15.dat
2010-06-02 14:45 . 2009-10-27 16:23 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-01 17:23 . 2010-06-01 17:23 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7c2ea8a8-n\msvcp71.dll
2010-06-01 17:23 . 2010-06-01 17:23 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7c2ea8a8-n\jmc.dll
2010-06-01 17:23 . 2010-06-01 17:23 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7c2ea8a8-n\msvcr71.dll
2010-05-27 17:19 . 2010-05-27 17:19 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-08-19_16.53.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-19 17:59 . 2010-08-19 17:59 16384 c:\windows\Temp\Perflib_Perfdata_258.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 16:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]
"cdloader"="c:\documents and settings\Administrator\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-22 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"igfxtray"="c:\windows\System32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\System32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\System32\hkcmd.exe" [2005-09-20 77824]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-08-05 6289216]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 1404928]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-8-13 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 16:00 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
backup=c:\windows\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [8/14/2009 3:10 PM 28544]
R0 stwlfbus;stwlfbus;c:\windows\system32\drivers\stwlfbus.sys [4/27/2003 12:39 PM 8704]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/27/2009 10:23 AM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/27/2009 10:23 AM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 10:00 AM 308136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 2:55 AM 1355416]
R3 st3wolf;st3wolf;c:\windows\system32\drivers\st3wolf.sys [4/27/2003 11:43 AM 99360]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [8/17/2010 10:15 AM 430152]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [12/18/2008 4:05 PM 120168]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [12/15/2009 6:00 PM 85504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-08-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 20:13]

2010-08-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-08-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-1383384898-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2010-08-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-1383384898-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2010-08-19 c:\windows\Tasks\User_Feed_Synchronization-{CB872C42-838F-48C1-A078-D994E7718670}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uage.net/
uInternet Connection Wizard,ShellNext = iexplore
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7vp4wktk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-19 12:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x86F31BB8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7665f28
\Driver\ACPI -> ACPI.sys @ 0xf75d8cb8
\Driver\atapi -> 0x86f31bb8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
NDIS: Intel® PRO/1000 MT Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf7476bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7483a21
SendHandler -> NDIS.sys @ 0xf746187b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1123561945-1383384898-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,14,5e,32,76,45,fc,4c,a3,ed,18,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,14,5e,32,76,45,fc,4c,a3,ed,18,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2010-08-19 12:17:33
ComboFix-quarantined-files.txt 2010-08-19 18:17
ComboFix2.txt 2010-08-19 17:00

Pre-Run: 23,861,772,288 bytes free
Post-Run: 23,852,576,768 bytes free

- - End Of File - - 51D636642202FD9D6E65B996810DE311


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:46 AM

Posted 19 August 2010 - 01:55 PM

Hello

I want you to uninstall the spdt driver run this program and reboot

after you reboot run combofix again please


http://www.duplexsecure.com/download/SPTDinst-v172-x86.exe



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ghaskell

ghaskell
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 19 August 2010 - 02:03 PM

when I run SPTDinst-v172-x86.exe i get a window that says No SPTD version was detected? I can either install or cancel, uninstall is not an optin and is grayed out? Do i install?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:46 AM

Posted 19 August 2010 - 02:43 PM

No do not install



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ghaskell

ghaskell
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 19 August 2010 - 02:45 PM

should I run combofix again then or wait on your next instruction?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:46 AM

Posted 19 August 2010 - 02:54 PM

GMER:

I would like you to download this "special version of gmer." and save it to your desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • devices(don't miss this one) <--this one is different than the picture
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

If Gmer runs then please give me the log and pass on the next step.

If Gmer still does not run and Only if it does not run please do the following.

I would like you to try and run Gmer in Safe mode to enter safe mode do the following.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

If Gmer does run to the end please send me the log in your next reply and If it still does not run please let me know and we will try something else

"information and logs"
    In your next post I need the following
    1. log from Gmer
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 ghaskell

ghaskell
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 20 August 2010 - 01:29 PM

When I run GMER it reboots my computer. IT did it in safe mode as well. So I don't have any report to send unless it auto saves a report somewhere?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:46 AM

Posted 21 August 2010 - 02:24 AM

Please download maxlook, saving the file to your desktop.
Double click maxlook.exe to run it. Note - you must run it only once!

1.Restart your computer.
2.Before Windows loads, you will be prompted to choose which Operating System to start.
3.Use the up and down arrow key to select Microsoft Windows Recovery Console
4.You must enter which Windows installation to log onto. Type 1 and press 'Enter'.
5.At the C:\Windows prompt, type the following bolded entries, and press 'Enter' (note the spaces):
    batch look.bat


You will see 1 file copied many times then return to the x:\windows> prompt.
Type Exit to restart your computer then logon in normal mode.

Click Start >> Run and then type the following in the run box

maxlook -sig

(note the space before the - sign)
It will produce looklog.txt on the desktop and open it.
Please post the results here.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 ghaskell

ghaskell
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 23 August 2010 - 11:52 AM

MAXLOOK RESULTS:

CODE
Run from C:\Documents and Settings\Administrator\Desktop\maxlook.exe on Mon 08/23/2010 at 10:47:00.39

--------- maxlook unsigned files ---------

c:\windows\maxdrive\AegisP.sys:
    Verified:    Unsigned
    File date:    5:59 PM 8/9/2007
    Publisher:    Meetinghouse Data Communications
    Description:    IEEE 802.1X Protocol Driver
    Product:    AEGIS Client 3.4.3.0
    Version:    3.4.3.0
    File version:    3.4.3.0
c:\windows\maxdrive\bkusbxp.sys:
    Verified:    Unsigned
    File date:    10:29 AM 4/9/2003
    Publisher:    Belkin Components                      
    Description:    Belkin 11Mbps Wireless USB Network Adapter                                                          
    Product:    Belkin 11Mbps Wireless USB Network Adapter                                                          
    Version:    2.9.8.311
    File version:    2.9.8.31
c:\windows\maxdrive\BLKWGU.sys:
    Verified:    Unsigned
    File date:    11:54 AM 11/10/2005
    Publisher:    Belkin Corporation
    Description:    Belkin Wireless G USB Network Adapter Driver
    Product:    Wireless G USB Network Adapter
    Version:    1, 2, 1, 1
    File version:    6, 3, 2, 16
c:\windows\maxdrive\BRGSp50.sys:
    Verified:    Unsigned
    File date:    6:44 PM 6/8/2005
    Publisher:    Printing Communications Assoc., Inc. (PCAUSA)
    Description:    PCAUSA NDIS 5.0 SPR Protocol Driver
    Product:    PCAUSA Rawether for Windows
    Version:    5.5.18.03
    File version:    5.5.18.03 built by: WinDDK
c:\windows\maxdrive\BRGSp50a64.sys:
    Verified:    Unsigned
    File date:    6:44 PM 6/8/2005
    Publisher:    Printing Communications Assoc., Inc. (PCAUSA)
    Description:    PCAUSA NDIS 5.0 SPR Protocol Driver (AMD64)
    Product:    PCAUSA Rawether for Windows
    Version:    5.5.18.03
    File version:    5.5.18.03 built by: WinDDK
c:\windows\maxdrive\rt73.sys:
    Verified:    Unsigned
    File date:    11:00 PM 8/2/2005
    Publisher:    Ralink Technology, Corp.
    Description:    Ralink 802.11 USB Wireless Adapter Driver
    Product:    Ralink 802.11 Wireless Adapters
    Version:    1.00.00.0000
    File version:    1.00.00.0000
c:\windows\maxdrive\st3wolf.sys:
    Verified:    Unsigned
    File date:    11:43 AM 4/27/2003
    Publisher:    
    Description:    SCSI miniport
    Product:    
    Version:    3.33.0.0
    File version:    3.33.0.0
c:\windows\maxdrive\stwlfbus.sys:
    Verified:    Unsigned
    File date:    12:39 PM 4/27/2003
    Publisher:    
    Description:    PnP BIOS Extension
    Product:    
    Version:    3.33.0.0
    File version:    3.33.0.0
c:\windows\maxdrive\usbport.sys:
    Verified:    Unsigned
    File date:    12:45 PM 4/13/2008
    Publisher:    n/a
    Description:    n/a
    Product:    n/a
    Version:    n/a
    File version:    n/a
c:\windows\maxdrive\ZD1211BU.SYS:
    Verified:    Unsigned
    File date:    2:43 PM 8/17/2005
    Publisher:    ZyDAS Technology Corporation
    Description:    ZD1211B 802.11 b+g USB LAN Driver
    Product:    ZD1211B 802.11 b+g USB LAN Adapter
    Version:    1, 2, 1, 1
    File version:    5, 2, 0, 0
c:\windows\maxdrive\ZDPSp50.sys:
    Verified:    Unsigned
    File date:    1:40 PM 10/25/2004
    Publisher:    Printing Communications Assoc., Inc. (PCAUSA)
    Description:    PCAUSA NDIS 5.0 SPR Protocol Driver
    Product:    PCAUSA Rawether for Windows
    Version:    5.5.18.02
    File version:    5.5.18.02
c:\windows\maxdrive\ZDPSp50a64.sys:
    Verified:    Unsigned
    File date:    3:35 PM 3/18/2005
    Publisher:    Printing Communications Assoc., Inc. (PCAUSA)
    Description:    PCAUSA NDIS 5.0 SPR Protocol Driver (AMD64)
    Product:    PCAUSA Rawether for Windows
    Version:    5.5.18.03
    File version:    5.5.18.03 built by: WinDDK

--------- system32\drivers unsigned files ---------

c:\windows\system32\drivers\AegisP.sys:
    Verified:    Unsigned
    File date:    5:59 PM 8/9/2007
    Publisher:    Meetinghouse Data Communications
    Description:    IEEE 802.1X Protocol Driver
    Product:    AEGIS Client 3.4.3.0
    Version:    3.4.3.0
    File version:    3.4.3.0
c:\windows\system32\drivers\bkusbxp.sys:
    Verified:    Unsigned
    File date:    10:29 AM 4/9/2003
    Publisher:    Belkin Components                      
    Description:    Belkin 11Mbps Wireless USB Network Adapter                                                          
    Product:    Belkin 11Mbps Wireless USB Network Adapter                                                          
    Version:    2.9.8.311
    File version:    2.9.8.31
c:\windows\system32\drivers\BLKWGU.sys:
    Verified:    Unsigned
    File date:    11:54 AM 11/10/2005
    Publisher:    Belkin Corporation
    Description:    Belkin Wireless G USB Network Adapter Driver
    Product:    Wireless G USB Network Adapter
    Version:    1, 2, 1, 1
    File version:    6, 3, 2, 16
c:\windows\system32\drivers\BRGSp50.sys:
    Verified:    Unsigned
    File date:    6:44 PM 6/8/2005
    Publisher:    Printing Communications Assoc., Inc. (PCAUSA)
    Description:    PCAUSA NDIS 5.0 SPR Protocol Driver
    Product:    PCAUSA Rawether for Windows
    Version:    5.5.18.03
    File version:    5.5.18.03 built by: WinDDK
c:\windows\system32\drivers\BRGSp50a64.sys:
    Verified:    Unsigned
    File date:    6:44 PM 6/8/2005
    Publisher:    Printing Communications Assoc., Inc. (PCAUSA)
    Description:    PCAUSA NDIS 5.0 SPR Protocol Driver (AMD64)
    Product:    PCAUSA Rawether for Windows
    Version:    5.5.18.03
    File version:    5.5.18.03 built by: WinDDK
c:\windows\system32\drivers\rt73.sys:
    Verified:    Unsigned
    File date:    11:00 PM 8/2/2005
    Publisher:    Ralink Technology, Corp.
    Description:    Ralink 802.11 USB Wireless Adapter Driver
    Product:    Ralink 802.11 Wireless Adapters
    Version:    1.00.00.0000
    File version:    1.00.00.0000
c:\windows\system32\drivers\st3wolf.sys:
    Verified:    Unsigned
    File date:    11:43 AM 4/27/2003
    Publisher:    
    Description:    SCSI miniport
    Product:    
    Version:    3.33.0.0
    File version:    3.33.0.0
c:\windows\system32\drivers\stwlfbus.sys:
    Verified:    Unsigned
    File date:    12:39 PM 4/27/2003
    Publisher:    
    Description:    PnP BIOS Extension
    Product:    
    Version:    3.33.0.0
    File version:    3.33.0.0
c:\windows\system32\drivers\usbport.sys:
    Verified:    Unsigned
    File date:    12:45 PM 4/13/2008
    Publisher:    n/a
    Description:    n/a
    Product:    n/a
    Version:    n/a
    File version:    n/a
c:\windows\system32\drivers\ZD1211BU.SYS:
    Verified:    Unsigned
    File date:    2:43 PM 8/17/2005
    Publisher:    ZyDAS Technology Corporation
    Description:    ZD1211B 802.11 b+g USB LAN Driver
    Product:    ZD1211B 802.11 b+g USB LAN Adapter
    Version:    1, 2, 1, 1
    File version:    5, 2, 0, 0
c:\windows\system32\drivers\ZDPSp50.sys:
    Verified:    Unsigned
    File date:    1:40 PM 10/25/2004
    Publisher:    Printing Communications Assoc., Inc. (PCAUSA)
    Description:    PCAUSA NDIS 5.0 SPR Protocol Driver
    Product:    PCAUSA Rawether for Windows
    Version:    5.5.18.02
    File version:    5.5.18.02
c:\windows\system32\drivers\ZDPSp50a64.sys:
    Verified:    Unsigned
    File date:    3:35 PM 3/18/2005
    Publisher:    Printing Communications Assoc., Inc. (PCAUSA)
    Description:    PCAUSA NDIS 5.0 SPR Protocol Driver (AMD64)
    Product:    PCAUSA Rawether for Windows
    Version:    5.5.18.03
    File version:    5.5.18.03 built by: WinDDK






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users