ABnow.com Google redirect infection

diver79 · Apr 10, 2012

Hi rockmypunkk,

Do you know if it also cleaned the infections stopzilla found?

No, it hasnt cleaned out everything yet. I need to look through the logs from Combofix and DDS before we deal with them.

Ran stopzilla again and 100 of the infections are gone but 67 still remain I'll type them out and their locations

Please do not run any more scans unless instructed so here. As I said before, this can be a tricky infection to remove, if you do it wrong you can turn your computer into an expensive paper weight.

No anti-virus
Looking over your log, it seems you don't have any anti-virus software installed.
Please download and install a free anti-virus software from one these excellent vendors.

avast! Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
Microsoft Security Essentials - Free and provides real-time protection for your home PC.

Note: You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

I will post further instructions later today.

diver79

rockmypunkk · Apr 10, 2012

Okay I've installed avast av and await further instructions

diver79 · Apr 10, 2012

Hi rockmypunkk,

Please run the Combofix cfscript below and then re-run DDS. Let me know how the PC is performing after running the fix.

ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!

Please open Notepad and copy/paste all the text below... into the window:

Code:

DDS::
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - No File
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
FireFox::
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube
FF - prefs.js: keyword.URL - hxxp://flvtubesearch.co/?prt=02ff&clid=&subid=&Keywords=
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
File::
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
ADS::
C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
ClearJavaCache::

Save it to your desktop as CFScript.txt
Please disable avast! Antivirus .
Right Click on the Avast! icon in the System tray and select Avast Shields Control.
Select Disable until Computer is restarted.

Please close all open application windows.
Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:

This will cause ComboFix to run again.
Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
Do Not touch your computer when ComboFix is running!
When finished ComboFix will create a log file... you can save this file to a convenient place.

Please copy/paste the ComboFix log file in your next reply.

Next re-run DDS and post the contents of dds.txt

Let me know how the computer is performing after you run Combofix.

rockmypunkk · Apr 10, 2012

NIRCMD.exe file not found error popped up again after running combofix, and my wireless card keeps getting disabled or it fails the ARP cache clear when repairing it

ComboFix 12-04-09.05 - Chris 0/2012 Tue 16:15:07.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.1012.577 [GMT -5:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chris\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\Tasks\At1.job"
"c:\windows\Tasks\At2.job"
"c:\windows\Tasks\At3.job"
"c:\windows\Tasks\At4.job"
.
Error: Cfiles.dat
.
((((((((((((((((((((((((( Files Created from 2012-03-10 to 2012-04-10 )))))))))))))))))))))))))))))))
.
.
2012-04-10 12:29 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-10 12:29 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-10 12:29 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-04-10 12:29 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-10 12:29 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-10 12:29 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-04-10 12:29 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-04-10 12:29 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-04-10 12:26 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-10 12:25 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-10 12:24 . 2012-04-10 12:24 -------- d-----w- c:\program files\AVAST Software
2012-04-10 12:24 . 2012-04-10 12:24 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-04-04 21:50 . 2012-04-04 21:50 -------- d-----w- c:\program files\Common Files\Java
2012-04-04 21:50 . 2012-04-04 21:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-03 06:29 . 2012-01-19 15:22 42864 ----a-r- c:\windows\system32\SBBD.EXE
2012-04-03 06:29 . 2012-01-12 14:26 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-04-03 06:29 . 2012-04-03 06:29 -------- d-----w- c:\program files\STOPzilla!
2012-04-03 06:29 . 2012-04-03 06:29 -------- d-----w- c:\program files\Common Files\iS3
2012-04-03 06:29 . 2012-04-10 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2012-04-03 06:25 . 2012-04-03 06:35 -------- d-----w- c:\program files\Common Files\PC Tools
2012-04-03 06:25 . 2012-04-03 06:25 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-04-03 06:25 . 2012-04-03 06:25 -------- d-----w- c:\documents and settings\Chris\Application Data\TestApp
2012-04-03 06:05 . 2012-04-03 06:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-03 05:54 . 2012-04-03 05:54 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-03 00:02 . 2012-04-03 05:54 -------- d-----w- c:\program files\ERUNT
2012-04-02 21:59 . 2008-06-20 11:51 361600 -c----w- c:\windows\system32\dllcache\tcpip.sys
2012-04-02 17:04 . 2012-04-03 05:51 -------- d-s---w- c:\documents and settings\LocalService\UserData
2012-04-02 16:59 . 2012-04-09 21:53 -------- d-sh--w- c:\documents and settings\Chris\Local Settings\Application Data\ad7217cf
2012-04-02 06:46 . 2012-04-02 07:11 -------- d-----w- C:\UTSUSEMI
2012-04-02 02:31 . 2012-04-02 02:31 -------- d-----w- C:\NOMAD
2012-04-01 19:18 . 2012-04-01 19:21 -------- d-----w- c:\program files\ぴんくはてな
2012-04-01 19:07 . 2012-04-01 19:07 -------- d-----w- c:\program files\あかべぇそふとつぅTRY
2012-04-01 03:46 . 2012-04-01 03:46 -------- d-----w- c:\program files\アークシェル
2012-03-31 23:40 . 2012-03-31 23:40 -------- d-----w- c:\program files\DO
2012-03-31 15:31 . 2012-03-31 21:53 -------- d-----w- C:\ｱｲﾙ
2012-03-31 06:26 . 2012-04-03 05:48 -------- d-----w- c:\program files\教えてっ！おねてぃー
2012-03-31 04:36 . 2012-03-31 04:36 -------- d-----w- c:\program files\Vanadis
2012-03-31 02:58 . 2012-03-31 02:58 -------- d-----w- c:\program files\DualMage
2012-03-31 02:22 . 2012-03-31 02:24 -------- d-----w- c:\program files\euphoria
2012-03-31 02:17 . 2012-03-31 02:18 -------- d-----w- c:\documents and settings\Chris\Application Data\蠱惑の刻
2012-03-31 02:13 . 2012-03-31 02:17 -------- d-----w- c:\program files\蠱惑の刻
2012-03-30 21:46 . 2012-03-30 22:06 -------- d-----w- c:\program files\Acmeholic
2012-03-30 21:34 . 2012-03-30 21:34 -------- d-----w- c:\program files\SPEED
2012-03-30 20:42 . 2012-03-30 20:42 196616 ----a-w- c:\windows\system32\SARCheck.dll
2012-03-30 20:40 . 2012-03-30 20:45 -------- d-----w- c:\program files\ドキドキ母娘レッスン
2012-03-30 20:12 . 2012-03-30 20:12 -------- d-----w- C:\萌♂
2012-03-30 19:53 . 2012-03-30 19:53 -------- d-----w- C:\maika
2012-03-30 19:13 . 2012-03-31 00:04 -------- d-----w- c:\program files\touchable
2012-03-30 04:21 . 2012-03-30 04:21 -------- d-----w- c:\program files\Guilty
2012-03-30 02:41 . 2012-03-30 02:41 -------- d-----w- c:\program files\CLOCKUP
2012-03-30 01:53 . 2012-03-30 01:53 -------- d-----w- c:\program files\Atheros
2012-03-29 23:58 . 2001-08-17 17:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2012-03-29 23:56 . 2008-04-15 03:00 38912 -c--a-w- c:\windows\system32\dllcache\sm9aw.dll
2012-03-29 23:55 . 2001-08-17 17:50 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2012-03-29 23:55 . 2008-04-14 03:05 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
2012-03-29 23:55 . 2001-08-18 03:36 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll
2012-03-29 23:55 . 2001-08-17 17:50 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2012-03-29 23:55 . 2001-08-17 19:56 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2012-03-29 23:55 . 2001-08-17 17:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2012-03-29 23:55 . 2001-08-17 19:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2012-03-29 23:55 . 2001-08-17 17:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2012-03-29 23:55 . 2008-04-15 03:00 3901 -c--a-w- c:\windows\system32\dllcache\siint5.dll
2012-03-29 23:55 . 2012-04-03 00:37 -------- d-----w- C:\temp
2012-03-29 23:55 . 2001-07-21 19:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2012-03-29 23:54 . 2001-07-21 19:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2012-03-29 23:54 . 2001-08-17 17:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2012-03-29 23:54 . 2001-08-18 03:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2012-03-29 23:54 . 2001-08-17 17:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2012-03-29 23:54 . 2001-08-17 18:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2012-03-29 23:54 . 2001-08-17 18:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2012-03-29 23:54 . 2001-08-18 03:36 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2012-03-29 23:54 . 2001-08-17 18:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2012-03-29 23:54 . 2008-04-14 05:15 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2012-03-29 23:54 . 2001-08-17 18:52 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2012-03-29 23:54 . 2001-08-18 03:36 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2012-03-29 23:53 . 2001-08-17 18:51 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2012-03-29 23:53 . 2001-08-17 18:51 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
2012-03-29 23:53 . 2001-08-17 18:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2012-03-29 23:53 . 2001-08-17 18:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
2012-03-29 23:53 . 2008-04-15 03:00 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2012-03-29 23:53 . 2001-08-18 03:36 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
2012-03-29 23:53 . 2001-08-17 17:50 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
2012-03-29 23:53 . 2001-08-17 19:56 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
2012-03-29 23:53 . 2001-08-17 17:50 77824 -c--a-w- c:\windows\system32\dllcache\s3sav4m.sys
2012-03-29 23:53 . 2001-08-17 19:56 198400 -c--a-w- c:\windows\system32\dllcache\s3sav4.dll
2012-03-29 23:52 . 2001-08-17 17:50 61504 -c--a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2012-03-29 23:52 . 2001-08-17 19:56 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll
2012-03-29 23:52 . 2001-08-17 19:56 210496 -c--a-w- c:\windows\system32\dllcache\s3mvirge.dll
2012-03-29 23:52 . 2001-08-18 03:36 62496 -c--a-w- c:\windows\system32\dllcache\s3mtrio.dll
2012-03-29 23:52 . 2001-08-17 17:50 41216 -c--a-w- c:\windows\system32\dllcache\s3mt3d.sys
2012-03-29 23:52 . 2001-08-17 19:56 182272 -c--a-w- c:\windows\system32\dllcache\s3mt3d.dll
2012-03-29 23:52 . 2001-08-17 17:50 166720 -c--a-w- c:\windows\system32\dllcache\s3m.sys
2012-03-29 23:52 . 2001-08-17 18:57 65664 -c--a-w- c:\windows\system32\dllcache\s3legacy.sys
2012-03-29 23:52 . 2008-04-14 03:04 166912 -c--a-w- c:\windows\system32\dllcache\s3gnbm.sys
2012-03-29 23:52 . 2008-04-14 10:42 397056 -c--a-w- c:\windows\system32\dllcache\s3gnb.dll
2012-03-29 23:50 . 2001-08-18 03:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2012-03-29 23:49 . 2001-08-17 18:28 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2012-03-29 23:48 . 2001-08-17 19:07 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2012-03-29 23:48 . 2001-08-17 19:04 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
2012-03-29 23:48 . 2001-08-17 19:04 173696 -c--a-w- c:\windows\system32\dllcache\philcam2.sys
2012-03-29 23:48 . 2001-08-17 19:04 75776 -c--a-w- c:\windows\system32\dllcache\philcam1.sys
2012-03-29 23:48 . 2001-08-18 03:36 16384 -c--a-w- c:\windows\system32\dllcache\philcam1.dll
2012-03-29 23:48 . 2008-04-14 10:40 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll
2012-03-29 23:48 . 2008-04-14 05:14 28032 -c--a-w- c:\windows\system32\dllcache\perm3.sys
2012-03-29 23:48 . 2008-04-14 10:40 211584 -c--a-w- c:\windows\system32\dllcache\perm2dll.dll
2012-03-29 23:48 . 2008-04-14 05:14 27904 -c--a-w- c:\windows\system32\dllcache\perm2.sys
2012-03-29 23:48 . 2008-04-14 02:42 169984 -c--a-w- c:\windows\system32\dllcache\pcx500.sys
2012-03-29 23:48 . 2001-08-18 03:36 86016 -c--a-w- c:\windows\system32\dllcache\pctspk.exe
2012-03-29 23:48 . 2001-08-17 17:11 35328 -c--a-w- c:\windows\system32\dllcache\pcntpci5.sys
2012-03-29 23:47 . 2001-08-17 17:11 29769 -c--a-w- c:\windows\system32\dllcache\pcntn5m.sys
2012-03-29 23:47 . 2001-08-17 17:11 30282 -c--a-w- c:\windows\system32\dllcache\pcntn5hl.sys
2012-03-29 23:47 . 2001-08-17 17:12 26153 -c--a-w- c:\windows\system32\dllcache\pcmlm56.sys
2012-03-29 23:47 . 2008-04-14 03:05 29502 -c--a-w- c:\windows\system32\dllcache\pca200e.sys
2012-03-29 23:47 . 2001-08-17 17:12 30495 -c--a-w- c:\windows\system32\dllcache\pc100nds.sys
2012-03-29 23:47 . 2001-08-18 03:36 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2012-03-29 23:47 . 2001-08-18 03:36 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2012-03-29 23:47 . 2001-08-17 19:05 25216 -c--a-w- c:\windows\system32\dllcache\ovsound2.sys
2012-03-29 23:47 . 2001-08-18 03:36 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe
2012-03-29 23:47 . 2001-08-18 03:36 20480 -c--a-w- c:\windows\system32\dllcache\ovcomc.dll
2012-03-29 23:46 . 2001-08-17 19:05 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys
2012-03-29 23:46 . 2001-08-18 03:36 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
2012-03-29 23:46 . 2001-08-17 19:05 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
2012-03-29 23:46 . 2001-08-17 19:05 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
2012-03-29 23:46 . 2001-08-17 19:05 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2012-03-29 23:46 . 2001-08-17 19:05 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 21:49 . 2010-10-12 20:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 20:56 . 2009-02-23 14:59 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-24 20:28 . 2012-02-24 20:28 99728 ----a-r- c:\windows\system32\drivers\SZKG.sys
2012-02-24 20:28 . 2012-02-24 20:28 99728 ----a-r- c:\windows\system32\drivers\is3srv.sys
2012-02-23 19:09 . 2012-02-23 19:09 29008 ----a-r- c:\windows\system32\IS3XDat5.dll
2012-02-23 19:09 . 2012-02-23 19:09 390992 ----a-r- c:\windows\system32\IS3UI5.dll
2012-02-23 19:09 . 2012-02-23 19:09 231248 ----a-r- c:\windows\system32\IS3Win325.dll
2012-02-23 19:09 . 2012-02-23 19:09 100176 ----a-r- c:\windows\system32\IS3Svc5.dll
2012-02-23 19:09 . 2012-02-23 19:09 132944 ----a-r- c:\windows\system32\IS3HTUI5.dll
2012-02-23 19:09 . 2012-02-23 19:09 104272 ----a-r- c:\windows\system32\IS3Inet5.dll
2012-02-23 19:09 . 2012-02-23 19:09 67408 ----a-r- c:\windows\system32\IS3Hks5.dll
2012-02-23 19:09 . 2012-02-23 19:09 456528 ----a-r- c:\windows\system32\IS3DBA5.dll
2012-02-23 19:09 . 2012-02-23 19:09 808784 ----a-r- c:\windows\system32\IS3Base5.dll
2012-02-03 09:22 . 2008-04-15 03:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2010-06-02 10:22 . 2010-06-02 10:22 89944 ----a-w- c:\program files\DSETUP.dll
2010-06-02 10:22 . 2010-06-02 10:22 537432 ----a-w- c:\program files\DXSETUP.exe
2010-06-02 10:22 . 2010-06-02 10:22 1801048 ----a-w- c:\program files\dsetup32.dll
2012-03-13 04:39 . 2012-03-25 06:16 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-09_22.00.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2012-04-10 12:11 . 2012-04-10 12:11 16384 c:\windows\Temp\Perflib_Perfdata_664.dat
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2012-04-10 12:27 . 2012-04-10 12:27 219648 c:\windows\Installer\f0366.msi
+ 2012-04-10 12:12 . 2012-04-10 12:12 253952 c:\windows\ERDNT\AutoBackup\4-10-2012\Users\00000002\UsrClass.dat
+ 2012-04-10 12:12 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\4-10-2012\ERDNT.EXE
+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2012-04-10 12:12 . 2012-04-10 12:12 13766656 c:\windows\ERDNT\AutoBackup\4-10-2012\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\documents and settings\Chris\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-4 114688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
TPSvc.dll [BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ソ\ニア\\極楽バイパーランジェリー赤\\Bin\\VPLanRed.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Documents and Settings\\Chris\\My Documents\\Downloads\\STOPzilla_Setup.exe"=
"c:\\Program Files\\STOPzilla!\\distro-amzn-is3.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2/24/2012 3:28 PM 99728]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [3/29/2012 4:36 PM 72080]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/10/2012 7:29 AM 337880]
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files\VMLaunch\BuddyVM.sys [3/25/2009 12:56 PM 15488]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/10/2012 7:29 AM 20696]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [1/3/2011 5:10 AM 21992]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/23/2009 9:59 AM 654408]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/13/2009 8:33 PM 95200]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/23/2009 9:50 AM 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/23/2009 9:59 AM 22344]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2/24/2012 3:28 PM 99728]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/10/2012 7:29 AM 612184]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2/23/2009 1:15 AM 96856]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AAVMKER4
*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMON2
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI
*NewlyCreated* - AVAST!_ANTIVIRUS
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US

fficial
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-10 16:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-123947885-3055150098-3939964369-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\EROTICA PEACH\0j00O0・n0ﾗS纐*0^7_6R'`竡ﾛcT0qN､N^]
"Order"=hex:08,00,00,00,02,00,00,00,22,01,00,00,01,00,00,00,02,00,00,00,80,00,
00,00,00,00,00,00,72,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,60,00,36,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\經USﾔg^F0U000ｿ該e*0}vO0痂・・sYSO_0a0^]
"UninstallString"="c:\\WINDOWS\\IsUn0411.exe -f\"c:\\Program Files\\アークシェル\\口唇包柔\\koushin.isu\""
"DisplayName"="口唇包柔～うさみみ調教　白く濡れる女体たち～"
.
[HKEY_LOCAL_MACHINE\software\S*t*u*d*i*o*ｪ尻`\ｴ0ﾋ0・]
"InstalledFolder"="c:\\Studio邪恋\\ゴニン！？"
.
[HKEY_LOCAL_MACHINE\software\｢0・ｯ0ｷ0ｧ0・\經USﾔg^F0U000ｿ該e*0}vO0痂・・sYSO_0a0^\1.00.000]
"srcpath"="d:\\koushin\\"
"dstpath"="c:\\Program Files\\アークシェル\\口唇包柔"
"Version"="0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(2604)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-04-10 16:29:33
ComboFix-quarantined-files.txt 2012-04-10 21:29
ComboFix2.txt 2012-04-09 22:07

rockmypunkk · Apr 10, 2012

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_31
Run by Chris at 16:47:43 on 2012-04-10
Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.1012.358 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.msn.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - No File
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mRun: [LaunchApp] Alaunch
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\chris\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{FC95DAB5-2C4C-4702-8CED-AD0C49E9A417} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\chris\application data\mozilla\firefox\profiles\lrp7h7bg.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US

fficial
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\browser\nppdf32(2).dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2012-2-24 99728]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2012-3-29 72080]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-4-10 337880]
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files\vmlaunch\BuddyVM.sys [2009-3-25 15488]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-4-10 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-4-10 44768]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-1-3 21992]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-2-23 654408]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-10-13 95200]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-2-23 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-2-23 22344]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2012-2-24 99728]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-4-10 612184]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-2-23 96856]
.
=============== Created Last 30 ================
.
2012-04-10 21:12:06 -------- d-----w- C:\ComboFix
2012-04-10 12:29:14 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-10 12:26:08 41184 ----a-w- c:\windows\avastSS.scr
2012-04-10 12:24:39 -------- d-----w- c:\program files\AVAST Software
2012-04-10 12:24:39 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-04-09 21:31:44 -------- d-sha-r- C:\cmdcons
2012-04-09 21:29:56 98816 ----a-w- c:\windows\sed.exe
2012-04-09 21:29:56 208896 ----a-w- c:\windows\MBR.exe
2012-04-04 21:50:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-03 06:29:47 42864 ----a-r- c:\windows\system32\SBBD.EXE
2012-04-03 06:29:47 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-04-03 06:29:38 -------- d-----w- c:\program files\STOPzilla!
2012-04-03 06:29:36 -------- d-----w- c:\program files\common files\iS3
2012-04-03 06:29:35 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
2012-04-03 06:25:39 -------- d-----w- c:\program files\common files\PC Tools
2012-04-03 06:25:03 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-04-03 06:25:02 -------- d-----w- c:\documents and settings\chris\application data\TestApp
2012-04-03 06:05:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-03 05:54:22 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-04-03 05:54:22 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-02 21:59:33 361600 -c----w- c:\windows\system32\dllcache\tcpip.sys
2012-04-02 16:59:25 -------- d-sh--w- c:\documents and settings\chris\local settings\application data\ad7217cf
2012-04-02 06:46:29 -------- d-----w- C:\UTSUSEMI
2012-04-02 02:31:02 -------- d-----w- C:\NOMAD
2012-04-01 19:18:06 -------- d-----w- c:\program files\ぴんくはてな
2012-04-01 19:07:44 -------- d-----w- c:\program files\あかべぇそふとつぅTRY
2012-04-01 03:46:15 -------- d-----w- c:\program files\アークシェル
2012-03-31 23:40:13 -------- d-----w- c:\program files\DO
2012-03-31 15:31:03 -------- d-----w- C:\ｱｲﾙ
2012-03-31 06:26:39 -------- d-----w- c:\program files\教えてっ！おねてぃー
2012-03-31 04:36:39 -------- d-----w- c:\program files\Vanadis
2012-03-31 02:58:20 -------- d-----w- c:\program files\DualMage
2012-03-31 02:22:04 -------- d-----w- c:\program files\euphoria
2012-03-31 02:17:36 -------- d-----w- c:\documents and settings\chris\application data\蠱惑の刻
2012-03-31 02:13:10 -------- d-----w- c:\program files\蠱惑の刻
2012-03-30 21:46:33 -------- d-----w- c:\program files\Acmeholic
2012-03-30 21:34:55 -------- d-----w- c:\program files\SPEED
2012-03-30 20:42:54 196616 ----a-w- c:\windows\system32\SARCheck.dll
2012-03-30 20:40:02 -------- d-----w- c:\program files\ドキドキ母娘レッスン
2012-03-30 20:12:38 -------- d-----w- C:\萌♂
2012-03-30 19:53:25 -------- d-----w- C:\maika
2012-03-30 19:13:04 -------- d-----w- c:\program files\touchable
2012-03-30 04:21:50 -------- d-----w- c:\program files\Guilty
2012-03-30 02:41:47 -------- d-----w- c:\program files\CLOCKUP
2012-03-30 01:53:23 -------- d-----w- c:\program files\Atheros
2012-03-29 23:58:08 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2012-03-29 23:56:55 38912 -c--a-w- c:\windows\system32\dllcache\sm9aw.dll
2012-03-29 23:55:59 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2012-03-29 23:55:57 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
2012-03-29 23:55:50 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll
2012-03-29 23:55:43 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2012-03-29 23:55:36 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2012-03-29 23:55:29 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2012-03-29 23:55:22 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2012-03-29 23:55:15 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2012-03-29 23:55:14 3901 -c--a-w- c:\windows\system32\dllcache\siint5.dll
2012-03-29 23:55:13 -------- d-----w- C:\temp
2012-03-29 23:55:03 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2012-03-29 23:54:56 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2012-03-29 23:54:50 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2012-03-29 23:54:43 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2012-03-29 23:54:36 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2012-03-29 23:54:28 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2012-03-29 23:54:22 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2012-03-29 23:54:21 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2012-03-29 23:54:14 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2012-03-29 23:54:13 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2012-03-29 23:54:06 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2012-03-29 23:54:05 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2012-03-29 23:53:58 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2012-03-29 23:53:51 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
2012-03-29 23:53:44 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2012-03-29 23:53:37 23936 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
2012-03-29 23:53:36 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2012-03-29 23:53:29 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
2012-03-29 23:53:21 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
2012-03-29 23:53:15 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
2012-03-29 23:53:08 77824 -c--a-w- c:\windows\system32\dllcache\s3sav4m.sys
2012-03-29 23:53:01 198400 -c--a-w- c:\windows\system32\dllcache\s3sav4.dll
2012-03-29 23:52:54 61504 -c--a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2012-03-29 23:52:47 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll
2012-03-29 23:52:41 210496 -c--a-w- c:\windows\system32\dllcache\s3mvirge.dll
2012-03-29 23:52:34 62496 -c--a-w- c:\windows\system32\dllcache\s3mtrio.dll
2012-03-29 23:52:27 41216 -c--a-w- c:\windows\system32\dllcache\s3mt3d.sys
2012-03-29 23:52:21 182272 -c--a-w- c:\windows\system32\dllcache\s3mt3d.dll
2012-03-29 23:52:14 166720 -c--a-w- c:\windows\system32\dllcache\s3m.sys
2012-03-29 23:52:07 65664 -c--a-w- c:\windows\system32\dllcache\s3legacy.sys
2012-03-29 23:52:06 166912 -c--a-w- c:\windows\system32\dllcache\s3gnbm.sys
2012-03-29 23:52:05 397056 -c--a-w- c:\windows\system32\dllcache\s3gnb.dll
2012-03-29 23:50:57 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2012-03-29 23:49:59 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2012-03-29 23:48:57 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2012-03-29 23:48:51 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
2012-03-29 23:48:45 173696 -c--a-w- c:\windows\system32\dllcache\philcam2.sys
2012-03-29 23:48:38 75776 -c--a-w- c:\windows\system32\dllcache\philcam1.sys
2012-03-29 23:48:32 16384 -c--a-w- c:\windows\system32\dllcache\philcam1.dll
2012-03-29 23:48:24 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll
2012-03-29 23:48:23 28032 -c--a-w- c:\windows\system32\dllcache\perm3.sys
2012-03-29 23:48:22 211584 -c--a-w- c:\windows\system32\dllcache\perm2dll.dll
2012-03-29 23:48:21 27904 -c--a-w- c:\windows\system32\dllcache\perm2.sys
2012-03-29 23:48:19 169984 -c--a-w- c:\windows\system32\dllcache\pcx500.sys
2012-03-29 23:48:12 86016 -c--a-w- c:\windows\system32\dllcache\pctspk.exe
2012-03-29 23:48:06 35328 -c--a-w- c:\windows\system32\dllcache\pcntpci5.sys
2012-03-29 23:47:59 29769 -c--a-w- c:\windows\system32\dllcache\pcntn5m.sys
2012-03-29 23:47:53 30282 -c--a-w- c:\windows\system32\dllcache\pcntn5hl.sys
2012-03-29 23:47:46 26153 -c--a-w- c:\windows\system32\dllcache\pcmlm56.sys
2012-03-29 23:47:45 29502 -c--a-w- c:\windows\system32\dllcache\pca200e.sys
2012-03-29 23:47:39 30495 -c--a-w- c:\windows\system32\dllcache\pc100nds.sys
2012-03-29 23:47:31 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2012-03-29 23:47:25 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2012-03-29 23:47:18 25216 -c--a-w- c:\windows\system32\dllcache\ovsound2.sys
2012-03-29 23:47:12 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe
2012-03-29 23:47:05 20480 -c--a-w- c:\windows\system32\dllcache\ovcomc.dll
2012-03-29 23:46:59 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys
2012-03-29 23:46:52 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
2012-03-29 23:46:46 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
2012-03-29 23:46:40 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
2012-03-29 23:46:33 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2012-03-29 23:46:27 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2012-03-29 23:46:20 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2012-03-29 23:46:14 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2012-03-29 23:46:07 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2012-03-29 23:46:01 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2012-03-29 23:44:53 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2012-03-29 23:44:51 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2012-03-29 23:44:42 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2012-03-29 23:44:34 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2012-03-29 23:44:28 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2012-03-29 23:44:21 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys
2012-03-29 23:44:13 91488 -c--a-w- c:\windows\system32\dllcache\n9i3disp.dll
2012-03-29 23:44:07 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys
2012-03-29 23:44:01 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys
2012-03-29 23:43:55 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll
2012-03-29 23:43:48 13664 -c--a-w- c:\windows\system32\dllcache\n9i128.sys
2012-03-29 23:43:43 35392 -c--a-w- c:\windows\system32\dllcache\n9i128.dll
2012-03-29 23:43:37 128000 -c--a-w- c:\windows\system32\dllcache\n100325.sys
2012-03-29 23:43:31 52255 -c--a-w- c:\windows\system32\dllcache\n1000nt5.sys
2012-03-29 23:43:25 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2012-03-29 23:43:18 7168 -c--a-w- c:\windows\system32\dllcache\mxport.dll
2012-03-29 23:43:13 19968 -c--a-w- c:\windows\system32\dllcache\mxnic.sys
2012-03-29 23:43:08 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll
2012-03-29 23:43:02 21888 -c--a-w- c:\windows\system32\dllcache\mxcard.sys
2012-03-29 23:43:01 12672 -c--a-w- c:\windows\system32\dllcache\mutohpen.sys
2012-03-29 23:41:58 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2012-03-29 23:41:38 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2012-03-29 23:41:30 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2012-03-29 23:41:29 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2012-03-29 23:41:28 34304 -c--a-w- c:\windows\system32\dllcache\migisol.exe
2012-03-29 23:41:22 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2012-03-29 23:41:16 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2012-03-29 23:41:15 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2012-03-29 23:41:15 92032 -c--a-w- c:\windows\system32\dllcache\mga.dll
2012-03-29 23:41:14 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2012-03-29 23:41:08 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2012-03-29 23:41:02 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2012-03-29 23:39:55 727786 -c--a-w- c:\windows\system32\dllcache\ltck000c.sys
2012-03-29 23:39:49 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
2012-03-29 23:39:42 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2012-03-29 23:39:37 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2012-03-29 23:39:31 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
2012-03-29 23:39:31 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2012-03-29 23:39:25 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2012-03-29 23:39:25 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2012-03-29 23:39:19 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2012-03-29 23:39:13 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2012-03-29 23:39:07 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2012-03-29 23:39:05 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2012-03-29 23:39:03 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2012-03-29 23:37:59 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2012-03-29 23:37:53 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
2012-03-29 23:37:48 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
2012-03-29 23:37:43 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
2012-03-29 23:37:37 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2012-03-29 23:37:32 61952 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll
2012-03-29 23:37:27 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
2012-03-29 23:37:21 26624 -c--a-w- c:\windows\system32\dllcache\icam3ext.dll
2012-03-29 23:37:16 141056 -c--a-w- c:\windows\system32\dllcache\icam3.sys
2012-03-29 23:37:11 38528 -c--a-w- c:\windows\system32\dllcache\ibmvcap.sys
2012-03-29 23:37:06 109085 -c--a-w- c:\windows\system32\dllcache\ibmtrp.sys
2012-03-29 23:37:01 100936 -c--a-w- c:\windows\system32\dllcache\ibmtok.sys
2012-03-29 23:35:55 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys
2012-03-29 23:35:51 9759 -c--a-w- c:\windows\system32\dllcache\hsf_inst.dll
2012-03-29 23:35:46 115807 -c--a-w- c:\windows\system32\dllcache\hsf_fsks.sys
2012-03-29 23:35:41 199711 -c--a-w- c:\windows\system32\dllcache\hsf_faxx.sys
2012-03-29 23:35:35 289887 -c--a-w- c:\windows\system32\dllcache\hsf_fall.sys
2012-03-29 23:35:30 67167 -c--a-w- c:\windows\system32\dllcache\hsf_bsc2.sys
2012-03-29 23:35:25 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys
2012-03-29 23:35:20 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2012-03-29 23:35:15 5760 -c--a-w- c:\windows\system32\dllcache\hpt4qic.sys
2012-03-29 23:35:10 13312 -c--a-w- c:\windows\system32\dllcache\hpsjmcro.dll
2012-03-29 23:35:06 324608 -c--a-w- c:\windows\system32\dllcache\hpojwia.dll
2012-03-29 23:35:01 32768 -c--a-w- c:\windows\system32\dllcache\hpgtmcro.dll
2012-03-29 23:33:56 8576 -c--a-w- c:\windows\system32\dllcache\hidgame.sys
2012-03-29 23:32:57 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2012-03-29 23:31:58 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys
2012-03-29 23:30:59 61952 -c--a-w- c:\windows\system32\dllcache\eqnloop.exe
2012-03-29 23:29:57 634134 -c--a-w- c:\windows\system32\dllcache\el656ct5.sys
2012-03-29 23:28:59 37962 -c--a-w- c:\windows\system32\dllcache\divaprop.dll
2012-03-29 23:27:57 7424 -c--a-w- c:\windows\system32\dllcache\ddsmc.sys
2012-03-29 23:26:58 42112 -c--a-w- c:\windows\system32\dllcache\crtaud.sys
2012-03-29 23:25:58 74240 -c--a-w- c:\windows\system32\dllcache\camexo20.dll
2012-03-29 23:24:59 342336 -c--a-w- c:\windows\system32\dllcache\banshee.dll
2012-03-29 23:23:59 327040 -c--a-w- c:\windows\system32\dllcache\ati2mtaa.sys
2012-03-29 23:22:57 32827 -c--a-w- c:\windows\system32\dllcache\tcptest.exe
2012-03-29 23:13:24 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2012-03-29 23:13:24 18944 ----a-w- c:\windows\system32\simptcp.dll
2012-03-29 23:12:32 18944 -c--a-w- c:\windows\system32\dllcache\lprmon.dll
2012-03-29 23:12:32 18944 ----a-w- c:\windows\system32\lprmon.dll
2012-03-29 23:12:31 22528 -c--a-w- c:\windows\system32\dllcache\lpdsvc.dll
2012-03-29 23:12:31 22528 ----a-w- c:\windows\system32\lpdsvc.dll
2012-03-29 22:15:45 -------- d-----w- C:\CLOCKUP
2012-03-29 21:59:36 23376 ----a-r- c:\windows\system32\SZIO5.dll
2012-03-29 21:59:24 546640 ----a-r- c:\windows\system32\SZComp5.dll
2012-03-29 21:59:18 481104 ----a-r- c:\windows\system32\SZBase5.dll
2012-03-29 21:36:48 72080 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
2012-03-29 20:57:43 -------- d-----w- c:\program files\eclipse
2012-03-26 03:07:01 -------- d-----w- c:\program files\TinkerBell
2012-03-25 07:04:30 -------- d-----w- c:\program files\ソニア
2012-03-25 06:13:51 3072 ------w- c:\windows\system32\iacenc.dll
.
==================== Find3M ====================
.
2012-04-04 21:49:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-24 20:28:26 99728 ----a-r- c:\windows\system32\drivers\SZKG.sys
2012-02-24 20:28:26 99728 ----a-r- c:\windows\system32\drivers\is3srv.sys
2012-02-23 19:09:44 29008 ----a-r- c:\windows\system32\IS3XDat5.dll
2012-02-23 19:09:42 390992 ----a-r- c:\windows\system32\IS3UI5.dll
2012-02-23 19:09:42 231248 ----a-r- c:\windows\system32\IS3Win325.dll
2012-02-23 19:09:40 100176 ----a-r- c:\windows\system32\IS3Svc5.dll
2012-02-23 19:09:34 132944 ----a-r- c:\windows\system32\IS3HTUI5.dll
2012-02-23 19:09:34 104272 ----a-r- c:\windows\system32\IS3Inet5.dll
2012-02-23 19:09:32 67408 ----a-r- c:\windows\system32\IS3Hks5.dll
2012-02-23 19:09:32 456528 ----a-r- c:\windows\system32\IS3DBA5.dll
2012-02-23 19:09:30 808784 ----a-r- c:\windows\system32\IS3Base5.dll
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2010-06-02 10:22:02 89944 ----a-w- c:\program files\DSETUP.dll
2010-06-02 10:22:02 537432 ----a-w- c:\program files\DXSETUP.exe
2010-06-02 10:22:02 1801048 ----a-w- c:\program files\dsetup32.dll
.
============= FINISH: 16:48:57.57 ===============

rockmypunkk · Apr 10, 2012

dds attach log

diver79 · Apr 10, 2012

Hi rockmypunkk,

Try the following in relation to the wireless connection issue.

Click on Start > Run
Type cmd and press enter.
At the prompt type ipconfig/flushdns and press Enter.
Now type netsh interface ip delete arpcache and press enter.

Now try repairing the adaptor and see if it works.

Next we will check for additional infections with ESET's Online scanner.

ESET Online Scanner:
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your Avast! Anti-Virus.

Disable Antivirus

Right Click on the Avast! icon in the System tray and select Avast Shields Control.
Select Disable until Computer is restarted.

Please go here to run the scan.

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

Click to expand...
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on:
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

rockmypunkk · Apr 11, 2012

Okay flushing the dns didn't work it's still failing at the same spot for repairing the connection, and sorry that took so long I didn't think it would take 2 hours

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=501cac3573c1eb479ed66d34cc5fa4fa
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-10 10:43:36
# local_time=2012-04-10 05:43:36 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=9833
# found=2
# cleaned=0
# scan_time=1533
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Cache(3)\3C4BBE48d01 JS/Exploit.Agent.NBQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Cache(4)\8466DE95d01 JS/Exploit.Agent.NBU trojan (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=501cac3573c1eb479ed66d34cc5fa4fa
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-11 12:25:52
# local_time=2012-04-10 07:25:52 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=67714
# found=13
# cleaned=0
# scan_time=6021
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Cache(3)\3C4BBE48d01 JS/Exploit.Agent.NBQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Cache(4)\8466DE95d01 JS/Exploit.Agent.NBU trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP550\A0208398.exe probably a variant of Win32/Agent.JXWYDNA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP552\A0209457.exe probably a variant of Win32/Agent.JXWYDNA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP557\A0210977.dll a variant of Win32/Kryptik.WRL trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP576\A0222048.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP576\A0222096.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP578\A0222135.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP579\A0222473.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP580\A0222537.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP581\A0222671.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP583\A0224711.dll Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP589\A0228665.dll a variant of Win32/Kryptik.WRL trojan (unable to clean) 0000000000000000000000000000000

diver79 · Apr 11, 2012

Hi rockmypunkk,

Logs are looking good, only a couple of items to remove now. See instructions below to run the OTL script and the MiniToolBox report.

Besides the wireless connection issue are you having any other problems?

Run OTL Script
We need to run an OTL Fix

Double-click OTL.exe to start the program.

Copy and Paste the following code into the

textbox. Do not include the word Code

Code:

:files
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Cache(3)\3C4BBE48d01	
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Cache(4)\8466DE95d01
:commands
[EMPTYTEMP]
[CREATERESTOREPOINT]

Then click the Run Fix button at the top.
Click

.
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

MiniToolBox
Please download MiniToolBox© by farbar and save it to your desktop. Click here.

Double click on MiniToolBox.exe to run it.
Please check (tick) the following options:
- Flush DNS
- List IP Configuration
- List Winsock Entries
- List Last 10 Event Viewer Errors
- List Devices (Only Problems)
Click on the GO button. A log will open.
Please post the contents of this log. It can also be found on the desktop as Result.txt.

rockmypunkk · Apr 11, 2012

Is it normal for OTL to become unresponsive while killing tasks? Its been like that for 10 minutes i closed all open programs and disabled avast teatimer and mbam

diver79 · Apr 11, 2012

This can sometimes happen if you have malwarebytes realtiime protection turned on. Try disabling realtime protection and also temporarily disable avast as before.

Disable MBAM Real-Time protection

Right-click on the MBAM icon in the System Tray and uncheck Enable Protection.
When asked, "Are you sure you want to disable the MBAM Protection Module?", click Yes.
Right-click on the MBAM icon again and then uncheck Start with Windows.
Restart your computer for the changes to take effect.

diver79 · Apr 11, 2012

My apologies, I missed where you said you had disabled mbam and avast.

Let me check though your list of installed programs to see what else may be causing it.

diver79 · Apr 11, 2012

Be sure to follow the above mbam instructions, then follow the below instructions and make sure to reboot the computer before attempting the OTL fix again.

Disable Stopzilla

Right-click the "Stopzilla" icon in the system tray next to the clock. Click "Disable Real Time Protection" radio button under Spyware Protection.
Select "Disable" under Pop-up Protection. Uncheck the "Auto-enable Stopzilla whenever my computer starts".
Click "OK" to save the changes.

rockmypunkk · Apr 11, 2012

Same problem it freezes as soon as the killing processes phase starts

diver79 · Apr 11, 2012

OK, we know combofix is working so we will use that. See instructions below and then follow the MiniToolBox instructions in the earlier post.

ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!

Please open Notepad and copy/paste all the text below... into the window:

Code:

file::
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Cache(3)\3C4BBE48d01	
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Cache(4)\8466DE95d01

Save it to your desktop as CFScript.txt
Please disable avast! Antivirus .
Right Click on the Avast! icon in the System tray and select Avast Shields Control.
Select Disable until Computer is restarted.

Please close all open application windows.
Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:

This will cause ComboFix to run again.
Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
Do Not touch your computer when ComboFix is running!
When finished ComboFix will create a log file... you can save this file to a convenient place.

Please copy/paste the ComboFix log file in your next reply.

rockmypunkk · Apr 11, 2012

ComboFix 12-04-09.05 - Chris 1/2012 Wed 13:37:24.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.1012.501 [GMT -5:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chris\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Cache(3)\3C4BBE48d01"
"c:\documents and settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Cache(4)\8466DE95d01"
.
Error: Cfiles.dat
.
((((((((((((((((((((((((( Files Created from 2012-03-11 to 2012-04-11 )))))))))))))))))))))))))))))))
.
.
2012-04-11 16:34 . 2012-04-11 16:34 -------- d-----w- C:\_OTL
2012-04-10 12:29 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-10 12:29 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-10 12:29 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-04-10 12:29 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-10 12:29 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-10 12:29 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-04-10 12:29 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-04-10 12:29 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-04-10 12:26 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-10 12:25 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-10 12:24 . 2012-04-10 12:24 -------- d-----w- c:\program files\AVAST Software
2012-04-10 12:24 . 2012-04-10 12:24 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-04-04 21:50 . 2012-04-04 21:50 -------- d-----w- c:\program files\Common Files\Java
2012-04-04 21:50 . 2012-04-04 21:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-03 06:29 . 2012-01-19 15:22 42864 ----a-r- c:\windows\system32\SBBD.EXE
2012-04-03 06:29 . 2012-01-12 14:26 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-04-03 06:29 . 2012-04-03 06:29 -------- d-----w- c:\program files\Common Files\iS3
2012-04-03 06:25 . 2012-04-03 06:35 -------- d-----w- c:\program files\Common Files\PC Tools
2012-04-03 06:25 . 2012-04-03 06:25 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-04-03 06:25 . 2012-04-03 06:25 -------- d-----w- c:\documents and settings\Chris\Application Data\TestApp
2012-04-03 06:05 . 2012-04-03 06:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-03 05:54 . 2012-04-03 05:54 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-03 00:02 . 2012-04-03 05:54 -------- d-----w- c:\program files\ERUNT
2012-04-02 21:59 . 2008-06-20 11:51 361600 -c----w- c:\windows\system32\dllcache\tcpip.sys
2012-04-02 17:04 . 2012-04-03 05:51 -------- d-s---w- c:\documents and settings\LocalService\UserData
2012-04-02 16:59 . 2012-04-09 21:53 -------- d-sh--w- c:\documents and settings\Chris\Local Settings\Application Data\ad7217cf
2012-04-02 06:46 . 2012-04-02 07:11 -------- d-----w- C:\UTSUSEMI
2012-04-02 02:31 . 2012-04-02 02:31 -------- d-----w- C:\NOMAD
2012-04-01 19:18 . 2012-04-01 19:21 -------- d-----w- c:\program files\ぴんくはてな
2012-04-01 19:07 . 2012-04-01 19:07 -------- d-----w- c:\program files\あかべぇそふとつぅTRY
2012-04-01 03:46 . 2012-04-01 03:46 -------- d-----w- c:\program files\アークシェル
2012-03-31 23:40 . 2012-03-31 23:40 -------- d-----w- c:\program files\DO
2012-03-31 15:31 . 2012-03-31 21:53 -------- d-----w- C:\ｱｲﾙ
2012-03-31 06:26 . 2012-04-03 05:48 -------- d-----w- c:\program files\教えてっ！おねてぃー
2012-03-31 04:36 . 2012-03-31 04:36 -------- d-----w- c:\program files\Vanadis
2012-03-31 02:58 . 2012-03-31 02:58 -------- d-----w- c:\program files\DualMage
2012-03-31 02:22 . 2012-03-31 02:24 -------- d-----w- c:\program files\euphoria
2012-03-31 02:17 . 2012-03-31 02:18 -------- d-----w- c:\documents and settings\Chris\Application Data\蠱惑の刻
2012-03-31 02:13 . 2012-04-11 13:43 -------- d-----w- c:\program files\蠱惑の刻
2012-03-30 21:46 . 2012-03-30 22:06 -------- d-----w- c:\program files\Acmeholic
2012-03-30 21:34 . 2012-03-30 21:34 -------- d-----w- c:\program files\SPEED
2012-03-30 20:42 . 2012-03-30 20:42 196616 ----a-w- c:\windows\system32\SARCheck.dll
2012-03-30 20:40 . 2012-03-30 20:45 -------- d-----w- c:\program files\ドキドキ母娘レッスン
2012-03-30 20:12 . 2012-03-30 20:12 -------- d-----w- C:\萌♂
2012-03-30 19:53 . 2012-03-30 19:53 -------- d-----w- C:\maika
2012-03-30 19:13 . 2012-03-31 00:04 -------- d-----w- c:\program files\touchable
2012-03-30 04:21 . 2012-03-30 04:21 -------- d-----w- c:\program files\Guilty
2012-03-30 02:41 . 2012-03-30 02:41 -------- d-----w- c:\program files\CLOCKUP
2012-03-30 01:53 . 2012-03-30 01:53 -------- d-----w- c:\program files\Atheros
2012-03-29 23:58 . 2001-08-17 17:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2012-03-29 23:56 . 2008-04-15 03:00 38912 -c--a-w- c:\windows\system32\dllcache\sm9aw.dll
2012-03-29 23:55 . 2001-08-17 17:50 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2012-03-29 23:55 . 2008-04-14 03:05 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
2012-03-29 23:55 . 2001-08-18 03:36 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll
2012-03-29 23:55 . 2001-08-17 17:50 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2012-03-29 23:55 . 2001-08-17 19:56 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2012-03-29 23:55 . 2001-08-17 17:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2012-03-29 23:55 . 2001-08-17 19:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2012-03-29 23:55 . 2001-08-17 17:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2012-03-29 23:55 . 2008-04-15 03:00 3901 -c--a-w- c:\windows\system32\dllcache\siint5.dll
2012-03-29 23:55 . 2012-04-03 00:37 -------- d-----w- C:\temp
2012-03-29 23:55 . 2001-07-21 19:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2012-03-29 23:54 . 2001-07-21 19:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2012-03-29 23:54 . 2001-08-17 17:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2012-03-29 23:54 . 2001-08-18 03:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2012-03-29 23:54 . 2001-08-17 17:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2012-03-29 23:54 . 2001-08-17 18:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2012-03-29 23:54 . 2001-08-17 18:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2012-03-29 23:54 . 2001-08-18 03:36 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2012-03-29 23:54 . 2001-08-17 18:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2012-03-29 23:54 . 2008-04-14 05:15 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2012-03-29 23:54 . 2001-08-17 18:52 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2012-03-29 23:54 . 2001-08-18 03:36 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2012-03-29 23:53 . 2001-08-17 18:51 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2012-03-29 23:53 . 2001-08-17 18:51 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
2012-03-29 23:53 . 2001-08-17 18:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2012-03-29 23:53 . 2001-08-17 18:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
2012-03-29 23:53 . 2008-04-15 03:00 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2012-03-29 23:53 . 2001-08-18 03:36 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
2012-03-29 23:53 . 2001-08-17 17:50 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
2012-03-29 23:53 . 2001-08-17 19:56 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
2012-03-29 23:53 . 2001-08-17 17:50 77824 -c--a-w- c:\windows\system32\dllcache\s3sav4m.sys
2012-03-29 23:53 . 2001-08-17 19:56 198400 -c--a-w- c:\windows\system32\dllcache\s3sav4.dll
2012-03-29 23:52 . 2001-08-17 17:50 61504 -c--a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2012-03-29 23:52 . 2001-08-17 19:56 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll
2012-03-29 23:52 . 2001-08-17 19:56 210496 -c--a-w- c:\windows\system32\dllcache\s3mvirge.dll
2012-03-29 23:52 . 2001-08-18 03:36 62496 -c--a-w- c:\windows\system32\dllcache\s3mtrio.dll
2012-03-29 23:52 . 2001-08-17 17:50 41216 -c--a-w- c:\windows\system32\dllcache\s3mt3d.sys
2012-03-29 23:52 . 2001-08-17 19:56 182272 -c--a-w- c:\windows\system32\dllcache\s3mt3d.dll
2012-03-29 23:52 . 2001-08-17 17:50 166720 -c--a-w- c:\windows\system32\dllcache\s3m.sys
2012-03-29 23:52 . 2001-08-17 18:57 65664 -c--a-w- c:\windows\system32\dllcache\s3legacy.sys
2012-03-29 23:52 . 2008-04-14 03:04 166912 -c--a-w- c:\windows\system32\dllcache\s3gnbm.sys
2012-03-29 23:52 . 2008-04-14 10:42 397056 -c--a-w- c:\windows\system32\dllcache\s3gnb.dll
2012-03-29 23:50 . 2001-08-18 03:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2012-03-29 23:49 . 2001-08-17 18:28 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2012-03-29 23:48 . 2001-08-17 19:07 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2012-03-29 23:48 . 2001-08-17 19:04 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
2012-03-29 23:48 . 2001-08-17 19:04 173696 -c--a-w- c:\windows\system32\dllcache\philcam2.sys
2012-03-29 23:48 . 2001-08-17 19:04 75776 -c--a-w- c:\windows\system32\dllcache\philcam1.sys
2012-03-29 23:48 . 2001-08-18 03:36 16384 -c--a-w- c:\windows\system32\dllcache\philcam1.dll
2012-03-29 23:48 . 2008-04-14 10:40 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll
2012-03-29 23:48 . 2008-04-14 05:14 28032 -c--a-w- c:\windows\system32\dllcache\perm3.sys
2012-03-29 23:48 . 2008-04-14 10:40 211584 -c--a-w- c:\windows\system32\dllcache\perm2dll.dll
2012-03-29 23:48 . 2008-04-14 05:14 27904 -c--a-w- c:\windows\system32\dllcache\perm2.sys
2012-03-29 23:48 . 2008-04-14 02:42 169984 -c--a-w- c:\windows\system32\dllcache\pcx500.sys
2012-03-29 23:48 . 2001-08-18 03:36 86016 -c--a-w- c:\windows\system32\dllcache\pctspk.exe
2012-03-29 23:48 . 2001-08-17 17:11 35328 -c--a-w- c:\windows\system32\dllcache\pcntpci5.sys
2012-03-29 23:47 . 2001-08-17 17:11 29769 -c--a-w- c:\windows\system32\dllcache\pcntn5m.sys
2012-03-29 23:47 . 2001-08-17 17:11 30282 -c--a-w- c:\windows\system32\dllcache\pcntn5hl.sys
2012-03-29 23:47 . 2001-08-17 17:12 26153 -c--a-w- c:\windows\system32\dllcache\pcmlm56.sys
2012-03-29 23:47 . 2008-04-14 03:05 29502 -c--a-w- c:\windows\system32\dllcache\pca200e.sys
2012-03-29 23:47 . 2001-08-17 17:12 30495 -c--a-w- c:\windows\system32\dllcache\pc100nds.sys
2012-03-29 23:47 . 2001-08-18 03:36 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2012-03-29 23:47 . 2001-08-18 03:36 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2012-03-29 23:47 . 2001-08-17 19:05 25216 -c--a-w- c:\windows\system32\dllcache\ovsound2.sys
2012-03-29 23:47 . 2001-08-18 03:36 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe
2012-03-29 23:47 . 2001-08-18 03:36 20480 -c--a-w- c:\windows\system32\dllcache\ovcomc.dll
2012-03-29 23:46 . 2001-08-17 19:05 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys
2012-03-29 23:46 . 2001-08-18 03:36 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
2012-03-29 23:46 . 2001-08-17 19:05 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
2012-03-29 23:46 . 2001-08-17 19:05 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
2012-03-29 23:46 . 2001-08-17 19:05 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2012-03-29 23:46 . 2001-08-17 19:05 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2012-03-29 23:46 . 2001-08-17 18:28 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 21:49 . 2010-10-12 20:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 20:56 . 2009-02-23 14:59 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-03 09:22 . 2008-04-15 03:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2010-06-02 10:22 . 2010-06-02 10:22 89944 ----a-w- c:\program files\DSETUP.dll
2010-06-02 10:22 . 2010-06-02 10:22 537432 ----a-w- c:\program files\DXSETUP.exe
2010-06-02 10:22 . 2010-06-02 10:22 1801048 ----a-w- c:\program files\dsetup32.dll
2012-03-13 04:39 . 2012-03-25 06:16 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-09_22.00.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2012-04-11 17:58 . 2012-04-11 17:58 16384 c:\windows\Temp\Perflib_Perfdata_730.dat
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2012-04-10 12:27 . 2012-04-10 12:27 219648 c:\windows\Installer\f0366.msi
+ 2012-04-11 13:38 . 2012-04-11 13:38 253952 c:\windows\ERDNT\AutoBackup\4-11-2012\Users\00000002\UsrClass.dat
+ 2012-04-11 13:38 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\4-11-2012\ERDNT.EXE
+ 2012-04-10 12:12 . 2012-04-10 12:12 253952 c:\windows\ERDNT\AutoBackup\4-10-2012\Users\00000002\UsrClass.dat
+ 2012-04-10 12:12 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\4-10-2012\ERDNT.EXE
+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2012-04-11 13:38 . 2012-04-11 13:38 13766656 c:\windows\ERDNT\AutoBackup\4-11-2012\Users\00000001\ntuser.dat
+ 2012-04-10 12:12 . 2012-04-10 12:12 13766656 c:\windows\ERDNT\AutoBackup\4-10-2012\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\documents and settings\Chris\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-4 114688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
TPSvc.dll [BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\ソ\ニア\\極楽バイパーランジェリー赤\\Bin\\VPLanRed.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Documents and Settings\\Chris\\My Documents\\Downloads\\STOPzilla_Setup.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/10/2012 7:29 AM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/10/2012 7:29 AM 337880]
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files\VMLaunch\BuddyVM.sys [3/25/2009 12:56 PM 15488]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/10/2012 7:29 AM 20696]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [1/3/2011 5:10 AM 21992]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/23/2009 9:59 AM 654408]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/13/2009 8:33 PM 95200]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/23/2009 9:50 AM 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/23/2009 9:59 AM 22344]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2/23/2009 1:15 AM 96856]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US

fficial
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-UltraISO_is1 - c:\program files\UltraISO\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-11 13:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-123947885-3055150098-3939964369-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\EROTICA PEACH\0j00O0・n0ﾗS纐*0^7_6R'`竡ﾛcT0qN､N^]
"Order"=hex:08,00,00,00,02,00,00,00,22,01,00,00,01,00,00,00,02,00,00,00,80,00,
00,00,00,00,00,00,72,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,60,00,36,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\經USﾔg^F0U000ｿ該e*0}vO0痂・・sYSO_0a0^]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,10,b2,29,00,00,00,00,5e,8b,83,
cb,72,17,cd,01,05,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\經USﾔg^F0U000ｿ該e*0}vO0痂・・sYSO_0a0^]
"UninstallString"="c:\\WINDOWS\\IsUn0411.exe -f\"c:\\Program Files\\アークシェル\\口唇包柔\\koushin.isu\""
"DisplayName"="口唇包柔～うさみみ調教　白く濡れる女体たち～"
.
[HKEY_LOCAL_MACHINE\software\S*t*u*d*i*o*ｪ尻`\ｴ0ﾋ0・]
"InstalledFolder"="c:\\Studio邪恋\\ゴニン！？"
.
[HKEY_LOCAL_MACHINE\software\｢0・ｯ0ｷ0ｧ0・\經USﾔg^F0U000ｿ該e*0}vO0痂・・sYSO_0a0^\1.00.000]
"srcpath"="d:\\koushin\\"
"dstpath"="c:\\Program Files\\アークシェル\\口唇包柔"
"Version"="0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3176)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-04-11 13:54:57
ComboFix-quarantined-files.txt 2012-04-11 18:54
ComboFix2.txt 2012-04-10 21:29
ComboFix3.txt 2012-04-09 22:07
.
Pre-Run: 20,287,537,152 bytes free
Post-Run: 22,711,504,896 bytes free
.
- - End Of File - - 2035B0157BE9067833C4A41D2ABF4442

diver79 · Apr 11, 2012

Please run minitoolbox now.

MiniToolBox
Please download MiniToolBox© by farbar and save it to your desktop. Click here.

Double click on MiniToolBox.exe to run it.
Please check (tick) the following options:
- Flush DNS
- List IP Configuration
- List Winsock Entries
- List Last 10 Event Viewer Errors
- List Devices (Only Problems)
Click on the GO button. A log will open.
Please post the contents of this log. It can also be found on the desktop as Result.txt.

rockmypunkk · Apr 11, 2012

MiniToolBox by Farbar Version: 18-01-2012
Ran by Chris (administrator) on 11-04-2012 at 15:04:16
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IP Configuration: ================================

Atheros AR5007EG Wireless Network Adapter = Wireless Network Connection (Connected)
Realtek RTL8102E Family PCI-E Fast Ethernet NIC = Local Area Connection (Media disconnected)

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

popd
# End of interface IP configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : SnowSakura

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : Yes

DNS Suffix Search List. . . . . . : hsd1.tn.comcast.net.

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek RTL8102E Family PCI-E Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-23-8B-69-F1-4D

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.tn.comcast.net.

Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter

Physical Address. . . . . . . . . : 00-24-2B-23-BC-24

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.105

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 75.75.75.75

75.75.76.76

Lease Obtained. . . . . . . . . . : Wednesday, April 11, 2012 1:16:00 PM

Lease Expires . . . . . . . . . . : Thursday, April 12, 2012 1:16:00 PM

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 74.125.159.101, 74.125.159.100, 74.125.159.139, 74.125.159.102
74.125.159.113, 74.125.159.138

Pinging google.com [74.125.159.102] with 32 bytes of data:

Reply from 74.125.159.102: bytes=32 time=19ms TTL=54

Reply from 74.125.159.102: bytes=32 time=19ms TTL=54

Ping statistics for 74.125.159.102:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 19ms, Maximum = 19ms, Average = 19ms

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:

Reply from 72.30.38.140: bytes=32 time=92ms TTL=51

Reply from 72.30.38.140: bytes=32 time=166ms TTL=51

Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 92ms, Maximum = 166ms, Average = 129ms

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x3 ...00 23 8b 69 f1 4d ...... Realtek RTL8102E Family PCI-E Fast Ethernet NIC - Packet Scheduler Miniport
0x20002 ...00 24 2b 23 bc 24 ...... Atheros AR5007EG Wireless Network Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.105 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.105 192.168.1.105 30
192.168.1.105 255.255.255.255 127.0.0.1 127.0.0.1 30
192.168.1.255 255.255.255.255 192.168.1.105 192.168.1.105 30
224.0.0.0 240.0.0.0 192.168.1.105 192.168.1.105 30
255.255.255.255 255.255.255.255 192.168.1.105 3 1
255.255.255.255 255.255.255.255 192.168.1.105 192.168.1.105 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/10/2012 10:57:02 AM) (Source: Application Hang) (User: )
Description: Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/09/2012 10:31:36 AM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 11.0.0.4454, faulting module mozalloc.dll, version 11.0.0.4454, fault address 0x0000195d.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (04/02/2012 02:10:27 AM) (Source: Application Error) (User: )
Description: Faulting application seraph.exe, version 1.0.0.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187aa.
Processing media-specific event for [seraph.exe!ws!]

Error: (04/02/2012 02:06:43 AM) (Source: Application Error) (User: )
Description: Faulting application seraph.exe, version 1.0.0.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187aa.
Processing media-specific event for [seraph.exe!ws!]

Error: (04/02/2012 02:04:50 AM) (Source: Application Error) (User: )
Description: Faulting application seraph.exe, version 1.0.0.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187aa.
Processing media-specific event for [seraph.exe!ws!]

Error: (04/02/2012 02:03:12 AM) (Source: Application Error) (User: )
Description: Faulting application seraph.exe, version 1.0.0.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187aa.
Processing media-specific event for [seraph.exe!ws!]

Error: (04/02/2012 01:58:56 AM) (Source: Application Error) (User: )
Description: Faulting application seraph.exe, version 1.0.0.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187aa.
Processing media-specific event for [seraph.exe!ws!]

Error: (03/31/2012 09:42:32 PM) (Source: MsiInstaller) (User: Chris)Chris
Description: ? : ???????????? -- ??? 1324? ???? ?? '????????????' ?????????????????

Error: (03/31/2012 09:31:54 PM) (Source: MsiInstaller) (User: Chris)Chris
Description: ? : ???????????? -- ??? 1324? ???? ?? '????????????' ?????????????????

Error: (03/31/2012 09:28:37 PM) (Source: MsiInstaller) (User: Chris)Chris
Description: ? : ???????????? -- ??? 1324? ???? ?? '????????????' ?????????????????

System errors:
=============
Error: (04/11/2012 00:55:59 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

Error: (04/11/2012 00:55:58 PM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

Error: (04/11/2012 00:55:58 PM) (Source: Service Control Manager) (User: )
Description: The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).

Error: (04/11/2012 00:05:00 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

Error: (04/11/2012 00:04:59 PM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

Error: (04/11/2012 00:04:59 PM) (Source: Service Control Manager) (User: )
Description: The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).

Error: (04/11/2012 11:45:46 AM) (Source: Service Control Manager) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

Error: (04/11/2012 11:45:46 AM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

Error: (04/11/2012 11:45:46 AM) (Source: Service Control Manager) (User: )
Description: The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).

Error: (04/11/2012 11:34:09 AM) (Source: Service Control Manager) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

Microsoft Office Sessions:
=========================

========================= Devices: ================================

**** End of log ****

diver79 · Apr 11, 2012

Minitoolbox shows no issues that would affect your wireless card. You appear to be connected to it now. Are you still having issues with it? If so, please describe.

Also let me know if there are any other symptoms relating to the infection.

Thanks,

diver79.

rockmypunkk · Apr 11, 2012

No I'm not seeing any other problems currently, just need to remove stopzilla and defrag so it's not so slow

ABnow.com Google redirect infection

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member