View Full Version : XP Malware Infection
I removed a number of malware infections from this Old XP system using spybot, malwarebytes anti malware and superAntiSpyware. After removal the system is still a little slow and still hangs occasionally. Request dumps follow:
Thanks so much for your help....
Regards,
Roger
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.17.2
Run by Owner at 0:57:30 on 2013-03-19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.118 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\DAILYB~2\bar\1.bin\2vbrmon.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/?fr=fp-reg
mDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-reg
uProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: <No Name>: {f15ff29f-85a1-43cd-9674-e5ba40016c97} - c:\program files\dailybibleguide\bar\1.bin\2vSrcAs.dll
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Search Assistant BHO: {0631bff0-6846-48ca-982d-d62d7f376e97} - c:\program files\dailybibleguide\bar\1.bin\2vSrcAs.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: DailyBibleGuide: {2A942AB7-2073-49BC-A7E1-77E93835889A} - c:\program files\dailybibleguide\bar\1.bin\2vbar.dll
TB: DailyBibleGuide: {2a942ab7-2073-49bc-a7e1-77e93835889a} - c:\program files\dailybibleguide\bar\1.bin\2vbar.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [DailyBibleGuide Browser Plugin Loader] c:\progra~1\dailyb~2\bar\1.bin\2vbrmon.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Search - http://tbedits.dailybibleguide.com/one-toolbaredits/menusearch.jhtml?s=100000422&p=XMxdm002YYus&si=CJfAvun_1qoCFSY0QgodwmaO8A&a=8110F644-0280-403C-83A5-BEC48B101D31&n=2011081714&cv=1
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183158141578
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1363115980328
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxp://www.iolo.com/app/ocx/UpgradeVerify.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{761A3CB6-7D73-448C-95E5-FFBC61A7A38C} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{7920C8EB-C091-494F-ACC1-87906D4CCDA4} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{809C77B1-840A-41C1-BB73-C54246D4BE71} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DEE8850C-9EF6-4F98-9470-C638C1031ABA} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{F216FC57-6B39-435F-8C98-D3501C351548} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - <orphaned>
LSA: Authentication Packages = msv1_0 c:\windows\system32\fcccDWnn
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\ujmir2r4.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\dailybibleguide\bar\1.bin\NP2vStub.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1200112.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-03-12 23:07; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: !HIDDEN! 2011-09-21 17:28; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-12 49248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-3-12 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-3-12 368176]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-3-12 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-12 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-3-12 45248]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-6-6 22528]
S1 acapobnt;acapobnt;\??\c:\windows\system32\drivers\acapobnt.sys --> c:\windows\system32\drivers\acapobnt.sys [?]
S1 aooqzfkv;aooqzfkv;\??\c:\windows\system32\drivers\aooqzfkv.sys --> c:\windows\system32\drivers\aooqzfkv.sys [?]
S1 bhyfjttu;bhyfjttu;\??\c:\windows\system32\drivers\bhyfjttu.sys --> c:\windows\system32\drivers\bhyfjttu.sys [?]
S1 bidduafb;bidduafb;\??\c:\windows\system32\drivers\bidduafb.sys --> c:\windows\system32\drivers\bidduafb.sys [?]
S1 btqencwd;btqencwd;\??\c:\windows\system32\drivers\btqencwd.sys --> c:\windows\system32\drivers\btqencwd.sys [?]
S1 cobfbjwl;cobfbjwl;\??\c:\windows\system32\drivers\cobfbjwl.sys --> c:\windows\system32\drivers\cobfbjwl.sys [?]
S1 cotjizqd;cotjizqd;\??\c:\windows\system32\drivers\cotjizqd.sys --> c:\windows\system32\drivers\cotjizqd.sys [?]
S1 cpkxgqkd;cpkxgqkd;\??\c:\windows\system32\drivers\cpkxgqkd.sys --> c:\windows\system32\drivers\cpkxgqkd.sys [?]
S1 dnvnfsqq;dnvnfsqq;\??\c:\windows\system32\drivers\dnvnfsqq.sys --> c:\windows\system32\drivers\dnvnfsqq.sys [?]
S1 dpfsnadk;dpfsnadk;\??\c:\windows\system32\drivers\dpfsnadk.sys --> c:\windows\system32\drivers\dpfsnadk.sys [?]
S1 efababwt;efababwt;\??\c:\windows\system32\drivers\efababwt.sys --> c:\windows\system32\drivers\efababwt.sys [?]
S1 ektsmhwj;ektsmhwj;\??\c:\windows\system32\drivers\ektsmhwj.sys --> c:\windows\system32\drivers\ektsmhwj.sys [?]
S1 fdcrelxp;fdcrelxp;\??\c:\windows\system32\drivers\fdcrelxp.sys --> c:\windows\system32\drivers\fdcrelxp.sys [?]
S1 fkxyoehu;fkxyoehu;\??\c:\windows\system32\drivers\fkxyoehu.sys --> c:\windows\system32\drivers\fkxyoehu.sys [?]
S1 gebzlrlk;gebzlrlk;\??\c:\windows\system32\drivers\gebzlrlk.sys --> c:\windows\system32\drivers\gebzlrlk.sys [?]
S1 gedwlpgw;gedwlpgw;\??\c:\windows\system32\drivers\gedwlpgw.sys --> c:\windows\system32\drivers\gedwlpgw.sys [?]
S1 gpzpzghy;gpzpzghy;\??\c:\windows\system32\drivers\gpzpzghy.sys --> c:\windows\system32\drivers\gpzpzghy.sys [?]
S1 gvqjuowd;gvqjuowd;\??\c:\windows\system32\drivers\gvqjuowd.sys --> c:\windows\system32\drivers\gvqjuowd.sys [?]
S1 gxdpbakh;gxdpbakh;\??\c:\windows\system32\drivers\gxdpbakh.sys --> c:\windows\system32\drivers\gxdpbakh.sys [?]
S1 hndsgtav;hndsgtav;\??\c:\windows\system32\drivers\hndsgtav.sys --> c:\windows\system32\drivers\hndsgtav.sys [?]
S1 igsctoce;igsctoce;\??\c:\windows\system32\drivers\igsctoce.sys --> c:\windows\system32\drivers\igsctoce.sys [?]
S1 ivhxmuji;ivhxmuji;\??\c:\windows\system32\drivers\ivhxmuji.sys --> c:\windows\system32\drivers\ivhxmuji.sys [?]
S1 jmhoyzku;jmhoyzku;\??\c:\windows\system32\drivers\jmhoyzku.sys --> c:\windows\system32\drivers\jmhoyzku.sys [?]
S1 jrgsvfah;jrgsvfah;\??\c:\windows\system32\drivers\jrgsvfah.sys --> c:\windows\system32\drivers\jrgsvfah.sys [?]
S1 jvdkoect;jvdkoect;\??\c:\windows\system32\drivers\jvdkoect.sys --> c:\windows\system32\drivers\jvdkoect.sys [?]
S1 jwywzfus;jwywzfus;\??\c:\windows\system32\drivers\jwywzfus.sys --> c:\windows\system32\drivers\jwywzfus.sys [?]
S1 kksrsxsu;kksrsxsu;\??\c:\windows\system32\drivers\kksrsxsu.sys --> c:\windows\system32\drivers\kksrsxsu.sys [?]
S1 kmwsavhf;kmwsavhf;\??\c:\windows\system32\drivers\kmwsavhf.sys --> c:\windows\system32\drivers\kmwsavhf.sys [?]
S1 kpvdewvl;kpvdewvl;\??\c:\windows\system32\drivers\kpvdewvl.sys --> c:\windows\system32\drivers\kpvdewvl.sys [?]
S1 kqooxgfm;kqooxgfm;\??\c:\windows\system32\drivers\kqooxgfm.sys --> c:\windows\system32\drivers\kqooxgfm.sys [?]
S1 krgdkxtt;krgdkxtt;\??\c:\windows\system32\drivers\krgdkxtt.sys --> c:\windows\system32\drivers\krgdkxtt.sys [?]
S1 mgdhinqs;mgdhinqs;\??\c:\windows\system32\drivers\mgdhinqs.sys --> c:\windows\system32\drivers\mgdhinqs.sys [?]
S1 moheurgu;moheurgu;\??\c:\windows\system32\drivers\moheurgu.sys --> c:\windows\system32\drivers\moheurgu.sys [?]
S1 mzdhocmu;mzdhocmu;\??\c:\windows\system32\drivers\mzdhocmu.sys --> c:\windows\system32\drivers\mzdhocmu.sys [?]
S1 nhbmzbqi;nhbmzbqi;\??\c:\windows\system32\drivers\nhbmzbqi.sys --> c:\windows\system32\drivers\nhbmzbqi.sys [?]
S1 nnytfnut;nnytfnut;\??\c:\windows\system32\drivers\nnytfnut.sys --> c:\windows\system32\drivers\nnytfnut.sys [?]
S1 ntxuocjj;ntxuocjj;\??\c:\windows\system32\drivers\ntxuocjj.sys --> c:\windows\system32\drivers\ntxuocjj.sys [?]
S1 omsohsgh;omsohsgh;\??\c:\windows\system32\drivers\omsohsgh.sys --> c:\windows\system32\drivers\omsohsgh.sys [?]
S1 phtiekcm;phtiekcm;\??\c:\windows\system32\drivers\phtiekcm.sys --> c:\windows\system32\drivers\phtiekcm.sys [?]
S1 psyzlqbb;psyzlqbb;\??\c:\windows\system32\drivers\psyzlqbb.sys --> c:\windows\system32\drivers\psyzlqbb.sys [?]
S1 pvahfsge;pvahfsge;\??\c:\windows\system32\drivers\pvahfsge.sys --> c:\windows\system32\drivers\pvahfsge.sys [?]
S1 qzgvgiis;qzgvgiis;\??\c:\windows\system32\drivers\qzgvgiis.sys --> c:\windows\system32\drivers\qzgvgiis.sys [?]
S1 rkakihbx;rkakihbx;\??\c:\windows\system32\drivers\rkakihbx.sys --> c:\windows\system32\drivers\rkakihbx.sys [?]
S1 rninkmgf;rninkmgf;\??\c:\windows\system32\drivers\rninkmgf.sys --> c:\windows\system32\drivers\rninkmgf.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S1 scdqwdil;scdqwdil;\??\c:\windows\system32\drivers\scdqwdil.sys --> c:\windows\system32\drivers\scdqwdil.sys [?]
S1 tanbdmrv;tanbdmrv;\??\c:\windows\system32\drivers\tanbdmrv.sys --> c:\windows\system32\drivers\tanbdmrv.sys [?]
S1 ttdsztdz;ttdsztdz;\??\c:\windows\system32\drivers\ttdsztdz.sys --> c:\windows\system32\drivers\ttdsztdz.sys [?]
S1 uawagoej;uawagoej;\??\c:\windows\system32\drivers\uawagoej.sys --> c:\windows\system32\drivers\uawagoej.sys [?]
S1 uezbgkmd;uezbgkmd;\??\c:\windows\system32\drivers\uezbgkmd.sys --> c:\windows\system32\drivers\uezbgkmd.sys [?]
S1 ufifbxdk;ufifbxdk;\??\c:\windows\system32\drivers\ufifbxdk.sys --> c:\windows\system32\drivers\ufifbxdk.sys [?]
S1 uhaiwvop;uhaiwvop;\??\c:\windows\system32\drivers\uhaiwvop.sys --> c:\windows\system32\drivers\uhaiwvop.sys [?]
S1 uibqjwsm;uibqjwsm;\??\c:\windows\system32\drivers\uibqjwsm.sys --> c:\windows\system32\drivers\uibqjwsm.sys [?]
S1 utnfmtab;utnfmtab;\??\c:\windows\system32\drivers\utnfmtab.sys --> c:\windows\system32\drivers\utnfmtab.sys [?]
S1 uuszovga;uuszovga;\??\c:\windows\system32\drivers\uuszovga.sys --> c:\windows\system32\drivers\uuszovga.sys [?]
S1 uxoezycr;uxoezycr;\??\c:\windows\system32\drivers\uxoezycr.sys --> c:\windows\system32\drivers\uxoezycr.sys [?]
S1 uynchbdx;uynchbdx;\??\c:\windows\system32\drivers\uynchbdx.sys --> c:\windows\system32\drivers\uynchbdx.sys [?]
S1 vwuypbxr;vwuypbxr;\??\c:\windows\system32\drivers\vwuypbxr.sys --> c:\windows\system32\drivers\vwuypbxr.sys [?]
S1 wasxpmgw;wasxpmgw;\??\c:\windows\system32\drivers\wasxpmgw.sys --> c:\windows\system32\drivers\wasxpmgw.sys [?]
S1 whjbtbls;whjbtbls;\??\c:\windows\system32\drivers\whjbtbls.sys --> c:\windows\system32\drivers\whjbtbls.sys [?]
S1 wjsetgzq;wjsetgzq;\??\c:\windows\system32\drivers\wjsetgzq.sys --> c:\windows\system32\drivers\wjsetgzq.sys [?]
S1 xkyflovj;xkyflovj;\??\c:\windows\system32\drivers\xkyflovj.sys --> c:\windows\system32\drivers\xkyflovj.sys [?]
S1 yahtalmn;yahtalmn;\??\c:\windows\system32\drivers\yahtalmn.sys --> c:\windows\system32\drivers\yahtalmn.sys [?]
S1 ywpgxnsc;ywpgxnsc;\??\c:\windows\system32\drivers\ywpgxnsc.sys --> c:\windows\system32\drivers\ywpgxnsc.sys [?]
S1 zjztvedg;zjztvedg;\??\c:\windows\system32\drivers\zjztvedg.sys --> c:\windows\system32\drivers\zjztvedg.sys [?]
S2 DailyBibleGuideService;DailyBibleGuideService;c:\progra~1\dailyb~2\bar\1.bin\2vbarsvc.exe [2011-8-17 42504]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-12 164736]
S3 AX88172;NETGEAR FA120 USB 2.0 Fast Ethernet Adapter;c:\windows\system32\drivers\FA120.sys [2008-1-15 14048]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 342784]
S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\sasenum.sys --> c:\program files\superantispyware\SASENUM.SYS [?]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=NOTEPAD.EXE %1
FileExt: .vbs: VBSFile=NOTEPAD.EXE %1
FileExt: .js: JSFile=NOTEPAD.EXE %1
FileExt: .jse: JSEFile=NOTEPAD.EXE %1
FileExt: .wsf: WSFFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2013-03-15 23:57:14 -------- d-----w- c:\documents and settings\owner\local settings\application data\Sun
2013-03-13 07:43:48 -------- d-----w- c:\program files\Bonjour
2013-03-13 06:08:01 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-13 06:08:01 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-13 06:08:01 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-13 06:08:00 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-13 06:06:39 41664 ----a-w- c:\windows\avastSS.scr
2013-03-13 06:05:59 -------- d-----w- c:\program files\AVAST Software
2013-03-13 06:05:21 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2013-03-12 22:31:33 -------- d-----w- c:\windows\system32\Adobe
2013-03-12 22:15:09 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-12 22:15:09 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-12 22:15:08 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-12 22:14:58 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-12 21:49:09 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-03-12 21:49:02 865744 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2013-03-12 21:49:02 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2013-03-12 19:21:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-12 19:21:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-03-12 10:45:35 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2013-03-12 07:07:24 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-12 07:07:24 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-12 06:45:41 -------- d-----w- C:\Computer
2013-03-12 06:41:41 -------- d-----w- c:\program files\CCleaner
2013-03-12 05:29:25 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2013-03-12 05:29:25 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-03-12 05:29:18 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2013-03-12 05:29:18 21504 ----a-w- c:\windows\system32\hidserv.dll
2013-03-12 05:03:08 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2013-03-12 05:03:08 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2013-02-21 01:42:25 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
.
==================== Find3M ====================
.
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57 385024 ----a-w- c:\windows\system32\html.iec
2013-01-30 10:53:21 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:16:02 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36:58 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
.
============= FINISH: 0:58:33.43 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-19 01:02:57
-----------------------------
01:02:57.078 OS Version: Windows 5.1.2600 Service Pack 3
01:02:57.078 Number of processors: 1 586 0xA00
01:02:57.078 ComputerName: OFFICE UserName: Owner
01:02:58.046 Initialize success
01:02:59.328 AVAST engine defs: 13031801
01:03:09.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000074
01:03:09.187 Disk 0 Vendor: ST3160215A 3.AAC Size: 152627MB BusType: 3
01:03:09.343 Disk 0 MBR read successfully
01:03:09.343 Disk 0 MBR scan
01:03:09.343 Disk 0 Windows XP default MBR code
01:03:09.343 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
01:03:09.359 Disk 0 scanning sectors +312560640
01:03:09.562 Disk 0 scanning C:\WINDOWS\system32\drivers
01:03:29.234 Service scanning
01:04:01.812 Modules scanning
01:04:21.046 Disk 0 trace - called modules:
01:04:21.078 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys
01:04:21.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8575fab8]
01:04:21.078 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000076[0x85760f18]
01:04:21.078 5 ACPI.sys[f743e620] -> nt!IofCallDriver -> \Device\00000074[0x857616e8]
01:04:21.437 AVAST engine scan C:\WINDOWS
01:04:29.546 AVAST engine scan C:\WINDOWS\system32
01:07:11.625 AVAST engine scan C:\WINDOWS\system32\drivers
01:07:33.765 AVAST engine scan C:\Documents and Settings\Owner
01:08:22.484 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
01:08:22.484 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
Hi
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Requested actions completed and the associated data follows. Note I set AVAST to be disabled until the computer was rebooted and the computer rebooted near the end of the combofix. After reboot I tried to post the comboFix.txt and the system hung. After rebooting again, I found the ,text file, ran the DDS logs and completed this post.
Thank you so much!!!
Roger
ComboFix 13-03-20.02 - Owner 03/20/2013 17:43:10.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.104 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\default\feed4.data
c:\data\default\us_sres.data
c:\documents and settings\Owner\GoToAssistDownloadHelper.exe
c:\documents and settings\Owner\WINDOWS
c:\program files\DailyBibleGuideEI
c:\windows\system32\SET9.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\msvcr71.dll.int
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-02-21 to 2013-03-21 )))))))))))))))))))))))))))))))
.
.
2013-03-20 03:30 . 2013-03-20 03:30 -------- d-----w- c:\program files\Microsoft ActiveSync
2013-03-20 03:29 . 2013-03-20 03:30 -------- d-----w- c:\windows\ShellNew
2013-03-19 07:54 . 2013-03-19 07:54 -------- d-----w- c:\program files\ERUNT
2013-03-15 23:57 . 2013-03-15 23:57 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sun
2013-03-13 07:43 . 2013-03-13 07:43 -------- d-----w- c:\program files\Bonjour
2013-03-13 06:08 . 2013-03-06 22:33 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-13 06:08 . 2013-03-06 22:33 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-13 06:08 . 2013-03-06 22:33 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-13 06:08 . 2013-03-06 22:33 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-13 06:08 . 2013-03-06 22:33 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-13 06:08 . 2013-03-06 22:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-13 06:08 . 2013-03-06 22:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-13 06:08 . 2013-03-06 22:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-13 06:07 . 2013-03-06 22:32 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-13 06:06 . 2013-03-06 22:32 41664 ----a-w- c:\windows\avastSS.scr
2013-03-13 06:05 . 2013-03-13 06:05 -------- d-----w- c:\program files\AVAST Software
2013-03-13 06:05 . 2013-03-13 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2013-03-12 22:34 . 2013-03-12 22:34 -------- d-----w- c:\program files\Apple Software Update
2013-03-12 22:31 . 2013-03-12 22:32 -------- d-----w- c:\windows\system32\Adobe
2013-03-12 22:30 . 2013-03-12 22:30 -------- d-----w- c:\program files\Common Files\Java
2013-03-12 22:16 . 2013-03-12 22:17 -------- d-----w- c:\program files\Common Files\Adobe
2013-03-12 22:15 . 2013-03-12 22:14 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-12 22:15 . 2013-03-12 22:14 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-12 22:15 . 2013-03-12 22:14 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-12 22:14 . 2013-03-12 22:14 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-12 22:14 . 2013-03-12 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2013-03-12 21:49 . 2013-03-12 21:49 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-03-12 21:49 . 2013-03-07 14:31 865744 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2013-03-12 21:49 . 2013-03-07 14:31 263064 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2013-03-12 19:21 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-12 19:21 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-03-12 10:45 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2013-03-12 07:07 . 2013-03-12 07:07 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-12 07:07 . 2013-03-12 07:07 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-12 06:45 . 2013-03-19 07:55 -------- d-----w- C:\Computer
2013-03-12 06:41 . 2013-03-12 06:41 -------- d-----w- c:\program files\CCleaner
2013-03-12 05:29 . 2001-08-17 20:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2013-03-12 05:29 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-03-12 05:29 . 2008-04-14 00:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2013-03-12 05:29 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2013-03-12 05:03 . 2008-04-13 18:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2013-03-12 05:03 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2013-02-21 01:42 . 2013-02-21 04:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-12 00:32 . 2008-08-19 04:43 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-04 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:05 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-01-30 10:53 . 2010-01-16 23:02 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-26 03:55 . 2004-08-04 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:16 . 2004-08-04 12:00 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36 . 2004-08-03 22:59 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2004-08-04 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-08-04 12:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2004-08-04 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2013-03-07 14:31 . 2013-03-12 21:49 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"DailyBibleGuide Browser Plugin Loader"="c:\progra~1\DAILYB~2\bar\1.bin\2vbrmon.exe" [2011-08-17 30096]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111v3 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WG111v3 Smart Wizard.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 22:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2008-10-05 17:21 26112 -c--a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 16:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Walgreens PhotoShow Media Manager]
2006-04-20 06:35 237568 -c--a-w- c:\progra~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WANMiniportService"=2 (0x2)
"SeaPort"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [3/12/2013 11:08 PM 49248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/12/2013 11:08 PM 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/12/2013 11:08 PM 368176]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/12/2013 11:08 PM 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [3/12/2013 11:08 PM 66336]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [6/6/2008 10:18 AM 22528]
S1 acapobnt;acapobnt;\??\c:\windows\system32\drivers\acapobnt.sys --> c:\windows\system32\drivers\acapobnt.sys [?]
S1 aooqzfkv;aooqzfkv;\??\c:\windows\system32\drivers\aooqzfkv.sys --> c:\windows\system32\drivers\aooqzfkv.sys [?]
S1 bhyfjttu;bhyfjttu;\??\c:\windows\system32\drivers\bhyfjttu.sys --> c:\windows\system32\drivers\bhyfjttu.sys [?]
S1 bidduafb;bidduafb;\??\c:\windows\system32\drivers\bidduafb.sys --> c:\windows\system32\drivers\bidduafb.sys [?]
S1 btqencwd;btqencwd;\??\c:\windows\system32\drivers\btqencwd.sys --> c:\windows\system32\drivers\btqencwd.sys [?]
S1 cobfbjwl;cobfbjwl;\??\c:\windows\system32\drivers\cobfbjwl.sys --> c:\windows\system32\drivers\cobfbjwl.sys [?]
S1 cotjizqd;cotjizqd;\??\c:\windows\system32\drivers\cotjizqd.sys --> c:\windows\system32\drivers\cotjizqd.sys [?]
S1 cpkxgqkd;cpkxgqkd;\??\c:\windows\system32\drivers\cpkxgqkd.sys --> c:\windows\system32\drivers\cpkxgqkd.sys [?]
S1 dnvnfsqq;dnvnfsqq;\??\c:\windows\system32\drivers\dnvnfsqq.sys --> c:\windows\system32\drivers\dnvnfsqq.sys [?]
S1 dpfsnadk;dpfsnadk;\??\c:\windows\system32\drivers\dpfsnadk.sys --> c:\windows\system32\drivers\dpfsnadk.sys [?]
S1 efababwt;efababwt;\??\c:\windows\system32\drivers\efababwt.sys --> c:\windows\system32\drivers\efababwt.sys [?]
S1 ektsmhwj;ektsmhwj;\??\c:\windows\system32\drivers\ektsmhwj.sys --> c:\windows\system32\drivers\ektsmhwj.sys [?]
S1 fdcrelxp;fdcrelxp;\??\c:\windows\system32\drivers\fdcrelxp.sys --> c:\windows\system32\drivers\fdcrelxp.sys [?]
S1 fkxyoehu;fkxyoehu;\??\c:\windows\system32\drivers\fkxyoehu.sys --> c:\windows\system32\drivers\fkxyoehu.sys [?]
S1 gebzlrlk;gebzlrlk;\??\c:\windows\system32\drivers\gebzlrlk.sys --> c:\windows\system32\drivers\gebzlrlk.sys [?]
S1 gedwlpgw;gedwlpgw;\??\c:\windows\system32\drivers\gedwlpgw.sys --> c:\windows\system32\drivers\gedwlpgw.sys [?]
S1 gpzpzghy;gpzpzghy;\??\c:\windows\system32\drivers\gpzpzghy.sys --> c:\windows\system32\drivers\gpzpzghy.sys [?]
S1 gvqjuowd;gvqjuowd;\??\c:\windows\system32\drivers\gvqjuowd.sys --> c:\windows\system32\drivers\gvqjuowd.sys [?]
S1 gxdpbakh;gxdpbakh;\??\c:\windows\system32\drivers\gxdpbakh.sys --> c:\windows\system32\drivers\gxdpbakh.sys [?]
S1 hndsgtav;hndsgtav;\??\c:\windows\system32\drivers\hndsgtav.sys --> c:\windows\system32\drivers\hndsgtav.sys [?]
S1 igsctoce;igsctoce;\??\c:\windows\system32\drivers\igsctoce.sys --> c:\windows\system32\drivers\igsctoce.sys [?]
S1 ivhxmuji;ivhxmuji;\??\c:\windows\system32\drivers\ivhxmuji.sys --> c:\windows\system32\drivers\ivhxmuji.sys [?]
S1 jmhoyzku;jmhoyzku;\??\c:\windows\system32\drivers\jmhoyzku.sys --> c:\windows\system32\drivers\jmhoyzku.sys [?]
S1 jrgsvfah;jrgsvfah;\??\c:\windows\system32\drivers\jrgsvfah.sys --> c:\windows\system32\drivers\jrgsvfah.sys [?]
S1 jvdkoect;jvdkoect;\??\c:\windows\system32\drivers\jvdkoect.sys --> c:\windows\system32\drivers\jvdkoect.sys [?]
S1 jwywzfus;jwywzfus;\??\c:\windows\system32\drivers\jwywzfus.sys --> c:\windows\system32\drivers\jwywzfus.sys [?]
S1 kksrsxsu;kksrsxsu;\??\c:\windows\system32\drivers\kksrsxsu.sys --> c:\windows\system32\drivers\kksrsxsu.sys [?]
S1 kmwsavhf;kmwsavhf;\??\c:\windows\system32\drivers\kmwsavhf.sys --> c:\windows\system32\drivers\kmwsavhf.sys [?]
S1 kpvdewvl;kpvdewvl;\??\c:\windows\system32\drivers\kpvdewvl.sys --> c:\windows\system32\drivers\kpvdewvl.sys [?]
S1 kqooxgfm;kqooxgfm;\??\c:\windows\system32\drivers\kqooxgfm.sys --> c:\windows\system32\drivers\kqooxgfm.sys [?]
S1 krgdkxtt;krgdkxtt;\??\c:\windows\system32\drivers\krgdkxtt.sys --> c:\windows\system32\drivers\krgdkxtt.sys [?]
S1 mgdhinqs;mgdhinqs;\??\c:\windows\system32\drivers\mgdhinqs.sys --> c:\windows\system32\drivers\mgdhinqs.sys [?]
S1 moheurgu;moheurgu;\??\c:\windows\system32\drivers\moheurgu.sys --> c:\windows\system32\drivers\moheurgu.sys [?]
S1 mzdhocmu;mzdhocmu;\??\c:\windows\system32\drivers\mzdhocmu.sys --> c:\windows\system32\drivers\mzdhocmu.sys [?]
S1 nhbmzbqi;nhbmzbqi;\??\c:\windows\system32\drivers\nhbmzbqi.sys --> c:\windows\system32\drivers\nhbmzbqi.sys [?]
S1 nnytfnut;nnytfnut;\??\c:\windows\system32\drivers\nnytfnut.sys --> c:\windows\system32\drivers\nnytfnut.sys [?]
S1 ntxuocjj;ntxuocjj;\??\c:\windows\system32\drivers\ntxuocjj.sys --> c:\windows\system32\drivers\ntxuocjj.sys [?]
S1 omsohsgh;omsohsgh;\??\c:\windows\system32\drivers\omsohsgh.sys --> c:\windows\system32\drivers\omsohsgh.sys [?]
S1 phtiekcm;phtiekcm;\??\c:\windows\system32\drivers\phtiekcm.sys --> c:\windows\system32\drivers\phtiekcm.sys [?]
S1 psyzlqbb;psyzlqbb;\??\c:\windows\system32\drivers\psyzlqbb.sys --> c:\windows\system32\drivers\psyzlqbb.sys [?]
S1 pvahfsge;pvahfsge;\??\c:\windows\system32\drivers\pvahfsge.sys --> c:\windows\system32\drivers\pvahfsge.sys [?]
S1 qzgvgiis;qzgvgiis;\??\c:\windows\system32\drivers\qzgvgiis.sys --> c:\windows\system32\drivers\qzgvgiis.sys [?]
S1 rkakihbx;rkakihbx;\??\c:\windows\system32\drivers\rkakihbx.sys --> c:\windows\system32\drivers\rkakihbx.sys [?]
S1 rninkmgf;rninkmgf;\??\c:\windows\system32\drivers\rninkmgf.sys --> c:\windows\system32\drivers\rninkmgf.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S1 scdqwdil;scdqwdil;\??\c:\windows\system32\drivers\scdqwdil.sys --> c:\windows\system32\drivers\scdqwdil.sys [?]
S1 tanbdmrv;tanbdmrv;\??\c:\windows\system32\drivers\tanbdmrv.sys --> c:\windows\system32\drivers\tanbdmrv.sys [?]
S1 ttdsztdz;ttdsztdz;\??\c:\windows\system32\drivers\ttdsztdz.sys --> c:\windows\system32\drivers\ttdsztdz.sys [?]
S1 uawagoej;uawagoej;\??\c:\windows\system32\drivers\uawagoej.sys --> c:\windows\system32\drivers\uawagoej.sys [?]
S1 uezbgkmd;uezbgkmd;\??\c:\windows\system32\drivers\uezbgkmd.sys --> c:\windows\system32\drivers\uezbgkmd.sys [?]
S1 ufifbxdk;ufifbxdk;\??\c:\windows\system32\drivers\ufifbxdk.sys --> c:\windows\system32\drivers\ufifbxdk.sys [?]
S1 uhaiwvop;uhaiwvop;\??\c:\windows\system32\drivers\uhaiwvop.sys --> c:\windows\system32\drivers\uhaiwvop.sys [?]
S1 uibqjwsm;uibqjwsm;\??\c:\windows\system32\drivers\uibqjwsm.sys --> c:\windows\system32\drivers\uibqjwsm.sys [?]
S1 utnfmtab;utnfmtab;\??\c:\windows\system32\drivers\utnfmtab.sys --> c:\windows\system32\drivers\utnfmtab.sys [?]
S1 uuszovga;uuszovga;\??\c:\windows\system32\drivers\uuszovga.sys --> c:\windows\system32\drivers\uuszovga.sys [?]
S1 uxoezycr;uxoezycr;\??\c:\windows\system32\drivers\uxoezycr.sys --> c:\windows\system32\drivers\uxoezycr.sys [?]
S1 uynchbdx;uynchbdx;\??\c:\windows\system32\drivers\uynchbdx.sys --> c:\windows\system32\drivers\uynchbdx.sys [?]
S1 vwuypbxr;vwuypbxr;\??\c:\windows\system32\drivers\vwuypbxr.sys --> c:\windows\system32\drivers\vwuypbxr.sys [?]
S1 wasxpmgw;wasxpmgw;\??\c:\windows\system32\drivers\wasxpmgw.sys --> c:\windows\system32\drivers\wasxpmgw.sys [?]
S1 whjbtbls;whjbtbls;\??\c:\windows\system32\drivers\whjbtbls.sys --> c:\windows\system32\drivers\whjbtbls.sys [?]
S1 wjsetgzq;wjsetgzq;\??\c:\windows\system32\drivers\wjsetgzq.sys --> c:\windows\system32\drivers\wjsetgzq.sys [?]
S1 xkyflovj;xkyflovj;\??\c:\windows\system32\drivers\xkyflovj.sys --> c:\windows\system32\drivers\xkyflovj.sys [?]
S1 yahtalmn;yahtalmn;\??\c:\windows\system32\drivers\yahtalmn.sys --> c:\windows\system32\drivers\yahtalmn.sys [?]
S1 ywpgxnsc;ywpgxnsc;\??\c:\windows\system32\drivers\ywpgxnsc.sys --> c:\windows\system32\drivers\ywpgxnsc.sys [?]
S1 zjztvedg;zjztvedg;\??\c:\windows\system32\drivers\zjztvedg.sys --> c:\windows\system32\drivers\zjztvedg.sys [?]
S2 DailyBibleGuideService;DailyBibleGuideService;c:\progra~1\DAILYB~2\bar\1.bin\2vbarsvc.exe [8/17/2011 11:56 AM 42504]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [3/12/2013 11:08 PM 164736]
S3 AX88172;NETGEAR FA120 USB 2.0 Fast Ethernet Adapter;c:\windows\system32\drivers\FA120.sys [1/15/2008 6:45 PM 14048]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [3/31/2010 6:58 AM 342784]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-21 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-03-13 22:32]
.
2013-03-21 c:\windows\Tasks\User_Feed_Synchronization-{4D613E04-F10F-41C0-9F6F-7093D9EBE63D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
2013-03-21 c:\windows\Tasks\User_Feed_Synchronization-{AA4B2D18-BE2B-4ED3-B111-A9B4A7C71110}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com/?fr=fp-reg
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxp://www.iolo.com/app/ocx/UpgradeVerify.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ujmir2r4.default\
FF - ExtSQL: 2013-03-12 23:07; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: !HIDDEN! 2011-09-21 17:28; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-Locked - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSConfigStartUp-UfSeAgnt - c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe
AddRemove-Tahiti Live - c:\program files\Tahiti Live\Tahiti Live.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-20 19:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2a,f6,3e,d1,4b,0f,91,45,b7,af,4b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2a,f6,3e,d1,4b,0f,91,45,b7,af,4b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1468)
c:\windows\system32\WININET.dll
c:\progra~1\DAILYB~2\bar\1.bin\2vbrstub.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-03-20 19:34:47 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-21 02:34
ComboFix2.txt 2008-07-16 18:36
.
Pre-Run: 112,901,173,248 bytes free
Post-Run: 113,170,448,384 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - CC72EA67AE12DAF5E997EB68CC5A0112
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.17.2
Run by Owner at 23:12:19 on 2013-03-20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.67 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\DAILYB~2\bar\1.bin\2vbrmon.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/?fr=fp-reg
uProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DailyBibleGuide Browser Plugin Loader] c:\progra~1\dailyb~2\bar\1.bin\2vbrmon.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183158141578
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1363115980328
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxp://www.iolo.com/app/ocx/UpgradeVerify.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{761A3CB6-7D73-448C-95E5-FFBC61A7A38C} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{7920C8EB-C091-494F-ACC1-87906D4CCDA4} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{809C77B1-840A-41C1-BB73-C54246D4BE71} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DEE8850C-9EF6-4F98-9470-C638C1031ABA} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{F216FC57-6B39-435F-8C98-D3501C351548} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\ujmir2r4.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\dailybibleguide\bar\1.bin\NP2vStub.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1200112.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-03-12 23:07; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: !HIDDEN! 2011-09-21 17:28; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-12 49248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-3-12 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-3-12 368176]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-3-12 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-12 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-3-12 45248]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-6-6 22528]
S1 acapobnt;acapobnt;\??\c:\windows\system32\drivers\acapobnt.sys --> c:\windows\system32\drivers\acapobnt.sys [?]
S1 aooqzfkv;aooqzfkv;\??\c:\windows\system32\drivers\aooqzfkv.sys --> c:\windows\system32\drivers\aooqzfkv.sys [?]
S1 bhyfjttu;bhyfjttu;\??\c:\windows\system32\drivers\bhyfjttu.sys --> c:\windows\system32\drivers\bhyfjttu.sys [?]
S1 bidduafb;bidduafb;\??\c:\windows\system32\drivers\bidduafb.sys --> c:\windows\system32\drivers\bidduafb.sys [?]
S1 btqencwd;btqencwd;\??\c:\windows\system32\drivers\btqencwd.sys --> c:\windows\system32\drivers\btqencwd.sys [?]
S1 cobfbjwl;cobfbjwl;\??\c:\windows\system32\drivers\cobfbjwl.sys --> c:\windows\system32\drivers\cobfbjwl.sys [?]
S1 cotjizqd;cotjizqd;\??\c:\windows\system32\drivers\cotjizqd.sys --> c:\windows\system32\drivers\cotjizqd.sys [?]
S1 cpkxgqkd;cpkxgqkd;\??\c:\windows\system32\drivers\cpkxgqkd.sys --> c:\windows\system32\drivers\cpkxgqkd.sys [?]
S1 dnvnfsqq;dnvnfsqq;\??\c:\windows\system32\drivers\dnvnfsqq.sys --> c:\windows\system32\drivers\dnvnfsqq.sys [?]
S1 dpfsnadk;dpfsnadk;\??\c:\windows\system32\drivers\dpfsnadk.sys --> c:\windows\system32\drivers\dpfsnadk.sys [?]
S1 efababwt;efababwt;\??\c:\windows\system32\drivers\efababwt.sys --> c:\windows\system32\drivers\efababwt.sys [?]
S1 ektsmhwj;ektsmhwj;\??\c:\windows\system32\drivers\ektsmhwj.sys --> c:\windows\system32\drivers\ektsmhwj.sys [?]
S1 fdcrelxp;fdcrelxp;\??\c:\windows\system32\drivers\fdcrelxp.sys --> c:\windows\system32\drivers\fdcrelxp.sys [?]
S1 fkxyoehu;fkxyoehu;\??\c:\windows\system32\drivers\fkxyoehu.sys --> c:\windows\system32\drivers\fkxyoehu.sys [?]
S1 gebzlrlk;gebzlrlk;\??\c:\windows\system32\drivers\gebzlrlk.sys --> c:\windows\system32\drivers\gebzlrlk.sys [?]
S1 gedwlpgw;gedwlpgw;\??\c:\windows\system32\drivers\gedwlpgw.sys --> c:\windows\system32\drivers\gedwlpgw.sys [?]
S1 gpzpzghy;gpzpzghy;\??\c:\windows\system32\drivers\gpzpzghy.sys --> c:\windows\system32\drivers\gpzpzghy.sys [?]
S1 gvqjuowd;gvqjuowd;\??\c:\windows\system32\drivers\gvqjuowd.sys --> c:\windows\system32\drivers\gvqjuowd.sys [?]
S1 gxdpbakh;gxdpbakh;\??\c:\windows\system32\drivers\gxdpbakh.sys --> c:\windows\system32\drivers\gxdpbakh.sys [?]
S1 hndsgtav;hndsgtav;\??\c:\windows\system32\drivers\hndsgtav.sys --> c:\windows\system32\drivers\hndsgtav.sys [?]
S1 igsctoce;igsctoce;\??\c:\windows\system32\drivers\igsctoce.sys --> c:\windows\system32\drivers\igsctoce.sys [?]
S1 ivhxmuji;ivhxmuji;\??\c:\windows\system32\drivers\ivhxmuji.sys --> c:\windows\system32\drivers\ivhxmuji.sys [?]
S1 jmhoyzku;jmhoyzku;\??\c:\windows\system32\drivers\jmhoyzku.sys --> c:\windows\system32\drivers\jmhoyzku.sys [?]
S1 jrgsvfah;jrgsvfah;\??\c:\windows\system32\drivers\jrgsvfah.sys --> c:\windows\system32\drivers\jrgsvfah.sys [?]
S1 jvdkoect;jvdkoect;\??\c:\windows\system32\drivers\jvdkoect.sys --> c:\windows\system32\drivers\jvdkoect.sys [?]
S1 jwywzfus;jwywzfus;\??\c:\windows\system32\drivers\jwywzfus.sys --> c:\windows\system32\drivers\jwywzfus.sys [?]
S1 kksrsxsu;kksrsxsu;\??\c:\windows\system32\drivers\kksrsxsu.sys --> c:\windows\system32\drivers\kksrsxsu.sys [?]
S1 kmwsavhf;kmwsavhf;\??\c:\windows\system32\drivers\kmwsavhf.sys --> c:\windows\system32\drivers\kmwsavhf.sys [?]
S1 kpvdewvl;kpvdewvl;\??\c:\windows\system32\drivers\kpvdewvl.sys --> c:\windows\system32\drivers\kpvdewvl.sys [?]
S1 kqooxgfm;kqooxgfm;\??\c:\windows\system32\drivers\kqooxgfm.sys --> c:\windows\system32\drivers\kqooxgfm.sys [?]
S1 krgdkxtt;krgdkxtt;\??\c:\windows\system32\drivers\krgdkxtt.sys --> c:\windows\system32\drivers\krgdkxtt.sys [?]
S1 mgdhinqs;mgdhinqs;\??\c:\windows\system32\drivers\mgdhinqs.sys --> c:\windows\system32\drivers\mgdhinqs.sys [?]
S1 moheurgu;moheurgu;\??\c:\windows\system32\drivers\moheurgu.sys --> c:\windows\system32\drivers\moheurgu.sys [?]
S1 mzdhocmu;mzdhocmu;\??\c:\windows\system32\drivers\mzdhocmu.sys --> c:\windows\system32\drivers\mzdhocmu.sys [?]
S1 nhbmzbqi;nhbmzbqi;\??\c:\windows\system32\drivers\nhbmzbqi.sys --> c:\windows\system32\drivers\nhbmzbqi.sys [?]
S1 nnytfnut;nnytfnut;\??\c:\windows\system32\drivers\nnytfnut.sys --> c:\windows\system32\drivers\nnytfnut.sys [?]
S1 ntxuocjj;ntxuocjj;\??\c:\windows\system32\drivers\ntxuocjj.sys --> c:\windows\system32\drivers\ntxuocjj.sys [?]
S1 omsohsgh;omsohsgh;\??\c:\windows\system32\drivers\omsohsgh.sys --> c:\windows\system32\drivers\omsohsgh.sys [?]
S1 phtiekcm;phtiekcm;\??\c:\windows\system32\drivers\phtiekcm.sys --> c:\windows\system32\drivers\phtiekcm.sys [?]
S1 psyzlqbb;psyzlqbb;\??\c:\windows\system32\drivers\psyzlqbb.sys --> c:\windows\system32\drivers\psyzlqbb.sys [?]
S1 pvahfsge;pvahfsge;\??\c:\windows\system32\drivers\pvahfsge.sys --> c:\windows\system32\drivers\pvahfsge.sys [?]
S1 qzgvgiis;qzgvgiis;\??\c:\windows\system32\drivers\qzgvgiis.sys --> c:\windows\system32\drivers\qzgvgiis.sys [?]
S1 rkakihbx;rkakihbx;\??\c:\windows\system32\drivers\rkakihbx.sys --> c:\windows\system32\drivers\rkakihbx.sys [?]
S1 rninkmgf;rninkmgf;\??\c:\windows\system32\drivers\rninkmgf.sys --> c:\windows\system32\drivers\rninkmgf.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S1 scdqwdil;scdqwdil;\??\c:\windows\system32\drivers\scdqwdil.sys --> c:\windows\system32\drivers\scdqwdil.sys [?]
S1 tanbdmrv;tanbdmrv;\??\c:\windows\system32\drivers\tanbdmrv.sys --> c:\windows\system32\drivers\tanbdmrv.sys [?]
S1 ttdsztdz;ttdsztdz;\??\c:\windows\system32\drivers\ttdsztdz.sys --> c:\windows\system32\drivers\ttdsztdz.sys [?]
S1 uawagoej;uawagoej;\??\c:\windows\system32\drivers\uawagoej.sys --> c:\windows\system32\drivers\uawagoej.sys [?]
S1 uezbgkmd;uezbgkmd;\??\c:\windows\system32\drivers\uezbgkmd.sys --> c:\windows\system32\drivers\uezbgkmd.sys [?]
S1 ufifbxdk;ufifbxdk;\??\c:\windows\system32\drivers\ufifbxdk.sys --> c:\windows\system32\drivers\ufifbxdk.sys [?]
S1 uhaiwvop;uhaiwvop;\??\c:\windows\system32\drivers\uhaiwvop.sys --> c:\windows\system32\drivers\uhaiwvop.sys [?]
S1 uibqjwsm;uibqjwsm;\??\c:\windows\system32\drivers\uibqjwsm.sys --> c:\windows\system32\drivers\uibqjwsm.sys [?]
S1 utnfmtab;utnfmtab;\??\c:\windows\system32\drivers\utnfmtab.sys --> c:\windows\system32\drivers\utnfmtab.sys [?]
S1 uuszovga;uuszovga;\??\c:\windows\system32\drivers\uuszovga.sys --> c:\windows\system32\drivers\uuszovga.sys [?]
S1 uxoezycr;uxoezycr;\??\c:\windows\system32\drivers\uxoezycr.sys --> c:\windows\system32\drivers\uxoezycr.sys [?]
S1 uynchbdx;uynchbdx;\??\c:\windows\system32\drivers\uynchbdx.sys --> c:\windows\system32\drivers\uynchbdx.sys [?]
S1 vwuypbxr;vwuypbxr;\??\c:\windows\system32\drivers\vwuypbxr.sys --> c:\windows\system32\drivers\vwuypbxr.sys [?]
S1 wasxpmgw;wasxpmgw;\??\c:\windows\system32\drivers\wasxpmgw.sys --> c:\windows\system32\drivers\wasxpmgw.sys [?]
S1 whjbtbls;whjbtbls;\??\c:\windows\system32\drivers\whjbtbls.sys --> c:\windows\system32\drivers\whjbtbls.sys [?]
S1 wjsetgzq;wjsetgzq;\??\c:\windows\system32\drivers\wjsetgzq.sys --> c:\windows\system32\drivers\wjsetgzq.sys [?]
S1 xkyflovj;xkyflovj;\??\c:\windows\system32\drivers\xkyflovj.sys --> c:\windows\system32\drivers\xkyflovj.sys [?]
S1 yahtalmn;yahtalmn;\??\c:\windows\system32\drivers\yahtalmn.sys --> c:\windows\system32\drivers\yahtalmn.sys [?]
S1 ywpgxnsc;ywpgxnsc;\??\c:\windows\system32\drivers\ywpgxnsc.sys --> c:\windows\system32\drivers\ywpgxnsc.sys [?]
S1 zjztvedg;zjztvedg;\??\c:\windows\system32\drivers\zjztvedg.sys --> c:\windows\system32\drivers\zjztvedg.sys [?]
S2 DailyBibleGuideService;DailyBibleGuideService;c:\progra~1\dailyb~2\bar\1.bin\2vbarsvc.exe [2011-8-17 42504]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-12 164736]
S3 AX88172;NETGEAR FA120 USB 2.0 Fast Ethernet Adapter;c:\windows\system32\drivers\FA120.sys [2008-1-15 14048]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 342784]
S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\sasenum.sys --> c:\program files\superantispyware\SASENUM.SYS [?]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=NOTEPAD.EXE %1
FileExt: .wsf: WSFFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2013-03-21 00:35:25 -------- d-sha-r- C:\cmdcons
2013-03-21 00:33:24 256000 ----a-w- c:\windows\PEV.exe
2013-03-21 00:33:24 208896 ----a-w- c:\windows\MBR.exe
2013-03-20 03:30:37 -------- d-----w- c:\program files\Microsoft ActiveSync
2013-03-20 03:29:33 -------- d-----w- c:\windows\ShellNew
2013-03-15 23:57:14 -------- d-----w- c:\documents and settings\owner\local settings\application data\Sun
2013-03-13 07:43:48 -------- d-----w- c:\program files\Bonjour
2013-03-13 06:08:01 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-13 06:08:01 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-13 06:08:01 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-13 06:08:00 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-13 06:06:39 41664 ----a-w- c:\windows\avastSS.scr
2013-03-13 06:05:59 -------- d-----w- c:\program files\AVAST Software
2013-03-13 06:05:21 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2013-03-12 22:31:33 -------- d-----w- c:\windows\system32\Adobe
2013-03-12 22:15:09 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-12 22:15:09 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-12 22:15:08 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-12 22:14:58 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-12 21:49:09 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-03-12 21:49:02 865744 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2013-03-12 21:49:02 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2013-03-12 19:21:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-12 19:21:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-03-12 10:45:35 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2013-03-12 07:07:24 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-12 07:07:24 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-12 06:45:41 -------- d-----w- C:\Computer
2013-03-12 06:41:41 -------- d-----w- c:\program files\CCleaner
2013-03-12 05:29:25 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2013-03-12 05:29:25 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-03-12 05:29:18 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2013-03-12 05:29:18 21504 ----a-w- c:\windows\system32\hidserv.dll
2013-03-12 05:03:08 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2013-03-12 05:03:08 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2013-02-21 01:42:25 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
.
==================== Find3M ====================
.
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57 385024 ----a-w- c:\windows\system32\html.iec
2013-01-30 10:53:21 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:16:02 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36:58 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
.
============= FINISH: 23:13:20.23 ===============
Hi again,
Open notepad and copy/paste the text in the quotebox below into it:
Folder::
C:\PROGRA~1\DAILYB~2
Firefox::
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\ujmir2r4.default\
FF - plugin: c:\program files\dailybibleguide\bar\1.bin\NP2vStub.dll
Driver::
acapobnt
aooqzfkv
bhyfjttu
bidduafb
btqencwd
cobfbjwl
cotjizqd
cpkxgqkd
dnvnfsqq
dpfsnadk
efababwt
ektsmhwj
fdcrelxp
fkxyoehu
gebzlrlk
gedwlpgw
gpzpzghy
gvqjuowd
gxdpbakh
hndsgtav
igsctoce
ivhxmuji
jmhoyzku
jrgsvfah
jvdkoect
jwywzfus
kksrsxsu
kmwsavhf
kpvdewvl
kqooxgfm
krgdkxtt
mgdhinqs
moheurgu
mzdhocmu
nhbmzbqi
nnytfnut
ntxuocjj
omsohsgh
phtiekcm
psyzlqbb
pvahfsge
qzgvgiis
rkakihbx
rninkmgf
scdqwdil
tanbdmrv
ttdsztdz
uawagoej
uezbgkmd
ufifbxdk
uhaiwvop
uibqjwsm
utnfmtab
uuszovga
uxoezycr
uynchbdx
vwuypbxr
wasxpmgw
whjbtbls
wjsetgzq
xkyflovj
yahtalmn
ywpgxnsc
zjztvedg
DailyBibleGuideService
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.
Uninstall vulnerable Flash versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).
* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish.
Post back its report (copy-paste results if any threats found), a fresh dds.txt log and above mentioned ComboFix resultant log.
Hi I followed the instructions with combo fix. It seems to be working correctly but quite slow. The system re booted during the combo fix operation
then waited for me to login. After login combo fix started/continued and then hung. I Waited several hours and nothing (just hung). I restarted the computer but there is no log file although combo fix left a lot of files on the machine.
When I disabled avast, I disabled until restart. So perhaps avast caused combofix to hang after the reboot.
Please advise what to do next.
Thanks,
Roger
Hi,
You could try to disable Avast so that it won't get enabled before it's manually enabled again. If after doing that ComboFix script run still stalls please give a try in safe mode (ensuring it goes to safe mode also after possible ComboFix reboot).
OK task complete...
Thank you sooo much for your help.
ComboFix 13-03-21.02 - Owner 03/22/2013 18:52:23.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.162 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\progra~1\DAILYB~2
c:\progra~1\DAILYB~2\bar\1.bin\2vauxstb.dll
c:\progra~1\DAILYB~2\bar\1.bin\2vbar.dll
c:\progra~1\DAILYB~2\bar\1.bin\2vbarsvc.exe
c:\progra~1\DAILYB~2\bar\1.bin\2vbrmon.exe
c:\progra~1\DAILYB~2\bar\1.bin\2vbrstub.dll
c:\progra~1\DAILYB~2\bar\1.bin\2vdatact.dll
c:\progra~1\DAILYB~2\bar\1.bin\2vdlghk.dll
c:\progra~1\DAILYB~2\bar\1.bin\2vdyn.dll
c:\progra~1\DAILYB~2\bar\1.bin\2vfeedmg.dll
c:\progra~1\DAILYB~2\bar\1.bin\2vhighin.exe
c:\progra~1\DAILYB~2\bar\1.bin\2vhtml.dll
c:\progra~1\DAILYB~2\bar\1.bin\2vhtmlmu.dll
c:\progra~1\DAILYB~2\bar\1.bin\2vhttpct.dll
c:\progra~1\DAILYB~2\bar\1.bin\2vidle.dll
c:\progra~1\DAILYB~2\bar\1.bin\2vieovr.dll
c:\progra~1\DAILYB~2\bar\1.bin\2vimpipe.exe
c:\progra~1\DAILYB~2\bar\1.bin\2vmedint.exe
c:\progra~1\DAILYB~2\bar\1.bin\2vmlbtn.dll
c:\progra~1\DAILYB~2\bar\1.bin\2vmsg.dll
c:\progra~1\DAILYB~2\bar\1.bin\2vPlugin.dll
c:\progra~1\DAILYB~2\bar\1.bin\2vradio.dll
c:\progra~1\DAILYB~2\bar\1.bin\2vregfft.dll
c:\progra~1\DAILYB~2\bar\1.bin\2vregiet.dll
c:\progra~1\DAILYB~2\bar\1.bin\2vscript.dll
c:\progra~1\DAILYB~2\bar\1.bin\2vskin.dll
c:\progra~1\DAILYB~2\bar\1.bin\2vskplay.exe
c:\progra~1\DAILYB~2\bar\1.bin\2vSrcAs.dll
c:\progra~1\DAILYB~2\bar\1.bin\2vtpinst.dll
c:\progra~1\DAILYB~2\bar\1.bin\2vuabtn.dll
c:\progra~1\DAILYB~2\bar\1.bin\CHROME.MANIFEST
c:\progra~1\DAILYB~2\bar\1.bin\chrome\2vffxtbr.jar
c:\progra~1\DAILYB~2\bar\1.bin\INSTALL.RDF
c:\progra~1\DAILYB~2\bar\1.bin\LOGO.BMP
c:\progra~1\DAILYB~2\bar\1.bin\NP2vStub.dll
c:\progra~1\DAILYB~2\bar\1.bin\T8FFTBPR.DLL
c:\progra~1\DAILYB~2\bar\1.bin\T8PATCH.DLL
c:\progra~1\DAILYB~2\bar\1.bin\T8RES.DLL
c:\progra~1\DAILYB~2\bar\1.bin\T8UNPAT.DLL
c:\progra~1\DAILYB~2\bar\Cache\0041FDBC.bmp
c:\progra~1\DAILYB~2\bar\Cache\0041FE49.bmp
c:\progra~1\DAILYB~2\bar\Cache\0041FF62.bmp
c:\progra~1\DAILYB~2\bar\Cache\00420195.bmp
c:\progra~1\DAILYB~2\bar\Cache\00420231.bmp
c:\progra~1\DAILYB~2\bar\Cache\004202AE.bmp
c:\progra~1\DAILYB~2\bar\Cache\0042034A.bmp
c:\progra~1\DAILYB~2\bar\Cache\00420398.bmp
c:\progra~1\DAILYB~2\bar\Cache\004203E7.bmp
c:\progra~1\DAILYB~2\bar\Cache\00420435.bmp
c:\progra~1\DAILYB~2\bar\Cache\00420473.bmp
c:\progra~1\DAILYB~2\bar\Cache\004212CB.jhtml
c:\progra~1\DAILYB~2\bar\Cache\00424D73.bmp
c:\progra~1\DAILYB~2\bar\Cache\00DB3DBB
c:\progra~1\DAILYB~2\bar\Cache\files.ini
c:\progra~1\DAILYB~2\bar\History\search3
c:\progra~1\DAILYB~2\bar\IE9Mesg\COMMON.T8S
c:\progra~1\DAILYB~2\bar\Message\COMMON.T8S
c:\progra~1\DAILYB~2\bar\Settings\prevcfg2.htm
c:\progra~1\DAILYB~2\bar\Settings\s_pid.dat
c:\progra~1\DAILYB~2\bar\Settings\s_w1.dat
c:\progra~1\DAILYB~2\bar\Settings\s_w1.dat.bak
c:\progra~1\DAILYB~2\bar\Settings\s_w2.dat
c:\progra~1\DAILYB~2\bar\Settings\s_w2.dat.bak
c:\progra~1\DAILYB~2\bar\Settings\setting3.htm
c:\progra~1\DAILYB~2\bar\Settings\setting3.htm.bak
c:\progra~1\DAILYB~2\DailyBibleGuide\Cache\PopupProperties100018065.html
c:\progra~1\DAILYB~2\DailyBibleGuide\Cache\PopupProperties100018249.html
c:\progra~1\DAILYB~2\DailyBibleGuide\Cache\PopupProperties100018251.html
c:\progra~1\DAILYB~2\DailyBibleGuide\Cache\PopupProperties100018775.html
c:\progra~1\DAILYB~2\DailyBibleGuide\Cache\PopupProperties100064918.html
c:\progra~1\DAILYB~2\DailyBibleGuide\Cache\Radiohitz.html
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DAILYBIBLEGUIDESERVICE
-------\Service_acapobnt
-------\Service_aooqzfkv
-------\Service_bhyfjttu
-------\Service_bidduafb
-------\Service_btqencwd
-------\Service_cobfbjwl
-------\Service_cotjizqd
-------\Service_cpkxgqkd
-------\Service_DailyBibleGuideService
-------\Service_dnvnfsqq
-------\Service_dpfsnadk
-------\Service_efababwt
-------\Service_ektsmhwj
-------\Service_fdcrelxp
-------\Service_fkxyoehu
-------\Service_gebzlrlk
-------\Service_gedwlpgw
-------\Service_gpzpzghy
-------\Service_gvqjuowd
-------\Service_gxdpbakh
-------\Service_hndsgtav
-------\Service_igsctoce
-------\Service_ivhxmuji
-------\Service_jmhoyzku
-------\Service_jrgsvfah
-------\Service_jvdkoect
-------\Service_jwywzfus
-------\Service_kksrsxsu
-------\Service_kmwsavhf
-------\Service_kpvdewvl
-------\Service_kqooxgfm
-------\Service_krgdkxtt
-------\Service_mgdhinqs
-------\Service_moheurgu
-------\Service_mzdhocmu
-------\Service_nhbmzbqi
-------\Service_nnytfnut
-------\Service_ntxuocjj
-------\Service_omsohsgh
-------\Service_phtiekcm
-------\Service_psyzlqbb
-------\Service_pvahfsge
-------\Service_qzgvgiis
-------\Service_rkakihbx
-------\Service_rninkmgf
-------\Service_scdqwdil
-------\Service_tanbdmrv
-------\Service_ttdsztdz
-------\Service_uawagoej
-------\Service_uezbgkmd
-------\Service_ufifbxdk
-------\Service_uhaiwvop
-------\Service_uibqjwsm
-------\Service_utnfmtab
-------\Service_uuszovga
-------\Service_uxoezycr
-------\Service_uynchbdx
-------\Service_vwuypbxr
-------\Service_wasxpmgw
-------\Service_whjbtbls
-------\Service_wjsetgzq
-------\Service_xkyflovj
-------\Service_yahtalmn
-------\Service_ywpgxnsc
-------\Service_zjztvedg
.
.
((((((((((((((((((((((((( Files Created from 2013-02-23 to 2013-03-23 )))))))))))))))))))))))))))))))
.
.
2013-03-20 03:30 . 2013-03-20 03:30 -------- d-----w- c:\program files\Microsoft ActiveSync
2013-03-20 03:29 . 2013-03-20 03:30 -------- d-----w- c:\windows\ShellNew
2013-03-19 07:54 . 2013-03-19 07:54 -------- d-----w- c:\program files\ERUNT
2013-03-15 23:57 . 2013-03-15 23:57 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sun
2013-03-13 07:43 . 2013-03-13 07:43 -------- d-----w- c:\program files\Bonjour
2013-03-13 06:08 . 2013-03-06 22:33 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-13 06:08 . 2013-03-06 22:33 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-13 06:08 . 2013-03-06 22:33 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-13 06:08 . 2013-03-06 22:33 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-13 06:08 . 2013-03-06 22:33 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-13 06:08 . 2013-03-06 22:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-13 06:08 . 2013-03-06 22:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-13 06:08 . 2013-03-06 22:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-13 06:07 . 2013-03-06 22:32 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-13 06:06 . 2013-03-06 22:32 41664 ----a-w- c:\windows\avastSS.scr
2013-03-13 06:05 . 2013-03-13 06:05 -------- d-----w- c:\program files\AVAST Software
2013-03-13 06:05 . 2013-03-13 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2013-03-12 22:34 . 2013-03-12 22:34 -------- d-----w- c:\program files\Apple Software Update
2013-03-12 22:31 . 2013-03-12 22:32 -------- d-----w- c:\windows\system32\Adobe
2013-03-12 22:30 . 2013-03-12 22:30 -------- d-----w- c:\program files\Common Files\Java
2013-03-12 22:16 . 2013-03-12 22:17 -------- d-----w- c:\program files\Common Files\Adobe
2013-03-12 22:15 . 2013-03-12 22:14 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-12 22:15 . 2013-03-12 22:14 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-12 22:15 . 2013-03-12 22:14 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-12 22:14 . 2013-03-12 22:14 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-12 22:14 . 2013-03-12 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2013-03-12 21:49 . 2013-03-12 21:49 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-03-12 21:49 . 2013-03-07 14:31 865744 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2013-03-12 21:49 . 2013-03-07 14:31 263064 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2013-03-12 19:21 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-12 19:21 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-03-12 10:45 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2013-03-12 07:07 . 2013-03-12 07:07 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-12 07:07 . 2013-03-12 07:07 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-12 06:45 . 2013-03-19 07:55 -------- d-----w- C:\Computer
2013-03-12 06:41 . 2013-03-12 06:41 -------- d-----w- c:\program files\CCleaner
2013-03-12 05:29 . 2001-08-17 20:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2013-03-12 05:29 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-03-12 05:29 . 2008-04-14 00:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2013-03-12 05:29 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2013-03-12 05:03 . 2008-04-13 18:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2013-03-12 05:03 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-12 00:32 . 2008-08-19 04:43 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-04 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:05 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-01-30 10:53 . 2010-01-16 23:02 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-26 03:55 . 2004-08-04 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:16 . 2004-08-04 12:00 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36 . 2004-08-03 22:59 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2004-08-04 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-08-04 12:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2004-08-04 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2013-03-07 14:31 . 2013-03-12 21:49 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111v3 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WG111v3 Smart Wizard.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 22:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2008-10-05 17:21 26112 -c--a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 16:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Walgreens PhotoShow Media Manager]
2006-04-20 06:35 237568 -c--a-w- c:\progra~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WANMiniportService"=2 (0x2)
"SeaPort"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [3/12/2013 11:08 PM 49248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/12/2013 11:08 PM 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/12/2013 11:08 PM 368176]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/12/2013 11:08 PM 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [3/12/2013 11:08 PM 66336]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [6/6/2008 10:18 AM 22528]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [3/12/2013 11:08 PM 164736]
S3 AX88172;NETGEAR FA120 USB 2.0 Fast Ethernet Adapter;c:\windows\system32\drivers\FA120.sys [1/15/2008 6:45 PM 14048]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [3/31/2010 6:58 AM 342784]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-22 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-03-13 22:32]
.
2013-03-23 c:\windows\Tasks\User_Feed_Synchronization-{4D613E04-F10F-41C0-9F6F-7093D9EBE63D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
2013-03-23 c:\windows\Tasks\User_Feed_Synchronization-{AA4B2D18-BE2B-4ED3-B111-A9B4A7C71110}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com/?fr=fp-reg
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxp://www.iolo.com/app/ocx/UpgradeVerify.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ujmir2r4.default\
FF - ExtSQL: 2013-03-12 23:07; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: !HIDDEN! 2011-09-21 17:28; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-DailyBibleGuide Browser Plugin Loader - c:\progra~1\DAILYB~2\bar\1.bin\2vbrmon.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-22 19:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2a,f6,3e,d1,4b,0f,91,45,b7,af,4b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2a,f6,3e,d1,4b,0f,91,45,b7,af,4b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3636)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-03-22 19:05:04
ComboFix-quarantined-files.txt 2013-03-23 02:05
ComboFix2.txt 2013-03-21 02:34
ComboFix3.txt 2008-07-16 18:36
.
Pre-Run: 112,708,579,328 bytes free
Post-Run: 112,846,151,680 bytes free
.
- - End Of File - - 605BC9BC059F2C4B209CAE6FE76B66E5
--- eset log -----
C:\QooBox\Quarantine\C\Program Files\DAILYB~2\bar\1.bin\2vdatact.dll.vir a variant of Win32/Toolbar.MyWebSearch.A application
C:\QooBox\Quarantine\C\Program Files\DAILYB~2\bar\1.bin\2vhtml.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.F application
C:\QooBox\Quarantine\C\Program Files\DAILYB~2\bar\1.bin\2vhtmlmu.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.B application
C:\QooBox\Quarantine\C\Program Files\DAILYB~2\bar\1.bin\2vieovr.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.P application
C:\QooBox\Quarantine\C\Program Files\DAILYB~2\bar\1.bin\2vPlugin.dll.vir a variant of Win32/Toolbar.MyWebSearch application
C:\QooBox\Quarantine\C\Program Files\DAILYB~2\bar\1.bin\2vskin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P application
C:\QooBox\Quarantine\C\WINDOWS\system32\phcr95j0ea45.bmp.vir Win32/TrojanDownloader.FakeAlert.DJ trojan
C:\System Volume Information\_restore{44C0BE2B-D494-4D17-B2B8-CC09A423CD50}\RP1935\A0675195.dll a variant of Win32/Toolbar.MyWebSearch.A application
C:\System Volume Information\_restore{44C0BE2B-D494-4D17-B2B8-CC09A423CD50}\RP1935\A0675200.dll probably a variant of Win32/Toolbar.MyWebSearch.F application
C:\System Volume Information\_restore{44C0BE2B-D494-4D17-B2B8-CC09A423CD50}\RP1935\A0675201.dll probably a variant of Win32/Toolbar.MyWebSearch.B application
C:\System Volume Information\_restore{44C0BE2B-D494-4D17-B2B8-CC09A423CD50}\RP1935\A0675204.dll probably a variant of Win32/Toolbar.MyWebSearch.P application
C:\System Volume Information\_restore{44C0BE2B-D494-4D17-B2B8-CC09A423CD50}\RP1935\A0675209.dll a variant of Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{44C0BE2B-D494-4D17-B2B8-CC09A423CD50}\RP1935\A0675214.dll a variant of Win32/Toolbar.MyWebSearch.P application
----- end esset log --------
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.17.2
Run by Owner at 9:14:35 on 2013-03-23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.108 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/?fr=fp-reg
uProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183158141578
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1363115980328
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxp://www.iolo.com/app/ocx/UpgradeVerify.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{761A3CB6-7D73-448C-95E5-FFBC61A7A38C} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{7920C8EB-C091-494F-ACC1-87906D4CCDA4} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{809C77B1-840A-41C1-BB73-C54246D4BE71} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DEE8850C-9EF6-4F98-9470-C638C1031ABA} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{F216FC57-6B39-435F-8C98-D3501C351548} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\ujmir2r4.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1200112.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-03-12 23:07; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: !HIDDEN! 2011-09-21 17:28; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-12 49248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-3-12 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-3-12 368176]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-3-12 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-12 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-3-12 45248]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-6-6 22528]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-12 164736]
S3 AX88172;NETGEAR FA120 USB 2.0 Fast Ethernet Adapter;c:\windows\system32\drivers\FA120.sys [2008-1-15 14048]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 342784]
S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\sasenum.sys --> c:\program files\superantispyware\SASENUM.SYS [?]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=NOTEPAD.EXE %1
FileExt: .wsf: WSFFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2013-03-23 08:59:27 -------- d-----w- c:\program files\ESET
2013-03-23 08:54:58 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-23 08:54:58 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-21 00:35:25 -------- d-sha-r- C:\cmdcons
2013-03-21 00:33:24 256000 ----a-w- c:\windows\PEV.exe
2013-03-21 00:33:24 208896 ----a-w- c:\windows\MBR.exe
2013-03-20 03:30:37 -------- d-----w- c:\program files\Microsoft ActiveSync
2013-03-20 03:29:33 -------- d-----w- c:\windows\ShellNew
2013-03-15 23:57:14 -------- d-----w- c:\documents and settings\owner\local settings\application data\Sun
2013-03-13 07:43:48 -------- d-----w- c:\program files\Bonjour
2013-03-13 06:08:01 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-13 06:08:01 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-13 06:08:01 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-13 06:08:00 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-13 06:06:39 41664 ----a-w- c:\windows\avastSS.scr
2013-03-13 06:05:59 -------- d-----w- c:\program files\AVAST Software
2013-03-13 06:05:21 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2013-03-12 22:31:33 -------- d-----w- c:\windows\system32\Adobe
2013-03-12 22:15:09 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-12 22:15:09 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-12 22:15:08 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-12 22:14:58 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-12 21:49:09 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-03-12 21:49:02 865744 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2013-03-12 21:49:02 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2013-03-12 19:21:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-12 19:21:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-03-12 10:45:35 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2013-03-12 06:45:41 -------- d-----w- C:\Computer
2013-03-12 06:41:41 -------- d-----w- c:\program files\CCleaner
2013-03-12 05:29:25 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2013-03-12 05:29:25 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-03-12 05:29:18 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2013-03-12 05:29:18 21504 ----a-w- c:\windows\system32\hidserv.dll
2013-03-12 05:03:08 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2013-03-12 05:03:08 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
.
==================== Find3M ====================
.
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57 385024 ----a-w- c:\windows\system32\html.iec
2013-01-30 10:53:21 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:16:02 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36:58 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
.
============= FINISH: 9:15:31.07 ===============
fyi... the microsoft auto updater is stuck trying to install this update
Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597)
The installation keeps failing.
THanks :thanks:
Roger
Hi,
ESET findings will be removed as the final step a bit later.
the microsoft auto updater is stuck trying to install this update
Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597)
The installation keeps failing.
You could try to manually download that update here (http://www.microsoft.com/en-us/download/details.aspx?id=36281) to see if it worked better.
So when I check the windows updater is says updates are ready for your computer. If I shut the computer down it says it is installing update 1 of 1. But it does not actually get installed. When I tried the manual update, the windows installation process could not find the file netfx.msi.
Thanks, Roger
after above. I went to the windows update site. It found 20 other updates (all office related). I did not install them, but the auto updated picked them up. I shut the system down and it tried to install 21 updates. It appeared that all went ok, but the one still did not install. See status below. First one failed other were successful
Windows XP Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597) Monday, March 25, 2013 Microsoft Update
Office 2002/XP Security Update for Microsoft Word 2002 (KB2328360) Monday, March 25, 2013 Microsoft Update
Office 2002/XP Security Update for Microsoft Office XP (KB976380) Monday, March 25, 2013 Microsoft Update
Office 2002/XP Security Update for Access Snapshot Viewer 2002 (KB955440) Monday, March 25, 2013 Microsoft Update
Office 2002/XP Security Update for Microsoft Excel 2002 (KB2541003) Monday, March 25, 2013 Automatic Updates
Office 2002/XP Security Update for Microsoft Office XP (KB957646) Monday, March 25, 2013 Automatic Updates
Office 2002/XP Security Update for Microsoft Office 2002 (KB956464) Monday, March 25, 2013 Automatic Updates
Office 2002/XP Security Update for PowerPoint 2002 (KB905758) Monday, March 25, 2013 Automatic Updates
Office 2002/XP Security Update for Microsoft Office XP (KB2288608) Monday, March 25, 2013 Automatic Updates
Office 2002/XP Security Update for Microsoft Office XP (KB975008) Monday, March 25, 2013 Automatic Updates
Hi,
Download and run this update (http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=26). After that, run the previous one.
update successfully installed.
Thanks, Roger
Good! Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions :)
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis
Now lets uninstall ComboFix:
Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
I think we still have some bad stuff to remove. Back in response #9 you said
"ESET findings will be removed as the final step a bit later."
Then we paused to solve the issue with auto update. So do you want me to secure the system now, or do we want to take care of the bad stuff found by ESET first?
Thank you so much.... Roger
Hi,
Yes, those ESET findings should be gone after system restore has been reset and ComboFix uninstalled :)
Everything working great! Thank you!
How can I learn to remove viruses and malware manually?
Regards,
Roger
You're welcome :)
How can I learn to remove viruses and malware manually?
There're training schools that teach fighting against malware. Please have a look here (http://forums.spybot.info/showpost.php?p=66331&postcount=6).