InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : Infecton I think.? |
|
Answer» I downloaded a program that i thought was a audio recording program but it asked me restart and it stopped my antivirus from running and firewall then I open them up manualy and avast is finding stuff. I have ran scans with MBAM and SAS but nothing much was found. O2 - BHO: (no name) - {B17324EB-1C4E-453F-BAB4-E82D5F3314C2} - (no file) 2) Next download RootRepeal.rar and unzip it to your Desktop. You'll need WinRAR to extract it * Double click RootRepeal.exe to start the program * Click on the Report tab at the bottom of the program window * Click the Scan button * In the Select Scan dialog, check: o Drivers o Files o Processes o SSDT o Stealth Objects o Hidden Services * Click the OK button * In the next dialog, select all drives showing * Click OK to start the scan The scan can take some time. DO NOT run any other programs while the scan is running * When the scan is complete, the Save Report button will become available * Click this and save the report to your Desktop as RootRepeal.txt * Go to File, then Exit to close the program * Attach this log in your next post. 3) Download DDS by sUBs to your desktop. Your antivirus software might question the file. If it does, allow it. * Double click DDS.scr to run it and wait for the scan to finish * When finished DDS.txt will open * A small while later, a prompt will open. Answer Yes * DDS will continue scanning * When done, Attach.txt will open Copy and paste the DDS.txt and attach Attach.txtHere is my logs G. ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time:2009/10/10 11:36 Program Version:Version 1.3.5.0 Windows Version:Windows XP Media Center Edition SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xF6D79000Size: 98304File Visible: NoSigned: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7B1F000Size: 8192File Visible: NoSigned: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xF6767000Size: 49152File Visible: NoSigned: - Status: - ==EOF== _______Atach.txt_______________________ UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-09-29.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 9/19/2005 9:16:26 PM System Uptime: 10/10/2009 11:26:09 AM (0 hours ago) Motherboard: ASUSTek Computer INC. | | Amberine M Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket 939 | 2200/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 223 GiB total, 52.559 GiB free. D: is FIXED (FAT32) - 8 GiB total, 0.961 GiB free. E: is CDROM () F: is CDROM () G: is Removable H: is Removable I: is Removable J: is Removable ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP1251: 7/11/2009 2:17:13 AM - System Checkpoint RP1252: 7/12/2009 3:04:12 AM - System Checkpoint RP1253: 7/13/2009 3:14:28 AM - System Checkpoint RP1254: 7/14/2009 3:17:53 AM - System Checkpoint RP1255: 7/15/2009 12:00:26 AM - Software Distribution Service 3.0 RP1256: 7/16/2009 12:19:56 AM - System Checkpoint RP1257: 7/16/2009 9:52:43 PM - Automatic Restore Point RP1258: 7/17/2009 10:34:34 PM - System Checkpoint RP1259: 7/19/2009 2:15:46 AM - System Checkpoint RP1260: 7/20/2009 2:25:56 AM - System Checkpoint RP1261: 7/21/2009 3:19:53 AM - System Checkpoint RP1262: 7/22/2009 12:00:15 AM - Software Distribution Service 3.0 RP1263: 7/23/2009 3:02:57 AM - System Checkpoint RP1264: 7/24/2009 3:20:56 AM - System Checkpoint RP1265: 7/25/2009 4:19:52 AM - System Checkpoint RP1266: 7/26/2009 5:19:50 AM - System Checkpoint RP1267: 7/27/2009 5:40:43 AM - System Checkpoint RP1268: 7/28/2009 6:40:42 AM - System Checkpoint RP1269: 7/29/2009 12:00:26 AM - Software Distribution Service 3.0 RP1270: 7/30/2009 12:40:10 AM - System Checkpoint RP1271: 7/31/2009 4:24:54 AM - System Checkpoint RP1272: 8/1/2009 12:00:22 AM - Software Distribution Service 3.0 RP1273: 8/2/2009 1:15:22 AM - System Checkpoint RP1274: 8/3/2009 1:22:45 AM - System Checkpoint RP1275: 8/3/2009 10:16:32 PM - Software Distribution Service 3.0 RP1276: 8/4/2009 10:35:21 PM - System Checkpoint RP1277: 8/6/2009 4:53:19 AM - System Checkpoint RP1278: 8/7/2009 5:28:57 AM - System Checkpoint RP1279: 8/8/2009 6:28:56 AM - System Checkpoint RP1280: 8/9/2009 7:28:55 AM - System Checkpoint RP1281: 8/9/2009 7:30:56 PM - Installed Power Tab Editor 1.7 RP1282: 8/10/2009 7:33:26 PM - System Checkpoint RP1283: 8/11/2009 10:55:48 PM - System Checkpoint RP1284: 8/13/2009 12:00:37 AM - Software Distribution Service 3.0 RP1285: 8/14/2009 12:00:17 AM - Software Distribution Service 3.0 RP1286: 8/15/2009 12:11:21 AM - System Checkpoint RP1287: 8/16/2009 12:48:57 AM - System Checkpoint RP1288: 8/17/2009 1:11:19 AM - System Checkpoint RP1289: 8/18/2009 4:17:03 PM - System Checkpoint RP1290: 8/19/2009 4:25:48 PM - System Checkpoint RP1291: 8/20/2009 4:30:38 PM - System Checkpoint RP1292: 8/21/2009 4:45:06 PM - System Checkpoint RP1293: 8/22/2009 11:32:56 PM - System Checkpoint RP1294: 8/24/2009 11:31:06 AM - System Checkpoint RP1295: 8/25/2009 12:08:37 PM - System Checkpoint RP1296: 8/25/2009 3:41:00 PM - Installed Microsoft Money 2006 System Pack RP1297: 8/26/2009 5:47:13 PM - System Checkpoint RP1298: 8/27/2009 12:00:22 AM - Software Distribution Service 3.0 RP1299: 8/28/2009 12:08:35 AM - System Checkpoint RP1300: 8/29/2009 1:58:37 AM - System Checkpoint RP1301: 8/30/2009 2:21:03 AM - System Checkpoint RP1302: 8/31/2009 3:21:32 AM - System Checkpoint RP1303: 9/1/2009 6:12:00 PM - System Checkpoint RP1304: 9/2/2009 10:42:15 PM - System Checkpoint RP1305: 9/8/2009 10:58:00 AM - System Checkpoint RP1306: 9/9/2009 12:00:25 AM - Software Distribution Service 3.0 RP1307: 9/10/2009 12:14:44 AM - System Checkpoint RP1308: 9/11/2009 1:28:10 AM - System Checkpoint RP1309: 9/12/2009 2:14:39 AM - System Checkpoint RP1310: 9/13/2009 3:14:39 AM - System Checkpoint RP1311: 9/14/2009 4:14:38 AM - System Checkpoint RP1312: 9/15/2009 4:58:30 AM - System Checkpoint RP1313: 9/15/2009 5:32:48 PM - Installed ProxyWay RP1314: 9/16/2009 9:36:44 PM - System Checkpoint RP1315: 9/18/2009 12:30:11 AM - System Checkpoint RP1316: 9/19/2009 11:48:43 AM - System Checkpoint RP1317: 9/20/2009 1:15:25 PM - System Checkpoint RP1318: 9/21/2009 2:42:19 PM - System Checkpoint RP1319: 9/21/2009 8:15:39 PM - Removed ProxyWay RP1320: 9/22/2009 9:37:04 PM - System Checkpoint RP1321: 9/23/2009 9:39:42 PM - System Checkpoint RP1322: 9/25/2009 12:32:59 AM - System Checkpoint RP1323: 9/26/2009 12:39:40 AM - System Checkpoint RP1324: 9/27/2009 1:39:40 AM - System Checkpoint RP1325: 9/28/2009 2:39:36 AM - System Checkpoint RP1326: 9/29/2009 3:39:35 AM - System Checkpoint RP1327: 9/30/2009 4:39:34 AM - System Checkpoint RP1328: 10/1/2009 5:05:16 AM - System Checkpoint RP1329: 10/2/2009 5:39:32 AM - System Checkpoint RP1330: 10/3/2009 6:39:31 AM - System Checkpoint RP1331: 10/4/2009 7:39:31 AM - System Checkpoint RP1332: 10/4/2009 5:54:22 PM - Installed DirectX RP1333: 10/4/2009 6:00:13 PM - Installed DirectX RP1334: 10/5/2009 6:17:40 PM - System Checkpoint RP1335: 10/6/2009 7:18:12 PM - System Checkpoint RP1336: 10/8/2009 8:50:37 PM - System Checkpoint ==== Installed Programs ====================== 2600 2600_Help 2600Trb 50 FREE MP3s +1 Free Audiobook! Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 7.0 AIM 6 AiO_Scan AiOSoftware AirPlus G ANIO Service ANIWZCS2 Service Anvil Studio AOL Toolbar 5.0 AOL Uninstaller (Choose which Products to Remove) Apple Mobile Device Support ATI Control Panel ATI Display Driver avast! Antivirus Bonjour BufferChm Call of Duty(R) 4 - Modern Warfare(TM) CCScore Centricity DICOM Viewer Cheat Engine 5.5 Compaq Connections (remove only) Compaq Game Console and games Compaq Multimedia Keyboard Software Compaq Organize Copy CP_AtenaShokunin1Config cp_dwShrek2Albums1 cp_dwShrek2Cards1 CreativeProjects CreativeProjectsTemplates Critical Update for Windows Media Player 11 (KB959772) CueTour DecX Version 2.0 Destinations Director DocProc DocumentViewer Doom 3 (TM) Demo Doom Builder Doom Builder 2.0 DOOM Collector's Edition Download Updater (AOL LLC) Easy Internet Sign-up eMusic Download Manager 4.1.3 ERUNT 1.1j ESET Online Scanner v3 ESSBrwr ESSCDBK ESScore ESSgui ESSini ESSPCD ESSPDock ESSSONIC ESSTOOLS essvatgt Fax fflink Free YouTube to Mp3 Converter version 3.2 Full Tilt Poker High Definition Audio Driver Package - KB888111 HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) HP Boot Optimizer HP DigitalMedia Archive HP Extended Capabilities 4.7 HP Image Zone 4.7 HP Image Zone Express HP Product Assistant HP Product Detection HP PSC & OfficeJet 4.7 HP Software Update HpSdpAppCoreApp HPSystemDiagnostics HyperCam 2 IconPackager InstantShare InterVideo WinDVD Player J2SE Runtime Environment 5.0 J2SE Runtime Environment 5.0 Update 6 Java(TM) 6 Update 13 Java(TM) 6 Update 3 Java(TM) 6 Update 5 Java(TM) 6 Update 7 KeyNote 1.6.5 kgcbaby kgcbase kgchday kgchlwn kgcinvt kgckids kgcmove kgcvday Kodak EasyShare software KSU LightScribe 1.4.31.1 Malwarebytes' Anti-Malware MarketResearch Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Money 2006 Microsoft Money 2006 System Pack Microsoft National Language Support Downlevel APIs Microsoft Office Standard Edition 2003 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Virtual PC 2007 Microsoft VISUAL C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Works Motorola SM56 Speakerphone Modem Mozilla Firefox (3.0.14) MP3 Player Utilities 5.10 MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 6.0 Parser (KB927977) Myst III: Exile netbrdg NLOP Notifier Odamex 0.4.3 OfotoXMI OpenOffice.org 3.1 Otto PanoStandAlone Pawsoft Fass PC-Doctor 5 for Windows PC Tools Firewall Plus 5.0 PhotoGallery PokerStars Power Tab Editor 1.7 ProductContext Python 2.2 pywin32 extensions (build 203) Python 2.2.3 QFolder Readme RealPlayer Revo Uninstaller 1.83 Risen3D version 2.2.04 RollerCoaster Tycoon Deluxe Scan ScannerCopy Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) SFR SHASTA SKIN0001 SkinsHP1 SKINXSDK Skulltag SlimDX Redistributable (March 2009) Soldat 1.4.2 Sonic Encoders Sonic Express Labeler Sonic MyDVD Plus Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager SpywareBlaster 4.2 staticcr Styler SUPERAntiSpyware Free Edition System Requirements Lab tooltips TrayApp TuxGuitar TweetDeck UltimateBet UltraISO Premium V9.33 Uninstall 1.0.0.1 Unload Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB972636) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951618-v2) Update for Windows XP (KB951978) Update for Windows XP (KB953356) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB973815) Update Rollup 2 for Windows XP Media Center Edition 2005 Video Convert Viewpoint Media Player Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VPRINTOL Warcraft II BNE Warcraft III: All Products WebFldrs XP WebReg WebSite Downloader 1.1 What's Running 2.2 Winamp Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live installer Windows Live Sign-in Assistant Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player Firefox Plugin Windows XP Media Center Edition 2005 KB890629 Windows XP Media Center Edition 2005 KB894553 Windows XP Media Center Edition 2005 KB895678 Windows XP Media Center Edition 2005 KB925766 Windows XP Media Center Edition 2005 KB973768 Windows XP Service Pack 3 WinPcap 3.1 WinRAR archiver WIRELESS Yahoo! Messenger ZDaemon (remove only) ==== Event Viewer Messages From Past Week ======== 10/9/2009 3:04:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service ImapiService with arguments "-Service" in order to run the server: {520CCA63-51A5-11D3-9144-00104BA11C5E} 10/6/2009 6:04:01 PM, error: Service Control Manager [7031] - The Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 10/6/2009 6:03:13 PM, error: HTTP [15005] - Unable to bind to the underlying transport for 0.0.0.0:2869. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number. 10/6/2009 6:03:08 PM, error: Service Control Manager [7023] - The avast! Web Scanner service terminated with the following error: An invalid argument was supplied. 10/6/2009 6:02:41 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified. 10/6/2009 5:57:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 10/6/2009 5:50:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdK8 aswSP Fips SASDIFSV SASKUTIL vmm 10/6/2009 5:50:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 10/6/2009 5:49:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 10/6/2009 5:28:14 PM, error: Service Control Manager [7024] - The Media Center Extender Service service terminated with service-specific error 2147549183 (0x8000FFFF). 10/6/2009 5:28:09 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 10/6/2009 5:26:05 PM, error: Service Control Manager [7034] - The SeekService Service service terminated unexpectedly. It has done this 1 time(s). 10/6/2009 5:26:02 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s). 10/3/2009 1:02:47 AM, error: PSched [14103] - QoS [Adapter {012DDFBD-173E-40EE-AEE4-EF4EE6AE8AC0}]: The netcard driver failed the query for OID_GEN_LINK_SPEED. ==== End Of File =========================== ________DDS.txt___________ DDS (Ver_09-09-29.01) - NTFSx86 NETWORK Run by Compaq_Administrator at 11:55:04.59 on Sat 10/10/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.640 [GMT -7:00] AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B} AV: avast! antivirus 4.8.1351 [VPS 091006-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr ============== Pseudo HJT Report =============== uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/keyword/%s mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 5.0\aoltb.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin/module.main/favorites\ie_add_to.html IE: Add to Video Converter... - c:\program files\mp3 player utilities 5.10\aviconverter\grab.html IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: Save YouTube Video as MP3 - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP3.htm IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127362109437 DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149835123078 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object desktop\iconpackager\iprepair.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, LSA: Authentication Packages = msv1_0 nwprovau ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\p1c3jbp5.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/ FF - component: c:\program files\common files\dvdvideosoft\dll\ffcontextmenuy\components\FFContextMenu.dll FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows PRESENTATION foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-5-6 159600] R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-3-22 547744] S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-14 114768] S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944] S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024] S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-14 20560] S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-6-14 138680] S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] S2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336] S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-5-6 73840] S2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2009-5-6 146800] S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-6-14 254040] S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-6-14 352920] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512] S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-5-6 95640] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408] S3 XDva037;XDva037;\??\c:\windows\system32\xdva037.sys --> c:\windows\system32\XDva037.sys [?] S3 XDva167;XDva167;\??\c:\windows\system32\xdva167.sys --> c:\windows\system32\XDva167.sys [?] =============== Created Last 30 ================ 2009-10-09 16:15552a-------c:\windows\system32\d3d8caps.dat 2009-10-04 18:48--d-----c:\docume~1\compaq~1\applic~1\LimeWire 2009-09-17 16:38--d-----c:\program files\DecXv20 2009-09-17 16:37249,856--------c:\windows\Setup1.exe 2009-09-17 16:3773,216a-------c:\windows\ST6UNST.EXE ==================== Find3M ==================== 2009-09-10 14:5438,224a-------c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 14:5319,160a-------c:\windows\system32\drivers\mbam.sys 2009-08-15 19:0234a-------c:\documents and settings\compaq_administrator\jagex_runescape_preferences.dat 2009-08-06 19:24327,896a-------c:\windows\system32\dllcache\wucltui.dll 2009-08-06 19:24209,632a-------c:\windows\system32\dllcache\wuweb.dll 2009-08-06 19:2435,552a-------c:\windows\system32\dllcache\wups.dll 2009-08-06 19:2453,472a-------c:\windows\system32\dllcache\wuauclt.exe 2009-08-06 19:2496,480a-------c:\windows\system32\dllcache\cdm.dll 2009-08-06 19:23575,704a-------c:\windows\system32\dllcache\wuapi.dll 2009-08-06 19:231,929,952a-------c:\windows\system32\dllcache\wuaueng.dll 2009-08-06 19:23274,288a-------c:\windows\system32\mucltui.dll 2009-08-06 19:23215,920a-------c:\windows\system32\muweb.dll 2009-08-05 02:01204,800a-------c:\windows\system32\mswebdvd.dll 2009-08-05 02:01204,800--------c:\windows\system32\dllcache\mswebdvd.dll 2009-07-19 18:4811,067,392--------c:\windows\system32\dllcache\ieframe.dll 2009-07-19 06:185,937,152--------c:\windows\system32\dllcache\mshtml.dll 2009-07-17 12:490a-------c:\documents and settings\compaq_administrator\settings.dat 2009-07-17 12:0158,880a-------c:\windows\system32\atl.dll 2009-07-17 12:0158,880--------c:\windows\system32\dllcache\atl.dll 2009-07-13 23:4310,841,088a-------c:\windows\system32\dllcache\wmp.dll 2009-07-13 23:43286,208a-------c:\windows\system32\wmpdxm.dll 2009-07-13 23:43286,208a-------c:\windows\system32\dllcache\wmpdxm.dll 2009-05-01 09:4424,278a-------c:\docume~1\compaq~1\applic~1\wklnhst.dat 2008-12-07 00:1522,328a-------c:\docume~1\compaq~1\applic~1\PnkBstrK.sys 2008-10-04 14:40268a---h---c:\program files\sqmdata12.sqm 2008-05-03 10:2369,120a-------c:\docume~1\compaq~1\applic~1\obgargu.exe 2007-10-22 21:20251a-------c:\program files\wt3d.ini 2008-07-31 08:2632,768a--sh---c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008073120080801\index.dat ============= FINISH: 11:55:19.59 =============== Oh I think I forgot to include that I have no internet in normal mode, only in safemode.Did you run DDS in normal mode?The below instructions should be PERFORMED in normal mode. 1) Please uninstall all viewpoint products . *Go to control panel>>Add/Remove Programs.Select all viewpoint products such as viewpoint media player etc. and remove them. 2) Please uninstall Adobe Reader 7.Download the latest version from here. 3) Please download combofix from one of these webpages . http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe * IMPORTANT !!! Save ComboFix.exe directly to your Desktop Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are performing below portion of the instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. a). Close any open browsers. b). Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (Right click on the avast icon in system tray and choose Stop On-Access Protection ) c). Open *notepad* and copy/paste the text in the quotebox below into it: Quote KillAll:: Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.Now drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply. I will get it done when I get home today. And I ran DDS in safemode.Here you go, also I have internet in normal mode now!!!! ComboFix 09-10-12.02 - Compaq_Administrator 10/12/2009 17:15.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.553 [GMT -7:00] Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt AV: avast! antivirus 4.8.1351 [VPS 091006-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B} FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52} FILE :: "c:\program files\sqmdata12.sqm" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\AVM c:\program files\sqmdata12.sqm c:\windows\Downloaded Program Files\bdcore.dll c:\windows\Downloaded Program Files\libfn.dll c:\windows\viassary-hp.reg D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NWCWORKSTATION -------\Service_NWCWorkstation ((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 ))))))))))))))))))))))))))))))) . 2009-10-13 00:09 . 2009-10-13 00:09--------d-----w-c:\documents and settings\All Users\Application Data\Viewpoint 2009-10-09 23:15 . 2009-10-09 23:15552----a-w-c:\windows\system32\d3d8caps.dat 2009-10-05 01:48 . 2009-10-05 02:19--------d-----w-c:\documents and settings\Compaq_Administrator\Application Data\LimeWire 2009-09-17 23:38 . 2009-09-17 23:38--------d-----w-c:\program files\DecXv20 2009-09-17 23:37 . 2009-09-17 23:37249856------w-c:\windows\Setup1.exe 2009-09-17 23:37 . 2009-09-17 23:3773216----a-w-c:\windows\ST6UNST.EXE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-13 00:22 . 2009-01-19 02:09--------d---a-w-c:\documents and settings\All Users\Application Data\TEMP 2009-10-12 03:02 . 2009-06-18 01:05--------d-----w-c:\program files\Skulltag 2009-10-12 00:36 . 2009-01-18 03:08--------d-----w-c:\program files\Doom Builder 2009-10-08 01:18 . 2009-09-03 04:57--------d-----w-c:\documents and settings\Compaq_Administrator\Application Data\uTorrent 2009-10-07 01:21 . 2009-01-10 00:47--------d-----w-c:\program files\Malwarebytes' Anti-Malware 2009-10-06 19:40 . 2009-06-06 15:58--------d-----w-c:\program files\UltimateBet 2009-10-05 00:59 . 2009-07-06 01:28--------d-----w-c:\program files\Doom Builder 2 2009-09-24 05:34 . 2009-09-05 16:56--------d-----w-c:\program files\odamex 2009-09-23 16:25 . 2006-05-19 00:15--------d-----w-c:\program files\PokerStars 2009-09-22 02:54 . 2009-04-08 04:47--------d-----w-c:\program files\eMusic Download Manager 2009-09-10 21:54 . 2009-05-31 01:5138224----a-w-c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 21:53 . 2009-05-31 01:5219160----a-w-c:\windows\system32\drivers\mbam.sys 2009-09-09 13:57 . 2005-09-22 03:54--------d-----w-c:\program files\Common Files\AOL 2009-09-09 07:10 . 2009-06-14 04:04--------d-----w-c:\program files\Microsoft Silverlight 2009-09-09 04:16 . 2005-09-22 03:55--------d-----w-c:\documents and settings\All Users\Application Data\AOL 2009-09-08 16:29 . 2009-09-07 17:28--------d-----w-c:\program files\AOL 9.0 2009-09-07 17:31 . 2005-09-22 03:56--------d-----w-c:\documents and settings\Compaq_Administrator\Application Data\AOL 2009-09-07 17:30 . 2009-09-07 17:28--------d-----w-c:\program files\Common Files\aolshare 2009-09-07 17:30 . 2005-09-22 03:56--------d-----w-c:\program files\Common Files\Nullsoft 2009-09-07 17:24 . 2006-05-14 03:58--------d-----w-c:\documents and settings\All Users\Application Data\AOL Downloads 2009-08-30 15:04 . 2009-08-30 15:04--------d-----w-c:\documents and settings\Compaq_Administrator\Application Data\PokerCreations 2009-08-30 14:47 . 2009-08-30 14:47--------d-----w-c:\documents and settings\Compaq_Administrator\Application Data\NLOP 2009-08-30 14:47 . 2009-08-30 14:47--------d-----w-c:\program files\NLOP 2009-08-25 22:47 . 2009-08-25 22:41--------d-----w-c:\program files\Microsoft Money 2006 2009-08-25 13:42 . 2005-10-14 03:2162864----a-w-c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-17 16:10 . 2009-06-14 22:321279456----a-w-c:\windows\system32\aswBoot.exe 2009-08-17 16:06 . 2009-06-14 22:3393392----a-w-c:\windows\system32\drivers\aswmon.sys 2009-08-17 16:06 . 2009-06-14 22:3394160----a-w-c:\windows\system32\drivers\aswmon2.sys 2009-08-17 16:05 . 2009-06-14 22:33114768----a-w-c:\windows\system32\drivers\aswSP.sys 2009-08-17 16:05 . 2009-06-14 22:3320560----a-w-c:\windows\system32\drivers\aswFsBlk.sys 2009-08-17 16:04 . 2009-06-14 22:3351376----a-w-c:\windows\system32\drivers\aswTdi.sys 2009-08-17 16:04 . 2009-06-14 22:3323152----a-w-c:\windows\system32\drivers\aswRdr.sys 2009-08-17 16:03 . 2009-06-14 22:3326944----a-w-c:\windows\system32\drivers\aavmker4.sys 2009-08-17 16:02 . 2009-06-14 22:3397480----a-w-c:\windows\system32\AvastSS.scr 2009-08-16 02:02 . 2008-07-03 06:1434----a-w-c:\documents and settings\Compaq_Administrator\jagex_runescape_preferences.dat 2009-08-07 02:24 . 2004-08-10 19:00327896----a-w-c:\windows\system32\wucltui.dll 2009-08-07 02:24 . 2004-08-10 19:00209632----a-w-c:\windows\system32\wuweb.dll 2009-08-07 02:24 . 2005-09-22 04:0944768----a-w-c:\windows\system32\wups2.dll 2009-08-07 02:24 . 2004-08-10 19:0035552----a-w-c:\windows\system32\wups.dll 2009-08-07 02:24 . 2004-08-10 19:0053472----a-w-c:\windows\system32\wuauclt.exe 2009-08-07 02:24 . 2004-08-10 19:0096480----a-w-c:\windows\system32\cdm.dll 2009-08-07 02:23 . 2004-08-10 19:00575704----a-w-c:\windows\system32\wuapi.dll 2009-08-07 02:23 . 2006-06-09 23:24274288----a-w-c:\windows\system32\mucltui.dll 2009-08-07 02:23 . 2005-05-26 11:19215920----a-w-c:\windows\system32\muweb.dll 2009-08-07 02:23 . 2004-08-10 19:001929952----a-w-c:\windows\system32\wuaueng.dll 2009-08-05 09:01 . 2004-08-10 19:00204800----a-w-c:\windows\system32\mswebdvd.dll 2009-07-17 19:49 . 2009-07-17 19:490----a-w-c:\documents and settings\Compaq_Administrator\settings.dat 2009-07-17 19:01 . 2004-08-10 19:0058880----a-w-c:\windows\system32\atl.dll 2009-07-15 07:00 . 2009-07-15 07:00229208----a-w-c:\windows\system32\drivers\VMM.sys 2007-10-23 04:20 . 2007-10-23 04:20251----a-w-c:\program files\wt3d.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 19:05356352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication PackagesREG_MULTI_SZ msv1_0 nwprovau [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk backup=c:\windows\pss\Compaq Connections.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk] path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^Styler.lnk] path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\Styler.lnk backup=c:\windows\pss\Styler.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Microsoft Plus! Photo Story 2 LE\\PS2Trial.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"= "c:\\Program Files\\Warcraft II BNE\\Warcraft II BNE.exe"= "c:\\Soldat\\Soldat.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Skulltag\\Skulltag.exe"= "c:\\Program Files\\Skulltag\\Idese.exe"= "c:\\Program Files\\Skulltag\\Rcon_Utility.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "67:UDP"= 67:UDP:DHCP Discovery Service "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/14/2009 3:33 PM 114768] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [5/6/2009 9:37 PM 159600] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/15/2009 5:17 PM 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 5:17 PM 55024] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/14/2009 3:33 PM 20560] R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [8/10/2004 12:00 PM 14336] R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [5/6/2009 9:37 PM 73840] R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [3/22/2005 7:17 PM 547744] R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [5/6/2009 9:36 PM 95640] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 2:10 PM 32512] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 5:17 PM 7408] S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sys --> c:\windows\system32\XDva037.sys [?] S3 XDva167;XDva167;\??\c:\windows\system32\XDva167.sys --> c:\windows\system32\XDva167.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-10-01 c:\windows\Tasks\HPCeeSchedule.job - c:\progra~1\EASYIN~1\Ceement\HPCEE.exe [2005-05-24 23:46] . . ------- SUPPLEMENTARY Scan ------- . uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html IE: Add to Video Converter... - c:\program files\MP3 Player Utilities 5.10\AVIConverter\grab.html IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\p1c3jbp5.default\ FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll FF - plugin: c:\program files\eMusic Download Manager\plugin\npemusic.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - AddRemove-Centricity DICOM Viewer - c:\program files\Centricity\DICOM Viewer\3.1.1\EN-US\setupw2k ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-12 17:22 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3802107105-356159331-2220808391-1008\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1736) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3376) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\program files\Stardock\Object Desktop\IconPackager\iprepair.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Microsoft Virtual PC\VPCShExH.DLL c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\ati2evxx.exe c:\program files\Common Files\AOL\acs\AOLacsd.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\PC Tools Firewall Plus\FWService.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\program files\Alwil Software\Avast4\Setup\avast.setup . ************************************************************************** . Completion time: 2009-10-13 17:26 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-13 00:26 Pre-Run: 55,247,224,832 bytes free Post-Run: 55,081,291,776 bytes free 256--- E O F ---2009-09-09 07:04 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:28:34 PM, on 10/12/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\PC Tools Firewall Plus\FWService.exe C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html O8 - Extra context menu item: Add to Video Converter... - C:\Program Files\MP3 Player Utilities 5.10\AVIConverter\grab.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127362109437 O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149835123078 O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 8313 bytes Never mind, I cannot get Firefox or IE to work in normal mode.1) Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. a) Close any open browsers. b) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open *notepad* and copy/paste the text in the quotebox below into it: Quote file:: Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.Now drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt Please copy and paste the ComboFix.txt in your next reply. 2) Please upload these files to virustotal (one by one ) and post the results in your next reply. c:\windows\system32\XDva037.sys c:\windows\system32\XDva167.sysHere is my new log. The two file could not be found. ComboFix 09-10-13.01 - Compaq_Administrator 10/13/2009 16:58.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.573 [GMT -7:00] Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt AV: avast! antivirus 4.8.1351 [VPS 091013-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B} FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52} FILE :: "c:\documents and settings\All Users\Application Data\Viewpoint" . ((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 ))))))))))))))))))))))))))))))) . 2009-10-13 00:32 . 2009-10-13 00:32--------d-----w-c:\program files\Common Files\Adobe 2009-10-13 00:30 . 2009-10-13 04:01--------d-----w-c:\documents and settings\All Users\Application Data\NOS 2009-10-13 00:09 . 2009-10-13 00:09--------d-----w-c:\documents and settings\All Users\Application Data\Viewpoint 2009-10-09 23:15 . 2009-10-09 23:15552----a-w-c:\windows\system32\d3d8caps.dat 2009-10-05 01:48 . 2009-10-05 02:19--------d-----w-c:\documents and settings\Compaq_Administrator\Application Data\LimeWire 2009-09-17 23:38 . 2009-09-17 23:38--------d-----w-c:\program files\DecXv20 2009-09-17 23:37 . 2009-09-17 23:37249856------w-c:\windows\Setup1.exe 2009-09-17 23:37 . 2009-09-17 23:3773216----a-w-c:\windows\ST6UNST.EXE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-13 23:50 . 2009-01-19 02:09--------d---a-w-c:\documents and settings\All Users\Application Data\TEMP 2009-10-13 23:32 . 2009-01-18 03:08--------d-----w-c:\program files\Doom Builder 2009-10-13 16:30 . 2009-06-06 15:58--------d-----w-c:\program files\UltimateBet 2009-10-13 14:07 . 2009-06-18 01:05--------d-----w-c:\program files\Skulltag 2009-10-08 01:18 . 2009-09-03 04:57--------d-----w-c:\documents and settings\Compaq_Administrator\Application Data\uTorrent 2009-10-07 01:21 . 2009-01-10 00:47--------d-----w-c:\program files\Malwarebytes' Anti-Malware 2009-10-05 00:59 . 2009-07-06 01:28--------d-----w-c:\program files\Doom Builder 2 2009-09-24 05:34 . 2009-09-05 16:56--------d-----w-c:\program files\odamex 2009-09-23 16:25 . 2006-05-19 00:15--------d-----w-c:\program files\PokerStars 2009-09-22 02:54 . 2009-04-08 04:47--------d-----w-c:\program files\eMusic Download Manager 2009-09-10 21:54 . 2009-05-31 01:5138224----a-w-c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 21:53 . 2009-05-31 01:5219160----a-w-c:\windows\system32\drivers\mbam.sys 2009-09-09 13:57 . 2005-09-22 03:54--------d-----w-c:\program files\Common Files\AOL 2009-09-09 07:10 . 2009-06-14 04:04--------d-----w-c:\program files\Microsoft Silverlight 2009-09-09 04:16 . 2005-09-22 03:55--------d-----w-c:\documents and settings\All Users\Application Data\AOL 2009-09-08 16:29 . 2009-09-07 17:28--------d-----w-c:\program files\AOL 9.0 2009-09-07 17:31 . 2005-09-22 03:56--------d-----w-c:\documents and settings\Compaq_Administrator\Application Data\AOL 2009-09-07 17:30 . 2009-09-07 17:28--------d-----w-c:\program files\Common Files\aolshare 2009-09-07 17:30 . 2005-09-22 03:56--------d-----w-c:\program files\Common Files\Nullsoft 2009-09-07 17:24 . 2006-05-14 03:58--------d-----w-c:\documents and settings\All Users\Application Data\AOL Downloads 2009-08-30 15:04 . 2009-08-30 15:04--------d-----w-c:\documents and settings\Compaq_Administrator\Application Data\PokerCreations 2009-08-30 14:47 . 2009-08-30 14:47--------d-----w-c:\documents and settings\Compaq_Administrator\Application Data\NLOP 2009-08-30 14:47 . 2009-08-30 14:47--------d-----w-c:\program files\NLOP 2009-08-25 22:47 . 2009-08-25 22:41--------d-----w-c:\program files\Microsoft Money 2006 2009-08-25 13:42 . 2005-10-14 03:2162864----a-w-c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-17 16:10 . 2009-06-14 22:321279456----a-w-c:\windows\system32\aswBoot.exe 2009-08-17 16:06 . 2009-06-14 22:3393392----a-w-c:\windows\system32\drivers\aswmon.sys 2009-08-17 16:06 . 2009-06-14 22:3394160----a-w-c:\windows\system32\drivers\aswmon2.sys 2009-08-17 16:05 . 2009-06-14 22:33114768----a-w-c:\windows\system32\drivers\aswSP.sys 2009-08-17 16:05 . 2009-06-14 22:3320560----a-w-c:\windows\system32\drivers\aswFsBlk.sys 2009-08-17 16:04 . 2009-06-14 22:3351376----a-w-c:\windows\system32\drivers\aswTdi.sys 2009-08-17 16:04 . 2009-06-14 22:3323152----a-w-c:\windows\system32\drivers\aswRdr.sys 2009-08-17 16:03 . 2009-06-14 22:3326944----a-w-c:\windows\system32\drivers\aavmker4.sys 2009-08-17 16:02 . 2009-06-14 22:3397480----a-w-c:\windows\system32\AvastSS.scr 2009-08-16 02:02 . 2008-07-03 06:1434----a-w-c:\documents and settings\Compaq_Administrator\jagex_runescape_preferences.dat 2009-08-07 02:24 . 2004-08-10 19:00327896----a-w-c:\windows\system32\wucltui.dll 2009-08-07 02:24 . 2004-08-10 19:00209632----a-w-c:\windows\system32\wuweb.dll 2009-08-07 02:24 . 2005-09-22 04:0944768----a-w-c:\windows\system32\wups2.dll 2009-08-07 02:24 . 2004-08-10 19:0035552----a-w-c:\windows\system32\wups.dll 2009-08-07 02:24 . 2004-08-10 19:0053472------w-c:\windows\system32\wuauclt.exe 2009-08-07 02:24 . 2004-08-10 19:0096480----a-w-c:\windows\system32\cdm.dll 2009-08-07 02:23 . 2004-08-10 19:00575704----a-w-c:\windows\system32\wuapi.dll 2009-08-07 02:23 . 2006-06-09 23:24274288----a-w-c:\windows\system32\mucltui.dll 2009-08-07 02:23 . 2005-05-26 11:19215920----a-w-c:\windows\system32\muweb.dll 2009-08-07 02:23 . 2004-08-10 19:001929952----a-w-c:\windows\system32\wuaueng.dll 2009-08-05 09:01 . 2004-08-10 19:00204800----a-w-c:\windows\system32\mswebdvd.dll 2009-07-17 19:49 . 2009-07-17 19:490----a-w-c:\documents and settings\Compaq_Administrator\settings.dat 2009-07-17 19:01 . 2004-08-10 19:0058880----a-w-c:\windows\system32\atl.dll 2007-10-23 04:20 . 2007-10-23 04:20251----a-w-c:\program files\wt3d.ini . ((((((((((((((((((((((((((((( [emailprotected]_00.22.39 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-13 23:50 . 2009-10-13 23:5016384 c:\windows\Temp\Perflib_Perfdata_390.dat + 2005-06-07 06:55 . 2009-10-13 23:5572652 c:\windows\system32\perfc009.dat + 2009-10-13 00:30 . 2009-10-13 00:3020480 c:\windows\Installer\84803.msi + 2005-06-07 06:55 . 2009-10-13 23:55444472 c:\windows\system32\perfh009.dat + 2009-10-13 00:33 . 2009-10-13 00:333938816 c:\windows\Installer\84809.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AOL Fast Start"="c:\program files\AOL 9.0\AOL.EXE" [2007-04-18 50736] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 19:05356352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication PackagesREG_MULTI_SZ msv1_0 nwprovau [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk backup=c:\windows\pss\Compaq Connections.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk] path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^Styler.lnk] path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\Styler.lnk backup=c:\windows\pss\Styler.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Microsoft Plus! Photo Story 2 LE\\PS2Trial.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"= "c:\\Program Files\\Warcraft II BNE\\Warcraft II BNE.exe"= "c:\\Soldat\\Soldat.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Skulltag\\Skulltag.exe"= "c:\\Program Files\\Skulltag\\Idese.exe"= "c:\\Program Files\\Skulltag\\Rcon_Utility.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "67:UDP"= 67:UDP:DHCP Discovery Service "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/14/2009 3:33 PM 114768] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [5/6/2009 9:37 PM 159600] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/15/2009 5:17 PM 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 5:17 PM 55024] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/14/2009 3:33 PM 20560] R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [8/10/2004 12:00 PM 14336] R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [5/6/2009 9:37 PM 73840] R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [3/22/2005 7:17 PM 547744] R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [5/6/2009 9:36 PM 95640] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 2:10 PM 32512] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 5:17 PM 7408] S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sys --> c:\windows\system32\XDva037.sys [?] S3 XDva167;XDva167;\??\c:\windows\system32\XDva167.sys --> c:\windows\system32\XDva167.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-10-01 c:\windows\Tasks\HPCeeSchedule.job - c:\progra~1\EASYIN~1\Ceement\HPCEE.exe [2005-05-24 23:46] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/keyword/%s DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\p1c3jbp5.default\ FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll FF - plugin: c:\program files\eMusic Download Manager\plugin\npemusic.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-13 17:04 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3802107105-356159331-2220808391-1008\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1732) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2136) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\program files\Stardock\Object Desktop\IconPackager\iprepair.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Microsoft Virtual PC\VPCShExH.DLL c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-10-14 17:06 ComboFix-quarantined-files.txt 2009-10-14 00:06 ComboFix2.txt 2009-10-13 00:26 Pre-Run: 54,755,573,760 bytes free Post-Run: 54,760,435,712 bytes free 222--- E O F ---2009-09-09 07:04 Things are running great right now, I have full connection with Firefox in normal mode.1) Please manually delete this file c:\documents and settings\All Users\Application Data\Viewpoint 2) * Right-Click My Computer choose Explore, click on Tools, Folder Options. * Click the View tab. * Place a tick next to Display content of System folders, (answer OK to warnings) * Under Hidden files and folders, click Show hidden files and folders. * If you see a warning message, click Yes. * Click Apply. * Click OK. Now please upload these files to virustotal and post the results in your next reply. c:\windows\system32\XDva037.sys c:\windows\system32\XDva167.sys |
|