ABnow.com Google redirect infection

**diver79** · 2012-04-10, 09:11

Hi rockmypunkk,

Do you know if it also cleaned the infections stopzilla found?

No, it hasnt cleaned out everything yet. I need to look through the logs from Combofix and DDS before we deal with them.

Ran stopzilla again and 100 of the infections are gone but 67 still remain I'll type them out and their locations

Please do not run any more scans unless instructed so here. As I said before, this can be a tricky infection to remove, if you do it wrong you can turn your computer into an expensive paper weight.

No anti-virus
Looking over your log, it seems you don't have any anti-virus software installed.
Please download and install a free anti-virus software from one these excellent vendors.

avast! Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
Microsoft Security Essentials - Free and provides real-time protection for your home PC.

Note: You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

I will post further instructions later today.

diver79

**rockmypunkk** · 2012-04-10, 14:39

Okay I've installed avast av and await further instructions

**diver79** · 2012-04-10, 21:37

Hi rockmypunkk,

Please run the Combofix cfscript below and then re-run DDS. Let me know how the PC is performing after running the fix.

ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!

Please open Notepad and copy/paste all the text below... into the window:

Code:

DDS::
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - No File
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
FireFox::
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube
FF - prefs.js: keyword.URL - hxxp://flvtubesearch.co/?prt=02ff&clid=&subid=&Keywords=
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
File::
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
ADS::
C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
ClearJavaCache::

Save it to your desktop as CFScript.txt
Please disable avast! Antivirus .
Right Click on the Avast! icon in the System tray and select Avast Shields Control.
Select Disable until Computer is restarted.

Please close all open application windows.
Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:

This will cause ComboFix to run again.
Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
Do Not touch your computer when ComboFix is running!
When finished ComboFix will create a log file... you can save this file to a convenient place.

Please copy/paste the ComboFix log file in your next reply.

Next re-run DDS and post the contents of dds.txt

Let me know how the computer is performing after you run Combofix.

**rockmypunkk** · 2012-04-10, 23:46

NIRCMD.exe file not found error popped up again after running combofix, and my wireless card keeps getting disabled or it fails the ARP cache clear when repairing it

ComboFix 12-04-09.05 - Chris 0/2012 Tue 16:15:07.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.1012.577 [GMT -5:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chris\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\Tasks\At1.job"
"c:\windows\Tasks\At2.job"
"c:\windows\Tasks\At3.job"
"c:\windows\Tasks\At4.job"
.
Error: Cfiles.dat
.
((((((((((((((((((((((((( Files Created from 2012-03-10 to 2012-04-10 )))))))))))))))))))))))))))))))
.
.
2012-04-10 12:29 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-10 12:29 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-10 12:29 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-04-10 12:29 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-10 12:29 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-10 12:29 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-04-10 12:29 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-04-10 12:29 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-04-10 12:26 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-10 12:25 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-10 12:24 . 2012-04-10 12:24 -------- d-----w- c:\program files\AVAST Software
2012-04-10 12:24 . 2012-04-10 12:24 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-04-04 21:50 . 2012-04-04 21:50 -------- d-----w- c:\program files\Common Files\Java
2012-04-04 21:50 . 2012-04-04 21:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-03 06:29 . 2012-01-19 15:22 42864 ----a-r- c:\windows\system32\SBBD.EXE
2012-04-03 06:29 . 2012-01-12 14:26 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-04-03 06:29 . 2012-04-03 06:29 -------- d-----w- c:\program files\STOPzilla!
2012-04-03 06:29 . 2012-04-03 06:29 -------- d-----w- c:\program files\Common Files\iS3
2012-04-03 06:29 . 2012-04-10 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2012-04-03 06:25 . 2012-04-03 06:35 -------- d-----w- c:\program files\Common Files\PC Tools
2012-04-03 06:25 . 2012-04-03 06:25 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-04-03 06:25 . 2012-04-03 06:25 -------- d-----w- c:\documents and settings\Chris\Application Data\TestApp
2012-04-03 06:05 . 2012-04-03 06:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-03 05:54 . 2012-04-03 05:54 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-03 00:02 . 2012-04-03 05:54 -------- d-----w- c:\program files\ERUNT
2012-04-02 21:59 . 2008-06-20 11:51 361600 -c----w- c:\windows\system32\dllcache\tcpip.sys
2012-04-02 17:04 . 2012-04-03 05:51 -------- d-s---w- c:\documents and settings\LocalService\UserData
2012-04-02 16:59 . 2012-04-09 21:53 -------- d-sh--w- c:\documents and settings\Chris\Local Settings\Application Data\ad7217cf
2012-04-02 06:46 . 2012-04-02 07:11 -------- d-----w- C:\UTSUSEMI
2012-04-02 02:31 . 2012-04-02 02:31 -------- d-----w- C:\NOMAD
2012-04-01 19:18 . 2012-04-01 19:21 -------- d-----w- c:\program files\ぴんくはてな
2012-04-01 19:07 . 2012-04-01 19:07 -------- d-----w- c:\program files\あかべぇそふとつぅTRY
2012-04-01 03:46 . 2012-04-01 03:46 -------- d-----w- c:\program files\アークシェル
2012-03-31 23:40 . 2012-03-31 23:40 -------- d-----w- c:\program files\DO
2012-03-31 15:31 . 2012-03-31 21:53 -------- d-----w- C:\ｱｲﾙ
2012-03-31 06:26 . 2012-04-03 05:48 -------- d-----w- c:\program files\教えてっ！おねてぃー
2012-03-31 04:36 . 2012-03-31 04:36 -------- d-----w- c:\program files\Vanadis
2012-03-31 02:58 . 2012-03-31 02:58 -------- d-----w- c:\program files\DualMage
2012-03-31 02:22 . 2012-03-31 02:24 -------- d-----w- c:\program files\euphoria
2012-03-31 02:17 . 2012-03-31 02:18 -------- d-----w- c:\documents and settings\Chris\Application Data\蠱惑の刻
2012-03-31 02:13 . 2012-03-31 02:17 -------- d-----w- c:\program files\蠱惑の刻
2012-03-30 21:46 . 2012-03-30 22:06 -------- d-----w- c:\program files\Acmeholic
2012-03-30 21:34 . 2012-03-30 21:34 -------- d-----w- c:\program files\SPEED
2012-03-30 20:42 . 2012-03-30 20:42 196616 ----a-w- c:\windows\system32\SARCheck.dll
2012-03-30 20:40 . 2012-03-30 20:45 -------- d-----w- c:\program files\ドキドキ母娘レッスン
2012-03-30 20:12 . 2012-03-30 20:12 -------- d-----w- C:\萌♂
2012-03-30 19:53 . 2012-03-30 19:53 -------- d-----w- C:\maika
2012-03-30 19:13 . 2012-03-31 00:04 -------- d-----w- c:\program files\touchable
2012-03-30 04:21 . 2012-03-30 04:21 -------- d-----w- c:\program files\Guilty
2012-03-30 02:41 . 2012-03-30 02:41 -------- d-----w- c:\program files\CLOCKUP
2012-03-30 01:53 . 2012-03-30 01:53 -------- d-----w- c:\program files\Atheros
2012-03-29 23:58 . 2001-08-17 17:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2012-03-29 23:56 . 2008-04-15 03:00 38912 -c--a-w- c:\windows\system32\dllcache\sm9aw.dll
2012-03-29 23:55 . 2001-08-17 17:50 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2012-03-29 23:55 . 2008-04-14 03:05 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
2012-03-29 23:55 . 2001-08-18 03:36 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll
2012-03-29 23:55 . 2001-08-17 17:50 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2012-03-29 23:55 . 2001-08-17 19:56 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2012-03-29 23:55 . 2001-08-17 17:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2012-03-29 23:55 . 2001-08-17 19:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2012-03-29 23:55 . 2001-08-17 17:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2012-03-29 23:55 . 2008-04-15 03:00 3901 -c--a-w- c:\windows\system32\dllcache\siint5.dll
2012-03-29 23:55 . 2012-04-03 00:37 -------- d-----w- C:\temp
2012-03-29 23:55 . 2001-07-21 19:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2012-03-29 23:54 . 2001-07-21 19:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2012-03-29 23:54 . 2001-08-17 17:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2012-03-29 23:54 . 2001-08-18 03:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2012-03-29 23:54 . 2001-08-17 17:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2012-03-29 23:54 . 2001-08-17 18:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2012-03-29 23:54 . 2001-08-17 18:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2012-03-29 23:54 . 2001-08-18 03:36 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2012-03-29 23:54 . 2001-08-17 18:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2012-03-29 23:54 . 2008-04-14 05:15 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2012-03-29 23:54 . 2001-08-17 18:52 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2012-03-29 23:54 . 2001-08-18 03:36 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2012-03-29 23:53 . 2001-08-17 18:51 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2012-03-29 23:53 . 2001-08-17 18:51 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
2012-03-29 23:53 . 2001-08-17 18:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2012-03-29 23:53 . 2001-08-17 18:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
2012-03-29 23:53 . 2008-04-15 03:00 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2012-03-29 23:53 . 2001-08-18 03:36 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
2012-03-29 23:53 . 2001-08-17 17:50 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
2012-03-29 23:53 . 2001-08-17 19:56 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
2012-03-29 23:53 . 2001-08-17 17:50 77824 -c--a-w- c:\windows\system32\dllcache\s3sav4m.sys
2012-03-29 23:53 . 2001-08-17 19:56 198400 -c--a-w- c:\windows\system32\dllcache\s3sav4.dll
2012-03-29 23:52 . 2001-08-17 17:50 61504 -c--a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2012-03-29 23:52 . 2001-08-17 19:56 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll
2012-03-29 23:52 . 2001-08-17 19:56 210496 -c--a-w- c:\windows\system32\dllcache\s3mvirge.dll
2012-03-29 23:52 . 2001-08-18 03:36 62496 -c--a-w- c:\windows\system32\dllcache\s3mtrio.dll
2012-03-29 23:52 . 2001-08-17 17:50 41216 -c--a-w- c:\windows\system32\dllcache\s3mt3d.sys
2012-03-29 23:52 . 2001-08-17 19:56 182272 -c--a-w- c:\windows\system32\dllcache\s3mt3d.dll
2012-03-29 23:52 . 2001-08-17 17:50 166720 -c--a-w- c:\windows\system32\dllcache\s3m.sys
2012-03-29 23:52 . 2001-08-17 18:57 65664 -c--a-w- c:\windows\system32\dllcache\s3legacy.sys
2012-03-29 23:52 . 2008-04-14 03:04 166912 -c--a-w- c:\windows\system32\dllcache\s3gnbm.sys
2012-03-29 23:52 . 2008-04-14 10:42 397056 -c--a-w- c:\windows\system32\dllcache\s3gnb.dll
2012-03-29 23:50 . 2001-08-18 03:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2012-03-29 23:49 . 2001-08-17 18:28 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2012-03-29 23:48 . 2001-08-17 19:07 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2012-03-29 23:48 . 2001-08-17 19:04 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
2012-03-29 23:48 . 2001-08-17 19:04 173696 -c--a-w- c:\windows\system32\dllcache\philcam2.sys
2012-03-29 23:48 . 2001-08-17 19:04 75776 -c--a-w- c:\windows\system32\dllcache\philcam1.sys
2012-03-29 23:48 . 2001-08-18 03:36 16384 -c--a-w- c:\windows\system32\dllcache\philcam1.dll
2012-03-29 23:48 . 2008-04-14 10:40 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll
2012-03-29 23:48 . 2008-04-14 05:14 28032 -c--a-w- c:\windows\system32\dllcache\perm3.sys
2012-03-29 23:48 . 2008-04-14 10:40 211584 -c--a-w- c:\windows\system32\dllcache\perm2dll.dll
2012-03-29 23:48 . 2008-04-14 05:14 27904 -c--a-w- c:\windows\system32\dllcache\perm2.sys
2012-03-29 23:48 . 2008-04-14 02:42 169984 -c--a-w- c:\windows\system32\dllcache\pcx500.sys
2012-03-29 23:48 . 2001-08-18 03:36 86016 -c--a-w- c:\windows\system32\dllcache\pctspk.exe
2012-03-29 23:48 . 2001-08-17 17:11 35328 -c--a-w- c:\windows\system32\dllcache\pcntpci5.sys
2012-03-29 23:47 . 2001-08-17 17:11 29769 -c--a-w- c:\windows\system32\dllcache\pcntn5m.sys
2012-03-29 23:47 . 2001-08-17 17:11 30282 -c--a-w- c:\windows\system32\dllcache\pcntn5hl.sys
2012-03-29 23:47 . 2001-08-17 17:12 26153 -c--a-w- c:\windows\system32\dllcache\pcmlm56.sys
2012-03-29 23:47 . 2008-04-14 03:05 29502 -c--a-w- c:\windows\system32\dllcache\pca200e.sys
2012-03-29 23:47 . 2001-08-17 17:12 30495 -c--a-w- c:\windows\system32\dllcache\pc100nds.sys
2012-03-29 23:47 . 2001-08-18 03:36 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2012-03-29 23:47 . 2001-08-18 03:36 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2012-03-29 23:47 . 2001-08-17 19:05 25216 -c--a-w- c:\windows\system32\dllcache\ovsound2.sys
2012-03-29 23:47 . 2001-08-18 03:36 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe
2012-03-29 23:47 . 2001-08-18 03:36 20480 -c--a-w- c:\windows\system32\dllcache\ovcomc.dll
2012-03-29 23:46 . 2001-08-17 19:05 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys
2012-03-29 23:46 . 2001-08-18 03:36 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
2012-03-29 23:46 . 2001-08-17 19:05 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
2012-03-29 23:46 . 2001-08-17 19:05 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
2012-03-29 23:46 . 2001-08-17 19:05 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2012-03-29 23:46 . 2001-08-17 19:05 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 21:49 . 2010-10-12 20:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 20:56 . 2009-02-23 14:59 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-24 20:28 . 2012-02-24 20:28 99728 ----a-r- c:\windows\system32\drivers\SZKG.sys
2012-02-24 20:28 . 2012-02-24 20:28 99728 ----a-r- c:\windows\system32\drivers\is3srv.sys
2012-02-23 19:09 . 2012-02-23 19:09 29008 ----a-r- c:\windows\system32\IS3XDat5.dll
2012-02-23 19:09 . 2012-02-23 19:09 390992 ----a-r- c:\windows\system32\IS3UI5.dll
2012-02-23 19:09 . 2012-02-23 19:09 231248 ----a-r- c:\windows\system32\IS3Win325.dll
2012-02-23 19:09 . 2012-02-23 19:09 100176 ----a-r- c:\windows\system32\IS3Svc5.dll
2012-02-23 19:09 . 2012-02-23 19:09 132944 ----a-r- c:\windows\system32\IS3HTUI5.dll
2012-02-23 19:09 . 2012-02-23 19:09 104272 ----a-r- c:\windows\system32\IS3Inet5.dll
2012-02-23 19:09 . 2012-02-23 19:09 67408 ----a-r- c:\windows\system32\IS3Hks5.dll
2012-02-23 19:09 . 2012-02-23 19:09 456528 ----a-r- c:\windows\system32\IS3DBA5.dll
2012-02-23 19:09 . 2012-02-23 19:09 808784 ----a-r- c:\windows\system32\IS3Base5.dll
2012-02-03 09:22 . 2008-04-15 03:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2010-06-02 10:22 . 2010-06-02 10:22 89944 ----a-w- c:\program files\DSETUP.dll
2010-06-02 10:22 . 2010-06-02 10:22 537432 ----a-w- c:\program files\DXSETUP.exe
2010-06-02 10:22 . 2010-06-02 10:22 1801048 ----a-w- c:\program files\dsetup32.dll
2012-03-13 04:39 . 2012-03-25 06:16 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-09_22.00.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2012-04-10 12:11 . 2012-04-10 12:11 16384 c:\windows\Temp\Perflib_Perfdata_664.dat
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2012-04-10 12:27 . 2012-04-10 12:27 219648 c:\windows\Installer\f0366.msi
+ 2012-04-10 12:12 . 2012-04-10 12:12 253952 c:\windows\ERDNT\AutoBackup\4-10-2012\Users\00000002\UsrClass.dat
+ 2012-04-10 12:12 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\4-10-2012\ERDNT.EXE
+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2012-04-10 12:12 . 2012-04-10 12:12 13766656 c:\windows\ERDNT\AutoBackup\4-10-2012\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\documents and settings\Chris\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-4 114688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
TPSvc.dll [BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ソ\ニア\\極楽バイパーランジェリー赤\\Bin\\VPLanRed.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Documents and Settings\\Chris\\My Documents\\Downloads\\STOPzilla_Setup.exe"=
"c:\\Program Files\\STOPzilla!\\distro-amzn-is3.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2/24/2012 3:28 PM 99728]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [3/29/2012 4:36 PM 72080]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/10/2012 7:29 AM 337880]
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files\VMLaunch\BuddyVM.sys [3/25/2009 12:56 PM 15488]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/10/2012 7:29 AM 20696]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [1/3/2011 5:10 AM 21992]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/23/2009 9:59 AM 654408]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/13/2009 8:33 PM 95200]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/23/2009 9:50 AM 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/23/2009 9:59 AM 22344]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2/24/2012 3:28 PM 99728]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/10/2012 7:29 AM 612184]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2/23/2009 1:15 AM 96856]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AAVMKER4
*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMON2
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI
*NewlyCreated* - AVAST!_ANTIVIRUS
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-10 16:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-123947885-3055150098-3939964369-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\EROTICA PEACH\0j00O0・n0ﾗS纐*0^7_6R'`竡ﾛcT0qN､N^]
"Order"=hex:08,00,00,00,02,00,00,00,22,01,00,00,01,00,00,00,02,00,00,00,80,00,
00,00,00,00,00,00,72,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,60,00,36,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\經USﾔg^F0U000ｿ該e*0}vO0痂・・sYSO_0a0^]
"UninstallString"="c:\\WINDOWS\\IsUn0411.exe -f\"c:\\Program Files\\アークシェル\\口唇包柔\\koushin.isu\""
"DisplayName"="口唇包柔～うさみみ調教　白く濡れる女体たち～"
.
[HKEY_LOCAL_MACHINE\software\S*t*u*d*i*o*ｪ尻`\ｴ0ﾋ0・]
"InstalledFolder"="c:\\Studio邪恋\\ゴニン！？"
.
[HKEY_LOCAL_MACHINE\software\｢0・ｯ0ｷ0ｧ0・\經USﾔg^F0U000ｿ該e*0}vO0痂・・sYSO_0a0^\1.00.000]
"srcpath"="d:\\koushin\\"
"dstpath"="c:\\Program Files\\アークシェル\\口唇包柔"
"Version"="0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(2604)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-04-10 16:29:33
ComboFix-quarantined-files.txt 2012-04-10 21:29
ComboFix2.txt 2012-04-09 22:07

**rockmypunkk** · 2012-04-10, 23:50

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_31
Run by Chris at 16:47:43 on 2012-04-10
Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.1012.358 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.msn.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - No File
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mRun: [LaunchApp] Alaunch
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\chris\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{FC95DAB5-2C4C-4702-8CED-AD0C49E9A417} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\chris\application data\mozilla\firefox\profiles\lrp7h7bg.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\browser\nppdf32(2).dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2012-2-24 99728]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2012-3-29 72080]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-4-10 337880]
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files\vmlaunch\BuddyVM.sys [2009-3-25 15488]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-4-10 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-4-10 44768]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-1-3 21992]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-2-23 654408]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-10-13 95200]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-2-23 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-2-23 22344]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2012-2-24 99728]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-4-10 612184]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-2-23 96856]
.
=============== Created Last 30 ================
.
2012-04-10 21:12:06 -------- d-----w- C:\ComboFix
2012-04-10 12:29:14 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-10 12:26:08 41184 ----a-w- c:\windows\avastSS.scr
2012-04-10 12:24:39 -------- d-----w- c:\program files\AVAST Software
2012-04-10 12:24:39 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-04-09 21:31:44 -------- d-sha-r- C:\cmdcons
2012-04-09 21:29:56 98816 ----a-w- c:\windows\sed.exe
2012-04-09 21:29:56 208896 ----a-w- c:\windows\MBR.exe
2012-04-04 21:50:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-03 06:29:47 42864 ----a-r- c:\windows\system32\SBBD.EXE
2012-04-03 06:29:47 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-04-03 06:29:38 -------- d-----w- c:\program files\STOPzilla!
2012-04-03 06:29:36 -------- d-----w- c:\program files\common files\iS3
2012-04-03 06:29:35 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
2012-04-03 06:25:39 -------- d-----w- c:\program files\common files\PC Tools
2012-04-03 06:25:03 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-04-03 06:25:02 -------- d-----w- c:\documents and settings\chris\application data\TestApp
2012-04-03 06:05:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-03 05:54:22 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-04-03 05:54:22 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-02 21:59:33 361600 -c----w- c:\windows\system32\dllcache\tcpip.sys
2012-04-02 16:59:25 -------- d-sh--w- c:\documents and settings\chris\local settings\application data\ad7217cf
2012-04-02 06:46:29 -------- d-----w- C:\UTSUSEMI
2012-04-02 02:31:02 -------- d-----w- C:\NOMAD
2012-04-01 19:18:06 -------- d-----w- c:\program files\ぴんくはてな
2012-04-01 19:07:44 -------- d-----w- c:\program files\あかべぇそふとつぅTRY
2012-04-01 03:46:15 -------- d-----w- c:\program files\アークシェル
2012-03-31 23:40:13 -------- d-----w- c:\program files\DO
2012-03-31 15:31:03 -------- d-----w- C:\ｱｲﾙ
2012-03-31 06:26:39 -------- d-----w- c:\program files\教えてっ！おねてぃー
2012-03-31 04:36:39 -------- d-----w- c:\program files\Vanadis
2012-03-31 02:58:20 -------- d-----w- c:\program files\DualMage
2012-03-31 02:22:04 -------- d-----w- c:\program files\euphoria
2012-03-31 02:17:36 -------- d-----w- c:\documents and settings\chris\application data\蠱惑の刻
2012-03-31 02:13:10 -------- d-----w- c:\program files\蠱惑の刻
2012-03-30 21:46:33 -------- d-----w- c:\program files\Acmeholic
2012-03-30 21:34:55 -------- d-----w- c:\program files\SPEED
2012-03-30 20:42:54 196616 ----a-w- c:\windows\system32\SARCheck.dll
2012-03-30 20:40:02 -------- d-----w- c:\program files\ドキドキ母娘レッスン
2012-03-30 20:12:38 -------- d-----w- C:\萌♂
2012-03-30 19:53:25 -------- d-----w- C:\maika
2012-03-30 19:13:04 -------- d-----w- c:\program files\touchable
2012-03-30 04:21:50 -------- d-----w- c:\program files\Guilty
2012-03-30 02:41:47 -------- d-----w- c:\program files\CLOCKUP
2012-03-30 01:53:23 -------- d-----w- c:\program files\Atheros
2012-03-29 23:58:08 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2012-03-29 23:56:55 38912 -c--a-w- c:\windows\system32\dllcache\sm9aw.dll
2012-03-29 23:55:59 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2012-03-29 23:55:57 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
2012-03-29 23:55:50 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll
2012-03-29 23:55:43 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2012-03-29 23:55:36 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2012-03-29 23:55:29 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2012-03-29 23:55:22 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2012-03-29 23:55:15 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2012-03-29 23:55:14 3901 -c--a-w- c:\windows\system32\dllcache\siint5.dll
2012-03-29 23:55:13 -------- d-----w- C:\temp
2012-03-29 23:55:03 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2012-03-29 23:54:56 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2012-03-29 23:54:50 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2012-03-29 23:54:43 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2012-03-29 23:54:36 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2012-03-29 23:54:28 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2012-03-29 23:54:22 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2012-03-29 23:54:21 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2012-03-29 23:54:14 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2012-03-29 23:54:13 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2012-03-29 23:54:06 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2012-03-29 23:54:05 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2012-03-29 23:53:58 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2012-03-29 23:53:51 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
2012-03-29 23:53:44 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2012-03-29 23:53:37 23936 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
2012-03-29 23:53:36 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2012-03-29 23:53:29 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
2012-03-29 23:53:21 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
2012-03-29 23:53:15 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
2012-03-29 23:53:08 77824 -c--a-w- c:\windows\system32\dllcache\s3sav4m.sys
2012-03-29 23:53:01 198400 -c--a-w- c:\windows\system32\dllcache\s3sav4.dll
2012-03-29 23:52:54 61504 -c--a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2012-03-29 23:52:47 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll
2012-03-29 23:52:41 210496 -c--a-w- c:\windows\system32\dllcache\s3mvirge.dll
2012-03-29 23:52:34 62496 -c--a-w- c:\windows\system32\dllcache\s3mtrio.dll
2012-03-29 23:52:27 41216 -c--a-w- c:\windows\system32\dllcache\s3mt3d.sys
2012-03-29 23:52:21 182272 -c--a-w- c:\windows\system32\dllcache\s3mt3d.dll
2012-03-29 23:52:14 166720 -c--a-w- c:\windows\system32\dllcache\s3m.sys
2012-03-29 23:52:07 65664 -c--a-w- c:\windows\system32\dllcache\s3legacy.sys
2012-03-29 23:52:06 166912 -c--a-w- c:\windows\system32\dllcache\s3gnbm.sys
2012-03-29 23:52:05 397056 -c--a-w- c:\windows\system32\dllcache\s3gnb.dll
2012-03-29 23:50:57 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2012-03-29 23:49:59 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2012-03-29 23:48:57 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2012-03-29 23:48:51 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
2012-03-29 23:48:45 173696 -c--a-w- c:\windows\system32\dllcache\philcam2.sys
2012-03-29 23:48:38 75776 -c--a-w- c:\windows\system32\dllcache\philcam1.sys
2012-03-29 23:48:32 16384 -c--a-w- c:\windows\system32\dllcache\philcam1.dll
2012-03-29 23:48:24 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll
2012-03-29 23:48:23 28032 -c--a-w- c:\windows\system32\dllcache\perm3.sys
2012-03-29 23:48:22 211584 -c--a-w- c:\windows\system32\dllcache\perm2dll.dll
2012-03-29 23:48:21 27904 -c--a-w- c:\windows\system32\dllcache\perm2.sys
2012-03-29 23:48:19 169984 -c--a-w- c:\windows\system32\dllcache\pcx500.sys
2012-03-29 23:48:12 86016 -c--a-w- c:\windows\system32\dllcache\pctspk.exe
2012-03-29 23:48:06 35328 -c--a-w- c:\windows\system32\dllcache\pcntpci5.sys
2012-03-29 23:47:59 29769 -c--a-w- c:\windows\system32\dllcache\pcntn5m.sys
2012-03-29 23:47:53 30282 -c--a-w- c:\windows\system32\dllcache\pcntn5hl.sys
2012-03-29 23:47:46 26153 -c--a-w- c:\windows\system32\dllcache\pcmlm56.sys
2012-03-29 23:47:45 29502 -c--a-w- c:\windows\system32\dllcache\pca200e.sys
2012-03-29 23:47:39 30495 -c--a-w- c:\windows\system32\dllcache\pc100nds.sys
2012-03-29 23:47:31 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2012-03-29 23:47:25 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2012-03-29 23:47:18 25216 -c--a-w- c:\windows\system32\dllcache\ovsound2.sys
2012-03-29 23:47:12 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe
2012-03-29 23:47:05 20480 -c--a-w- c:\windows\system32\dllcache\ovcomc.dll
2012-03-29 23:46:59 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys
2012-03-29 23:46:52 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
2012-03-29 23:46:46 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
2012-03-29 23:46:40 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
2012-03-29 23:46:33 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2012-03-29 23:46:27 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2012-03-29 23:46:20 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2012-03-29 23:46:14 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2012-03-29 23:46:07 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2012-03-29 23:46:01 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2012-03-29 23:44:53 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2012-03-29 23:44:51 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2012-03-29 23:44:42 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2012-03-29 23:44:34 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2012-03-29 23:44:28 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2012-03-29 23:44:21 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys
2012-03-29 23:44:13 91488 -c--a-w- c:\windows\system32\dllcache\n9i3disp.dll
2012-03-29 23:44:07 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys
2012-03-29 23:44:01 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys
2012-03-29 23:43:55 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll
2012-03-29 23:43:48 13664 -c--a-w- c:\windows\system32\dllcache\n9i128.sys
2012-03-29 23:43:43 35392 -c--a-w- c:\windows\system32\dllcache\n9i128.dll
2012-03-29 23:43:37 128000 -c--a-w- c:\windows\system32\dllcache\n100325.sys
2012-03-29 23:43:31 52255 -c--a-w- c:\windows\system32\dllcache\n1000nt5.sys
2012-03-29 23:43:25 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2012-03-29 23:43:18 7168 -c--a-w- c:\windows\system32\dllcache\mxport.dll
2012-03-29 23:43:13 19968 -c--a-w- c:\windows\system32\dllcache\mxnic.sys
2012-03-29 23:43:08 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll
2012-03-29 23:43:02 21888 -c--a-w- c:\windows\system32\dllcache\mxcard.sys
2012-03-29 23:43:01 12672 -c--a-w- c:\windows\system32\dllcache\mutohpen.sys
2012-03-29 23:41:58 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2012-03-29 23:41:38 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2012-03-29 23:41:30 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2012-03-29 23:41:29 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2012-03-29 23:41:28 34304 -c--a-w- c:\windows\system32\dllcache\migisol.exe
2012-03-29 23:41:22 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2012-03-29 23:41:16 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2012-03-29 23:41:15 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2012-03-29 23:41:15 92032 -c--a-w- c:\windows\system32\dllcache\mga.dll
2012-03-29 23:41:14 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2012-03-29 23:41:08 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2012-03-29 23:41:02 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2012-03-29 23:39:55 727786 -c--a-w- c:\windows\system32\dllcache\ltck000c.sys
2012-03-29 23:39:49 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
2012-03-29 23:39:42 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2012-03-29 23:39:37 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2012-03-29 23:39:31 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
2012-03-29 23:39:31 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2012-03-29 23:39:25 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2012-03-29 23:39:25 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2012-03-29 23:39:19 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2012-03-29 23:39:13 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2012-03-29 23:39:07 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2012-03-29 23:39:05 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2012-03-29 23:39:03 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2012-03-29 23:37:59 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2012-03-29 23:37:53 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
2012-03-29 23:37:48 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
2012-03-29 23:37:43 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
2012-03-29 23:37:37 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2012-03-29 23:37:32 61952 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll
2012-03-29 23:37:27 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
2012-03-29 23:37:21 26624 -c--a-w- c:\windows\system32\dllcache\icam3ext.dll
2012-03-29 23:37:16 141056 -c--a-w- c:\windows\system32\dllcache\icam3.sys
2012-03-29 23:37:11 38528 -c--a-w- c:\windows\system32\dllcache\ibmvcap.sys
2012-03-29 23:37:06 109085 -c--a-w- c:\windows\system32\dllcache\ibmtrp.sys
2012-03-29 23:37:01 100936 -c--a-w- c:\windows\system32\dllcache\ibmtok.sys
2012-03-29 23:35:55 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys
2012-03-29 23:35:51 9759 -c--a-w- c:\windows\system32\dllcache\hsf_inst.dll
2012-03-29 23:35:46 115807 -c--a-w- c:\windows\system32\dllcache\hsf_fsks.sys
2012-03-29 23:35:41 199711 -c--a-w- c:\windows\system32\dllcache\hsf_faxx.sys
2012-03-29 23:35:35 289887 -c--a-w- c:\windows\system32\dllcache\hsf_fall.sys
2012-03-29 23:35:30 67167 -c--a-w- c:\windows\system32\dllcache\hsf_bsc2.sys
2012-03-29 23:35:25 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys
2012-03-29 23:35:20 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2012-03-29 23:35:15 5760 -c--a-w- c:\windows\system32\dllcache\hpt4qic.sys
2012-03-29 23:35:10 13312 -c--a-w- c:\windows\system32\dllcache\hpsjmcro.dll
2012-03-29 23:35:06 324608 -c--a-w- c:\windows\system32\dllcache\hpojwia.dll
2012-03-29 23:35:01 32768 -c--a-w- c:\windows\system32\dllcache\hpgtmcro.dll
2012-03-29 23:33:56 8576 -c--a-w- c:\windows\system32\dllcache\hidgame.sys
2012-03-29 23:32:57 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2012-03-29 23:31:58 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys
2012-03-29 23:30:59 61952 -c--a-w- c:\windows\system32\dllcache\eqnloop.exe
2012-03-29 23:29:57 634134 -c--a-w- c:\windows\system32\dllcache\el656ct5.sys
2012-03-29 23:28:59 37962 -c--a-w- c:\windows\system32\dllcache\divaprop.dll
2012-03-29 23:27:57 7424 -c--a-w- c:\windows\system32\dllcache\ddsmc.sys
2012-03-29 23:26:58 42112 -c--a-w- c:\windows\system32\dllcache\crtaud.sys
2012-03-29 23:25:58 74240 -c--a-w- c:\windows\system32\dllcache\camexo20.dll
2012-03-29 23:24:59 342336 -c--a-w- c:\windows\system32\dllcache\banshee.dll
2012-03-29 23:23:59 327040 -c--a-w- c:\windows\system32\dllcache\ati2mtaa.sys
2012-03-29 23:22:57 32827 -c--a-w- c:\windows\system32\dllcache\tcptest.exe
2012-03-29 23:13:24 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2012-03-29 23:13:24 18944 ----a-w- c:\windows\system32\simptcp.dll
2012-03-29 23:12:32 18944 -c--a-w- c:\windows\system32\dllcache\lprmon.dll
2012-03-29 23:12:32 18944 ----a-w- c:\windows\system32\lprmon.dll
2012-03-29 23:12:31 22528 -c--a-w- c:\windows\system32\dllcache\lpdsvc.dll
2012-03-29 23:12:31 22528 ----a-w- c:\windows\system32\lpdsvc.dll
2012-03-29 22:15:45 -------- d-----w- C:\CLOCKUP
2012-03-29 21:59:36 23376 ----a-r- c:\windows\system32\SZIO5.dll
2012-03-29 21:59:24 546640 ----a-r- c:\windows\system32\SZComp5.dll
2012-03-29 21:59:18 481104 ----a-r- c:\windows\system32\SZBase5.dll
2012-03-29 21:36:48 72080 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
2012-03-29 20:57:43 -------- d-----w- c:\program files\eclipse
2012-03-26 03:07:01 -------- d-----w- c:\program files\TinkerBell
2012-03-25 07:04:30 -------- d-----w- c:\program files\ソニア
2012-03-25 06:13:51 3072 ------w- c:\windows\system32\iacenc.dll
.
==================== Find3M ====================
.
2012-04-04 21:49:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-24 20:28:26 99728 ----a-r- c:\windows\system32\drivers\SZKG.sys
2012-02-24 20:28:26 99728 ----a-r- c:\windows\system32\drivers\is3srv.sys
2012-02-23 19:09:44 29008 ----a-r- c:\windows\system32\IS3XDat5.dll
2012-02-23 19:09:42 390992 ----a-r- c:\windows\system32\IS3UI5.dll
2012-02-23 19:09:42 231248 ----a-r- c:\windows\system32\IS3Win325.dll
2012-02-23 19:09:40 100176 ----a-r- c:\windows\system32\IS3Svc5.dll
2012-02-23 19:09:34 132944 ----a-r- c:\windows\system32\IS3HTUI5.dll
2012-02-23 19:09:34 104272 ----a-r- c:\windows\system32\IS3Inet5.dll
2012-02-23 19:09:32 67408 ----a-r- c:\windows\system32\IS3Hks5.dll
2012-02-23 19:09:32 456528 ----a-r- c:\windows\system32\IS3DBA5.dll
2012-02-23 19:09:30 808784 ----a-r- c:\windows\system32\IS3Base5.dll
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2010-06-02 10:22:02 89944 ----a-w- c:\program files\DSETUP.dll
2010-06-02 10:22:02 537432 ----a-w- c:\program files\DXSETUP.exe
2010-06-02 10:22:02 1801048 ----a-w- c:\program files\dsetup32.dll
.
============= FINISH: 16:48:57.57 ===============

**rockmypunkk** · 2012-04-10, 23:52

dds attach log

**diver79** · 2012-04-11, 00:04

Hi rockmypunkk,

Try the following in relation to the wireless connection issue.

Click on Start > Run
Type cmd and press enter.
At the prompt type ipconfig/flushdns and press Enter.
Now type netsh interface ip delete arpcache and press enter.

Now try repairing the adaptor and see if it works.

Next we will check for additional infections with ESET's Online scanner.

ESET Online Scanner:
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your Avast! Anti-Virus.

Disable Antivirus

Right Click on the Avast! icon in the System tray and select Avast Shields Control.
Select Disable until Computer is restarted.

Please go here to run the scan.

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on:
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

**rockmypunkk** · 2012-04-11, 02:31

Okay flushing the dns didn't work it's still failing at the same spot for repairing the connection, and sorry that took so long I didn't think it would take 2 hours

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=501cac3573c1eb479ed66d34cc5fa4fa
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-10 10:43:36
# local_time=2012-04-10 05:43:36 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=9833
# found=2
# cleaned=0
# scan_time=1533
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Cache(3)\3C4BBE48d01 JS/Exploit.Agent.NBQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Cache(4)\8466DE95d01 JS/Exploit.Agent.NBU trojan (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=501cac3573c1eb479ed66d34cc5fa4fa
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-11 12:25:52
# local_time=2012-04-10 07:25:52 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=67714
# found=13
# cleaned=0
# scan_time=6021
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Cache(3)\3C4BBE48d01 JS/Exploit.Agent.NBQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Cache(4)\8466DE95d01 JS/Exploit.Agent.NBU trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP550\A0208398.exe probably a variant of Win32/Agent.JXWYDNA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP552\A0209457.exe probably a variant of Win32/Agent.JXWYDNA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP557\A0210977.dll a variant of Win32/Kryptik.WRL trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP576\A0222048.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP576\A0222096.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP578\A0222135.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP579\A0222473.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP580\A0222537.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP581\A0222671.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP583\A0224711.dll Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP589\A0228665.dll a variant of Win32/Kryptik.WRL trojan (unable to clean) 0000000000000000000000000000000

**diver79** · 2012-04-11, 18:24

Hi rockmypunkk,

Logs are looking good, only a couple of items to remove now. See instructions below to run the OTL script and the MiniToolBox report.

Besides the wireless connection issue are you having any other problems?

Run OTL Script
We need to run an OTL Fix

Double-click OTL.exe to start the program.

Copy and Paste the following code into the

textbox. Do not include the word Code

Code:

:files
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Cache(3)\3C4BBE48d01	
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Cache(4)\8466DE95d01
:commands
[EMPTYTEMP]
[CREATERESTOREPOINT]

Then click the Run Fix button at the top.
Click .
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Double click on MiniToolBox.exe to run it.
Please check (tick) the following options:
- Flush DNS
- List IP Configuration
- List Winsock Entries
- List Last 10 Event Viewer Errors
- List Devices (Only Problems)
Click on the GO button. A log will open.
Please post the contents of this log. It can also be found on the desktop as Result.txt.

**rockmypunkk** · 2012-04-11, 18:49

Is it normal for OTL to become unresponsive while killing tasks? Its been like that for 10 minutes i closed all open programs and disabled avast teatimer and mbam

Thread: ABnow.com Google redirect infection

Thread Tools

Display

Posting Permissions