NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  
February 13, 2012, 10:10:02 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: SMF - Just Installed!
 
   Home   Help Search Login Register  

Please review my Combofix log...getting redirected


AddThis Social Bookmark Button AddThis Feed Button
Pages: [1]
« previous next »
  Print  
Author Topic: Please review my Combofix log...getting redirected  (Read 1280 times)
viberader
Newbie
*
Posts: 2


View Profile
« on: November 02, 2009, 01:45:26 PM »
I am getting redirected but I am not noticing any slowdown...just obnoxious redirecting. I am using Firefox.

ComboFix 09-11-01.04 - Daddy 11/02/2009 16:12.1.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.412 [GMT -8:00]
Running from: c:\documents and settings\Daddy\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1356 [VPS 091102-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

(((((((((((((((((((((((((   Files Created from 2009-10-03 to 2009-11-03  )))))))))))))))))))))))))))))))
.

2009-11-03 00:05 . 2005-08-15 20:08   5888   ----a-w-   c:\windows\system32\drivers\imagedrv.sys
2009-11-02 23:32 . 2008-12-11 16:38   159600   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
2009-11-02 23:32 . 2009-08-24 22:05   206256   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2009-11-02 23:32 . 2009-08-19 19:01   86888   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-02 23:31 . 2009-11-02 23:35   --------   d-----w-   c:\program files\Common Files\PC Tools
2009-11-02 23:31 . 2008-12-10 19:36   64392   ----a-w-   c:\windows\system32\drivers\pctplsg.sys
2009-11-02 23:31 . 2009-11-03 00:28   --------   d-----w-   c:\program files\Spyware Doctor
2009-11-02 23:31 . 2009-11-02 23:31   --------   d-----w-   c:\documents and settings\Daddy\Application Data\PC Tools
2009-11-02 23:31 . 2009-11-02 23:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Tools
2009-11-02 13:10 . 2009-11-02 13:10   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-02 13:09 . 2009-11-02 13:10   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-11-02 13:09 . 2009-11-02 13:09   --------   d-----w-   c:\documents and settings\Daddy\Application Data\SUPERAntiSpyware.com
2009-11-02 13:08 . 2009-11-02 13:08   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-11-02 10:38 . 2009-09-15 11:54   23152   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2009-11-02 10:38 . 2009-09-15 11:54   52368   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2009-11-02 10:38 . 2009-09-15 11:53   27408   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2009-11-02 10:38 . 2009-09-15 11:53   97480   ----a-w-   c:\windows\system32\AvastSS.scr
2009-11-02 10:38 . 2009-09-15 11:56   93424   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2009-11-02 10:38 . 2009-09-15 11:56   94160   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2009-11-02 10:38 . 2009-09-15 11:55   114768   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2009-11-02 10:38 . 2009-09-15 11:55   20560   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2009-11-02 10:38 . 2009-09-15 11:59   1279968   ----a-w-   c:\windows\system32\aswBoot.exe
2009-11-02 10:38 . 2009-11-02 10:38   --------   d-----w-   c:\program files\Alwil Software
2009-11-02 10:12 . 2009-11-02 10:12   --------   d-----w-   C:\RootkitNO
2009-11-02 10:10 . 2009-11-02 10:10   2   --shatr-   c:\windows\winstart.bat
2009-11-02 10:09 . 2009-11-02 10:09   34760   ----a-w-   c:\windows\system32\drivers\Partizan.sys
2009-11-02 10:09 . 2009-11-02 10:09   35040   ----a-w-   c:\windows\system32\Partizan.exe
2009-11-02 10:09 . 2009-10-28 18:15   12752   ----a-w-   c:\windows\system32\drivers\UnHackMeDrv.sys
2009-11-02 10:08 . 2009-11-02 22:56   --------   d-----w-   c:\program files\UnHackMe
2009-11-02 10:08 . 2009-10-01 17:29   195440   ------w-   c:\windows\system32\MpSigStub.exe
2009-11-02 10:03 . 2009-11-02 10:03   --------   d-----w-   c:\program files\Windows Defender
2009-11-01 14:03 . 2009-11-01 10:40   15880   ----a-w-   c:\windows\system32\lsdelete.exe
2009-11-01 10:40 . 2009-09-23 12:55   64288   ----a-w-   c:\windows\system32\drivers\Lbd.sys
2009-11-01 10:40 . 2009-11-01 10:40   93360   ----a-w-   c:\windows\system32\drivers\SBREDrv.sys
2009-11-01 10:38 . 2009-11-01 10:38   --------   dc-h--w-   c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-01 09:48 . 2009-11-01 09:48   --------   d-----w-   c:\program files\Trend Micro
2009-11-01 09:47 . 2009-11-01 09:47   --------   d-----w-   c:\program files\Lavasoft
2009-11-01 09:47 . 2009-11-01 10:00   --------   d-----w-   c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-31 10:33 . 2009-10-31 10:33   --------   d-----w-   c:\documents and settings\Daddy\Application Data\Malwarebytes
2009-10-31 10:33 . 2009-09-10 21:54   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-31 10:33 . 2009-10-31 10:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-31 10:33 . 2009-10-31 10:33   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-10-31 10:33 . 2009-09-10 21:53   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-10-29 10:25 . 2006-06-19 20:01   69632   ----a-w-   c:\windows\system32\ztvcabinet.dll
2009-10-29 10:25 . 2006-05-25 22:52   162304   ----a-w-   c:\windows\system32\ztvunrar36.dll
2009-10-29 10:25 . 2005-08-26 08:50   77312   ----a-w-   c:\windows\system32\ztvunace26.dll
2009-10-29 10:25 . 2003-02-03 03:06   153088   ----a-w-   c:\windows\system32\UNRAR3.dll
2009-10-29 10:25 . 2002-03-06 08:00   75264   ----a-w-   c:\windows\system32\unacev2.dll
2009-10-29 10:25 . 2009-10-29 10:56   --------   d-----w-   c:\program files\Trojan Remover
2009-10-29 10:25 . 2009-10-29 10:25   --------   d-----w-   c:\documents and settings\Daddy\Application Data\Simply Super Software
2009-10-29 10:25 . 2009-10-29 10:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\Simply Super Software
2009-10-29 09:28 . 2009-10-29 10:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-29 09:28 . 2009-10-29 09:30   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2009-10-29 09:20 . 2009-10-29 10:48   --------   d-----w-   c:\program files\MagicDVDCopier
2009-10-22 10:18 . 2009-10-22 10:18   --------   d-----w-   c:\program files\Common Files\Blizzard Entertainment
2009-10-19 08:33 . 2009-10-19 09:22   --------   d-----w-   c:\program files\iLuminaPremium

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-03 00:42 . 2007-12-24 23:06   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2009-11-03 00:05 . 2004-08-04 10:00   96512   ----a-w-   c:\windows\system32\drivers\atapi.sys
2009-11-01 09:44 . 2007-12-15 09:18   --------   d-----w-   c:\program files\PeerGuardian2
2009-11-01 09:44 . 2007-12-15 09:14   --------   d-----w-   c:\documents and settings\Daddy\Application Data\uTorrent
2009-10-29 09:20 . 2008-01-28 02:28   --------   d-----w-   c:\documents and settings\Daddy\Application Data\Vso
2009-10-26 21:47 . 2009-09-26 18:14   --------   d-----w-   c:\documents and settings\Daddy\Application Data\HpUpdate
2009-10-14 06:00 . 2009-07-19 10:18   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-08 05:55 . 2008-01-22 03:35   --------   d-----w-   c:\documents and settings\Daddy\Application Data\Apple Computer
2009-10-03 16:40 . 2009-10-03 06:12   --------   d-----w-   c:\documents and settings\Daddy\Application Data\Move Networks
2009-09-26 18:15 . 2008-01-23 05:42   --------   d-----w-   c:\program files\HP
2009-09-24 21:11 . 2008-01-22 03:34   --------   d-----w-   c:\program files\iTunes
2009-09-24 21:10 . 2008-01-22 03:34   --------   d-----w-   c:\program files\iPod
2009-09-24 21:10 . 2008-01-22 03:32   --------   d-----w-   c:\program files\Common Files\Apple
2009-09-15 09:49 . 2009-08-28 07:27   --------   d-----w-   c:\program files\Microsoft Silverlight
2009-09-15 09:48 . 2009-08-29 06:36   762176   ----a-w-   c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-11 14:18 . 2004-08-04 10:00   136192   ----a-w-   c:\windows\system32\msv1_0.dll
2009-09-11 06:31 . 2009-09-11 06:30   --------   d-----w-   c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-11 06:27 . 2009-09-11 06:26   --------   d-----w-   c:\program files\QuickTime
2009-09-09 04:04 . 2009-09-09 04:04   --------   dc-h--w-   c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}
2009-09-04 21:03 . 2004-08-04 10:00   58880   ----a-w-   c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-08-04 10:00   17408   ----a-w-   c:\windows\system32\corpol.dll
2009-08-29 02:42 . 2009-09-11 06:22   2065696   ----a-w-   c:\windows\system32\usbaaplrc.dll
2009-08-29 02:42 . 2008-01-29 04:30   40448   ----a-w-   c:\windows\system32\drivers\usbaapl.sys
2009-08-26 08:00 . 2004-08-04 10:00   247326   ----a-w-   c:\windows\system32\strmdll.dll
2009-08-19 07:30 . 2009-08-18 09:09   60808   ----a-w-   c:\windows\system32\S32EVNT1.DLL
2009-08-19 07:30 . 2009-08-18 09:09   124976   ----a-w-   c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-19 07:29 . 2009-08-19 07:31   107368   ----a-r-   c:\windows\system32\GEARAspi.dll
2009-08-19 07:29 . 2008-01-29 19:01   26600   ----a-r-   c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-18 19:20 . 2009-08-18 09:09   36400   ----a-r-   c:\windows\system32\drivers\SymIM.sys
2009-08-18 06:33 . 2009-08-18 06:33   1193832   ----a-w-   c:\windows\system32\FM20.DLL
2009-08-07 02:24 . 2007-12-13 06:01   209632   ----a-w-   c:\windows\system32\wuweb.dll
2009-08-07 02:24 . 2007-12-13 06:01   327896   ----a-w-   c:\windows\system32\wucltui.dll
2009-08-07 02:24 . 2007-12-13 06:01   35552   ----a-w-   c:\windows\system32\wups.dll
2009-08-07 02:24 . 2007-07-31 03:19   44768   ----a-w-   c:\windows\system32\wups2.dll
2009-08-07 02:24 . 2007-12-13 06:01   53472   ----a-w-   c:\windows\system32\wuauclt.exe
2009-08-07 02:24 . 2004-08-04 10:00   96480   ----a-w-   c:\windows\system32\cdm.dll
2009-08-07 02:23 . 2007-12-13 06:01   575704   ----a-w-   c:\windows\system32\wuapi.dll
2009-08-07 02:23 . 2007-12-24 11:43   274288   ----a-w-   c:\windows\system32\mucltui.dll
2009-08-07 02:23 . 2007-12-13 06:01   1929952   ----a-w-   c:\windows\system32\wuaueng.dll
2009-08-07 02:23 . 2007-07-31 03:18   215920   ----a-w-   c:\windows\system32\muweb.dll
2009-08-05 09:01 . 2004-08-04 10:00   204800   ----a-w-   c:\windows\system32\mswebdvd.dll
2009-08-05 03:44 . 2005-03-30 01:23   2189184   ----a-w-   c:\windows\system32\ntoskrnl.exe
2007-12-15 08:25 . 2009-07-01 07:05   262144   ----a-w-   c:\program files\Uninstall Spy Blocker.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hot Keyboard"="c:\program files\Hot Keyboard\hotkeyb.exe" [1999-10-16 356352]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"UnHackMe Monitor"="c:\program files\UnHackMe\hackmon.exe" [2009-10-28 238304]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-13 2000112]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-06-29 32768]
"LWBMOUSE"="c:\program files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe" [2001-03-26 429568]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-29 1070984]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-09-15 81000]
"TraySantaCruz"="c:\windows\system32\tbctray.exe" [2003-06-23 290816]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]
"WD Button Manager"="WDBtnMgr.exe" - c:\windows\system32\WDBtnMgr.exe [2007-12-15 339968]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2009-01-15 86016]

c:\documents and settings\Daddy\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-17 113664]
M-Drive.bat [2004-1-16 23]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-1-24 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-17 113664]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 23:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0lsdelete\0Partizan\0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Daddy\\Desktop\\utorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/1/2009 2:40 AM 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/2/2009 3:32 PM 206256]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0305020.00B\SymEFA.sys [8/31/2009 4:57 PM 310320]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/2/2009 2:38 AM 114768]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0305020.00B\BHDrvx86.sys [8/31/2009 4:57 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0305020.00B\cchpx86.sys [8/31/2009 4:57 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091028.004\IDSXpx86.sys [10/28/2009 2:37 PM 329592]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 9:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/2/2009 2:38 AM 20560]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [8/31/2009 4:57 PM 117640]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 8:31 PM 102448]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 7408]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [6/23/2003 12:15 PM 149632]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [6/23/2003 12:15 PM 554304]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [11/2/2009 2:09 AM 34760]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 2:53 PM 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 2:52 PM 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 2:52 PM 166384]
S2 SessionLauncher;SessionLauncher;c:\docume~1\Daddy\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\Daddy\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 3:17 AM 1179232]
S3 R-ImageDisk;R-ImageDisk;c:\program files\R-Drive Image\R-ImageDisk.sys [4/2/2007 2:49 AM 70539]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 2:53 PM 72176]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 2:52 PM 1083888]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/2/2009 3:31 PM 348824]
S3 vtdg46xx;vtdg46xx;c:\progra~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys [6/13/2003 4:45 PM 19232]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - mchInjDrv
*Deregistered* - UnHackMeDrv
.
Contents of the 'Scheduled Tasks' folder

2009-11-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 10:39]

2009-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 20:34]

2009-11-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Handle with &Hot Keyboard - c:\program files\Hot Keyboard\IEScript.htm
FF - ProfilePath - c:\documents and settings\Daddy\Application Data\Mozilla\Firefox\Profiles\c24upb56.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\Daddy\Application Data\Move Networks\plugins\npqmp071502000008.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NWEReboot - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-02 16:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87355E07]<<
kernel: MBR read successfully
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.5.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-73586283-1965331169-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:93,df,27,f2,6d,66,c2,2b,8b,77,0a,30,9d,2e,98,e7,e9,96,f5,56,b6,28,e5,
   06,38,05,63,40,fc,f7,b9,7b,c0,ad,b9,bf,fa,40,41,6b,f4,66,bb,d1,da,34,0e,d4,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:45,e2,30,0a,e8,24,51,63,e9,2f,46,d8,f0,dc,66,b8,0d,bd,4b,77,1e,
   bb,42,f7,4c,a8,8e,8d,d9,ba,ee,6b,48,54,71,23,c0,bb,bc,6e,c5,53,32,4b,3a,c3,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:45,e2,30,0a,e8,24,51,63,e9,2f,46,d8,f0,dc,66,b8,0d,bd,4b,77,1e,
   bb,42,f7,4c,a8,8e,8d,d9,ba,ee,6b,48,54,71,23,c0,bb,bc,6e,c5,53,32,4b,3a,c3,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1084)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3980)
c:\program files\Browser Mouse\Browser Mouse\1.0\MOUSEDLL.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-11-03 16:51 - machine was rebooted
ComboFix-quarantined-files.txt  2009-11-03 00:51

Pre-Run: 82,455,269,376 bytes free
Post-Run: 82,577,383,424 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - FD1AEAE7133ABAAD0DFC91DF8A8D3CE1
Logged
rodi
Administrator
Newbie
*****
Posts: 245


View Profile
« Reply #1 on: November 03, 2009, 03:49:13 AM »
Hello,

First of all, is Windows Hosts file not effected?
C:/WINDOWS/system32/drivers/etc/hosts (open with notepad)

Each line that start with a '#' symbol is a comment line.
Basically the only thing you need in that host file is this line:
127.0.0.1 localhost

If not, then post the content of the Hosts file here.

Then download CCleaner, run a system scan and remove all unnecessary files and registry entries. Download from: http://www.ccleaner.com/

After that use HijackThis and post a scan log here. (choose "do a system scan and save a log file from HijackThis menu)

Download link:
http://go.trendmicro.com/free-tools/hijackthis/HijackThis.exe

Good luck!
Logged
viberader
Newbie
*
Posts: 2


View Profile
« Reply #2 on: November 03, 2009, 11:26:58 AM »
Rodi,

Thanks for your response. After reading numerous posts I got the general idea on where to start. After I posted this I ran CCleaner, Malwarebytes, sysclean, and a number of other apps. I am pretty sure that after running Ccleaner my problem was fixed. Anyway everything is good as far as i can tell.

I really appreciate you responding to my post and thank you very much for your time. I know things of this nature can take a lot of time.

Sincerely,

Bob Rader
Logged
rodi
Administrator
Newbie
*****
Posts: 245


View Profile
« Reply #3 on: November 03, 2009, 10:21:32 PM »
You are welcome Bob  Smiley
Logged
Pages: [1]
  Print  
« previous next »
 
Jump to:  




Recommended software:
STOPzilla
(90/100)
STOPzilla is a powerful anti-spyware program that detects, blocks, and removes malicious software allowing users to surf the Web not worrying about spyware, Trojan horses,...
Malwarebytes Anti Malware
(88/100)
There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t...
Spyware Doctor
(87/100)
Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and...
SpyHunter
(86/100)
SpyHunter is a quite simple, but yet highly effective spyware remover with an easy-to-use interface. This program is an excellent choice for users, who are...
XoftSpySE Anti Spyware
(84/100)
XoftSpySE, an anti-spyware program made by ParetoLogic, Inc., is a simple, but effective on-demand scanner with the typical set of functions but very easy to...
Encyclopedia of parasites:

Spreading the knowledge:

It is very hard to fight Computer parasites alone in internet space. If you have a website we would be more than happy if you would help us to spread the knowledge about latest threats. You can help your visitors to manage their Computer system manually without aditional expences. Knowledge is the power, we just need to spread it.
add text box
rss feed
help other
Latest Spyware Threats: Internet Security 2012 | Win 7 Total security 2012 | System Check | Win 7 Internet Security 2012 | Win 7 Home Security 2012 | Win 7 Antivirus 2012 | Win 7 Antispyware 2012 | Vista Security 2012 | Vista Antivirus 2012 | Vista Antispyware 2012 | XP Antispyware 2012 | XP Antivirus 2012 | XP Security 2012 | XP Home Security 2012 | Security Shield
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2011 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.