Please review my Combofix log...getting redirected
| Author |
Message |
viberader
Joined: 02 Nov 2009
Posts: 2
|
 Post subject: Please review my Combofix log...getting redirected |
 |
|
I am getting redirected but I am not noticing any slowdown...just obnoxious redirecting. I am using Firefox.
ComboFix 09-11-01.04 - Daddy 11/02/2009 16:12.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.412 [GMT -8:00]
Running from: c:\documents and settings\Daddy\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1356 [VPS 091102-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((( Files Created from 2009-10-03 to 2009-11-03 )))))))))))))))))))))))))))))))
.
2009-11-03 00:05 . 2005-08-15 20:08 5888 ----a-w- c:\windows\system32\drivers\imagedrv.sys
2009-11-02 23:32 . 2008-12-11 16:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-02 23:32 . 2009-08-24 22:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-02 23:32 . 2009-08-19 19:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-02 23:31 . 2009-11-02 23:35 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-02 23:31 . 2008-12-10 19:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-02 23:31 . 2009-11-03 00:28 -------- d-----w- c:\program files\Spyware Doctor
2009-11-02 23:31 . 2009-11-02 23:31 -------- d-----w- c:\documents and settings\Daddy\Application Data\PC Tools
2009-11-02 23:31 . 2009-11-02 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-11-02 13:10 . 2009-11-02 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-02 13:09 . 2009-11-02 13:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-02 13:09 . 2009-11-02 13:09 -------- d-----w- c:\documents and settings\Daddy\Application Data\SUPERAntiSpyware.com
2009-11-02 13:08 . 2009-11-02 13:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-02 10:38 . 2009-09-15 11:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-02 10:38 . 2009-09-15 11:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-02 10:38 . 2009-09-15 11:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-02 10:38 . 2009-09-15 11:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-02 10:38 . 2009-09-15 11:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-02 10:38 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-02 10:38 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-02 10:38 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-02 10:38 . 2009-09-15 11:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-02 10:38 . 2009-11-02 10:38 -------- d-----w- c:\program files\Alwil Software
2009-11-02 10:12 . 2009-11-02 10:12 -------- d-----w- C:\RootkitNO
2009-11-02 10:10 . 2009-11-02 10:10 2 --shatr- c:\windows\winstart.bat
2009-11-02 10:09 . 2009-11-02 10:09 34760 ----a-w- c:\windows\system32\drivers\Partizan.sys
2009-11-02 10:09 . 2009-11-02 10:09 35040 ----a-w- c:\windows\system32\Partizan.exe
2009-11-02 10:09 . 2009-10-28 18:15 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2009-11-02 10:08 . 2009-11-02 22:56 -------- d-----w- c:\program files\UnHackMe
2009-11-02 10:08 . 2009-10-01 17:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 10:03 . 2009-11-02 10:03 -------- d-----w- c:\program files\Windows Defender
2009-11-01 14:03 . 2009-11-01 10:40 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-01 10:40 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-01 10:40 . 2009-11-01 10:40 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-01 10:38 . 2009-11-01 10:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-01 09:48 . 2009-11-01 09:48 -------- d-----w- c:\program files\Trend Micro
2009-11-01 09:47 . 2009-11-01 09:47 -------- d-----w- c:\program files\Lavasoft
2009-11-01 09:47 . 2009-11-01 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-31 10:33 . 2009-10-31 10:33 -------- d-----w- c:\documents and settings\Daddy\Application Data\Malwarebytes
2009-10-31 10:33 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-31 10:33 . 2009-10-31 10:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-31 10:33 . 2009-10-31 10:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-31 10:33 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-29 10:25 . 2006-06-19 20:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-10-29 10:25 . 2006-05-25 22:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-10-29 10:25 . 2005-08-26 08:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-10-29 10:25 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-10-29 10:25 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-10-29 10:25 . 2009-10-29 10:56 -------- d-----w- c:\program files\Trojan Remover
2009-10-29 10:25 . 2009-10-29 10:25 -------- d-----w- c:\documents and settings\Daddy\Application Data\Simply Super Software
2009-10-29 10:25 . 2009-10-29 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-10-29 09:28 . 2009-10-29 10:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-29 09:28 . 2009-10-29 09:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-29 09:20 . 2009-10-29 10:48 -------- d-----w- c:\program files\MagicDVDCopier
2009-10-22 10:18 . 2009-10-22 10:18 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-10-19 08:33 . 2009-10-19 09:22 -------- d-----w- c:\program files\iLuminaPremium
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-03 00:42 . 2007-12-24 23:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-03 00:05 . 2004-08-04 10:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-01 09:44 . 2007-12-15 09:18 -------- d-----w- c:\program files\PeerGuardian2
2009-11-01 09:44 . 2007-12-15 09:14 -------- d-----w- c:\documents and settings\Daddy\Application Data\uTorrent
2009-10-29 09:20 . 2008-01-28 02:28 -------- d-----w- c:\documents and settings\Daddy\Application Data\Vso
2009-10-26 21:47 . 2009-09-26 18:14 -------- d-----w- c:\documents and settings\Daddy\Application Data\HpUpdate
2009-10-14 06:00 . 2009-07-19 10:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-08 05:55 . 2008-01-22 03:35 -------- d-----w- c:\documents and settings\Daddy\Application Data\Apple Computer
2009-10-03 16:40 . 2009-10-03 06:12 -------- d-----w- c:\documents and settings\Daddy\Application Data\Move Networks
2009-09-26 18:15 . 2008-01-23 05:42 -------- d-----w- c:\program files\HP
2009-09-24 21:11 . 2008-01-22 03:34 -------- d-----w- c:\program files\iTunes
2009-09-24 21:10 . 2008-01-22 03:34 -------- d-----w- c:\program files\iPod
2009-09-24 21:10 . 2008-01-22 03:32 -------- d-----w- c:\program files\Common Files\Apple
2009-09-15 09:49 . 2009-08-28 07:27 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-15 09:48 . 2009-08-29 06:36 762176 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-11 14:18 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 06:31 . 2009-09-11 06:30 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-11 06:27 . 2009-09-11 06:26 -------- d-----w- c:\program files\QuickTime
2009-09-09 04:04 . 2009-09-09 04:04 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}
2009-09-04 21:03 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-08-04 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-29 02:42 . 2009-09-11 06:22 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-29 02:42 . 2008-01-29 04:30 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-26 08:00 . 2004-08-04 10:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-19 07:30 . 2009-08-18 09:09 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-08-19 07:30 . 2009-08-18 09:09 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-19 07:29 . 2009-08-19 07:31 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2009-08-19 07:29 . 2008-01-29 19:01 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-18 19:20 . 2009-08-18 09:09 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-08-18 06:33 . 2009-08-18 06:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-07 02:24 . 2007-12-13 06:01 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 02:24 . 2007-12-13 06:01 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 02:24 . 2007-12-13 06:01 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 02:24 . 2007-07-31 03:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 02:24 . 2007-12-13 06:01 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 02:24 . 2004-08-04 10:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 02:23 . 2007-12-13 06:01 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 02:23 . 2007-12-24 11:43 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 02:23 . 2007-12-13 06:01 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-07 02:23 . 2007-07-31 03:18 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 03:44 . 2005-03-30 01:23 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2007-12-15 08:25 . 2009-07-01 07:05 262144 ----a-w- c:\program files\Uninstall Spy Blocker.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hot Keyboard"="c:\program files\Hot Keyboard\hotkeyb.exe" [1999-10-16 356352]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"UnHackMe Monitor"="c:\program files\UnHackMe\hackmon.exe" [2009-10-28 238304]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-13 2000112]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-06-29 32768]
"LWBMOUSE"="c:\program files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe" [2001-03-26 429568]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-29 1070984]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-09-15 81000]
"TraySantaCruz"="c:\windows\system32\tbctray.exe" [2003-06-23 290816]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]
"WD Button Manager"="WDBtnMgr.exe" - c:\windows\system32\WDBtnMgr.exe [2007-12-15 339968]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2009-01-15 86016]
c:\documents and settings\Daddy\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-17 113664]
M-Drive.bat [2004-1-16 23]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-1-24 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-17 113664]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 23:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0Partizan\0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Daddy\\Desktop\\utorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/1/2009 2:40 AM 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/2/2009 3:32 PM 206256]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0305020.00B\SymEFA.sys [8/31/2009 4:57 PM 310320]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/2/2009 2:38 AM 114768]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0305020.00B\BHDrvx86.sys [8/31/2009 4:57 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0305020.00B\cchpx86.sys [8/31/2009 4:57 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091028.004\IDSXpx86.sys [10/28/2009 2:37 PM 329592]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 9:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/2/2009 2:38 AM 20560]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [8/31/2009 4:57 PM 117640]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 8:31 PM 102448]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 7408]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [6/23/2003 12:15 PM 149632]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [6/23/2003 12:15 PM 554304]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [11/2/2009 2:09 AM 34760]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 2:53 PM 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 2:52 PM 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 2:52 PM 166384]
S2 SessionLauncher;SessionLauncher;c:\docume~1\Daddy\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\Daddy\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 3:17 AM 1179232]
S3 R-ImageDisk;R-ImageDisk;c:\program files\R-Drive Image\R-ImageDisk.sys [4/2/2007 2:49 AM 70539]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 2:53 PM 72176]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 2:52 PM 1083888]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/2/2009 3:31 PM 348824]
S3 vtdg46xx;vtdg46xx;c:\progra~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys [6/13/2003 4:45 PM 19232]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - mchInjDrv
*Deregistered* - UnHackMeDrv
.
Contents of the 'Scheduled Tasks' folder
2009-11-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 10:39]
2009-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 20:34]
2009-11-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Handle with &Hot Keyboard - c:\program files\Hot Keyboard\IEScript.htm
FF - ProfilePath - c:\documents and settings\Daddy\Application Data\Mozilla\Firefox\Profiles\c24upb56.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\Daddy\Application Data\Move Networks\plugins\npqmp071502000008.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-NWEReboot - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-02 16:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87355E07]<<
kernel: MBR read successfully
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.5.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-73586283-1965331169-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:93,df,27,f2,6d,66,c2,2b,8b,77,0a,30,9d,2e,98,e7,e9,96,f5,56,b6,28,e5,
06,38,05,63,40,fc,f7,b9,7b,c0,ad,b9,bf,fa,40,41,6b,f4,66,bb,d1,da,34,0e,d4,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:45,e2,30,0a,e8,24,51,63,e9,2f,46,d8,f0,dc,66,b8,0d,bd,4b,77,1e,
bb,42,f7,4c,a8,8e,8d,d9,ba,ee,6b,48,54,71,23,c0,bb,bc,6e,c5,53,32,4b,3a,c3,\
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:45,e2,30,0a,e8,24,51,63,e9,2f,46,d8,f0,dc,66,b8,0d,bd,4b,77,1e,
bb,42,f7,4c,a8,8e,8d,d9,ba,ee,6b,48,54,71,23,c0,bb,bc,6e,c5,53,32,4b,3a,c3,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1084)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'explorer.exe'(3980)
c:\program files\Browser Mouse\Browser Mouse\1.0\MOUSEDLL.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-11-03 16:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-03 00:51
Pre-Run: 82,455,269,376 bytes free
Post-Run: 82,577,383,424 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - FD1AEAE7133ABAAD0DFC91DF8A8D3CE1 |
|
Mon Nov 02, 2009 7:45 pm
 |
|
 |
rodi
Site Admin
Joined: 23 Jun 2009
Posts: 128
|
| Post subject: |
|
|
Hello,
First of all, is Windows Hosts file not effected?
C:/WINDOWS/system32/drivers/etc/hosts (open with notepad)
Each line that start with a '#' symbol is a comment line.
Basically the only thing you need in that host file is this line:
127.0.0.1 localhost
If not, then post the content of the Hosts file here.
Then download CCleaner, run a system scan and remove all unnecessary files and registry entries. Download from: http://www.ccleaner.com/
After that use HijackThis and post a scan log here. (choose "do a system scan and save a log file from HijackThis menu)
Download link:
http://go.trendmicro.com/free-tools/hijackthis/HijackThis.exe
Good luck! |
|
Tue Nov 03, 2009 9:49 am
|
|
|
viberader
Joined: 02 Nov 2009
Posts: 2
|
| Post subject: |
|
|
Rodi,
Thanks for your response. After reading numerous posts I got the general idea on where to start. After I posted this I ran CCleaner, Malwarebytes, sysclean, and a number of other apps. I am pretty sure that after running Ccleaner my problem was fixed. Anyway everything is good as far as i can tell.
I really appreciate you responding to my post and thank you very much for your time. I know things of this nature can take a lot of time.
Sincerely,
Bob Rader |
|
Tue Nov 03, 2009 5:26 pm
|
|
|
rodi
Site Admin
Joined: 23 Jun 2009
Posts: 128
|
| Post subject: |
|
|
You are welcome Bob  |
|
Wed Nov 04, 2009 4:21 am
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
Recommended software:
Spyware Doctor
 (91/100)
Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and easy-to-manage...
Malwarebytes Anti Malware
 (89/100)
There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t have many features. One such...
Spy Sweeper
 (85/100)
Spy Sweeper is one of the most powerful and effective spyware removers available today. This Webroot Software's product uses unique, patent-pending parasite detection and removal...
Windows Defender
 (80/100)
Windows Defender is a free anti-spyware program made by the leading software company to add native spyware protection to its most popular product - the Microsoft Windows operating...
SUPERAntiSpyware
 (75/100)
SUPERAntiSpyware is a powerful, highly effective spyware remover introducing advanced parasite detection and removal features along with reliable real-time protection. The program is not...
Encyclopedia of parasites:
|
