viewtopic.php?f=11&t=48441
I have just finished doing what Muppy asked me to.
Here is the log from combofix along with the logs from goored fix and a new HJT log
COMBO FIX
ComboFix 10-01-04.01 - Owner 01/11/2010 8:39.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1516 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\Data\CT0060W.DAT
c:\windows\system32\Data\CTP0060W.DAT
c:\windows\system32\Data\CTP0061W.DAT
c:\windows\system32\Data\CTP0070W.DAT
c:\windows\system32\Data\CTP0073W.DAT
c:\windows\system32\Data\CTP0090W.DAT
c:\windows\system32\Data\CTP0091W.DAT
c:\windows\system32\Data\CTP0092W.DAT
c:\windows\system32\Data\CTP0095W.DAT
c:\windows\system32\Data\CTP0100W.DAT
c:\windows\system32\Data\CTP0101W.DAT
c:\windows\system32\Data\CTP0102W.DAT
c:\windows\system32\Data\CTP0103W.DAT
c:\windows\system32\Data\CTP0105W.DAT
c:\windows\system32\Data\CTP0150W.DAT
c:\windows\system32\Data\CTP0161W.DAT
c:\windows\system32\Data\CTP0162W.DAT
c:\windows\system32\Data\CTP0170W.DAT
c:\windows\system32\Data\CTP017AW.DAT
c:\windows\system32\Data\CTP017BW.DAT
c:\windows\system32\Data\CTP017CW.DAT
c:\windows\system32\Data\CTP017DW.DAT
c:\windows\system32\Data\CTP017EW.DAT
c:\windows\system32\Data\CTP017FW.DAT
c:\windows\system32\Data\CTP017GW.DAT
c:\windows\system32\Data\CTP017HW.DAT
c:\windows\system32\Data\CTP0191W.DAT
c:\windows\system32\Data\CTP0192W.DAT
c:\windows\system32\Data\CTP0221W.DAT
c:\windows\system32\Data\CTP0222W.DAT
c:\windows\system32\Data\CTP0230W.DAT
c:\windows\system32\Data\CTP0231W.DAT
c:\windows\system32\Data\CTP0232W.DAT
c:\windows\system32\Data\CTP0238W.DAT
c:\windows\system32\Data\CTP0240W.DAT
c:\windows\system32\Data\CTP0242W.DAT
c:\windows\system32\Data\CTP0243W.DAT
c:\windows\system32\Data\CTP0244W.DAT
c:\windows\system32\Data\CTP0245W.DAT
c:\windows\system32\Data\CTP0249W.DAT
c:\windows\system32\Data\CTP0280W.DAT
c:\windows\system32\Data\CTP0320W.DAT
c:\windows\system32\Data\CTP0350W.DAT
c:\windows\system32\Data\CTP0352W.DAT
c:\windows\system32\Data\CTP0360W.DAT
c:\windows\system32\Data\CTP1140W.DAT
c:\windows\system32\Data\CTP4620W.DAT
c:\windows\system32\Data\CTP4670W.DAT
c:\windows\system32\Data\CTP4760W.DAT
c:\windows\system32\Data\CTP4780W.DAT
c:\windows\system32\Data\CTP4790W.DAT
c:\windows\system32\Data\CTP4820W.DAT
c:\windows\system32\Data\CTP4830W.DAT
c:\windows\system32\Data\CTP4831W.DAT
c:\windows\system32\Data\CTP4832W.DAT
c:\windows\system32\Data\CTP4840W.DAT
c:\windows\system32\Data\CTP4850W.DAT
c:\windows\system32\Data\CTP4870W.DAT
c:\windows\system32\Data\CTP4871W.DAT
c:\windows\system32\Data\CTP4872W.DAT
c:\windows\system32\Data\CTP4875W.DAT
c:\windows\system32\Data\CTP4890W.DAT
c:\windows\system32\Data\CTP4891W.DAT
c:\windows\system32\Data\CTP4893W.DAT
c:\windows\system32\Data\CTPDXW.DAT
c:\windows\system32\Data\CTPM002W.DAT
c:\windows\system32\DEBUG.log
c:\windows\system32\driVERs\rydubvyz.sys
E:\install.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_rydubvyz
-------\Service_rydubvyz
((((((((((((((((((((((((( Files Created from 2009-12-11 to 2010-01-11 )))))))))))))))))))))))))))))))
.
2010-01-10 01:45 . 2010-01-10 01:45 -------- d-----w- c:\documents and settings\Daisy\Local Settings\Application Data\Adobe
2010-01-05 02:38 . 2010-01-06 06:14 -------- d-----w- c:\program files\trend micro
2010-01-05 02:38 . 2010-01-05 02:38 -------- d-----w- C:\rsit
2009-12-30 19:52 . 2009-12-30 19:52 -------- d-----w- c:\program files\TrendMicro
2009-12-30 18:30 . 2009-12-30 18:30 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-30 18:30 . 2009-12-30 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-30 18:30 . 2009-12-30 18:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-30 18:30 . 2009-12-30 18:30 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-12-29 21:37 . 2009-12-29 21:37 -------- d-----w- c:\program files\Sophos
2009-12-29 20:52 . 2009-12-29 21:05 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\wlyrie
2009-12-22 16:12 . 2009-12-22 16:12 -------- d-sh--w- c:\documents and settings\Daisy\PrivacIE
2009-12-22 16:12 . 2009-12-22 16:12 -------- d-----w- c:\documents and settings\Daisy\Local Settings\Application Data\AskToolbar
2009-12-22 16:12 . 2009-12-22 16:12 -------- d-sh--w- c:\documents and settings\Daisy\IETldCache
2009-12-20 04:59 . 2009-12-20 04:59 -------- d-----w- c:\documents and settings\Owner\Application Data\runic games
2009-12-15 19:58 . 2009-12-18 19:02 0 ----a-w- c:\windows\Sruzuwefokibofa.bin
2009-12-15 19:58 . 2009-12-18 19:02 120 ----a-w- c:\windows\Cfofodadujodi.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 07:51 . 2007-08-18 21:31 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000004-20021102}.dat
2010-01-10 07:51 . 2007-08-18 21:31 384 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000009-00001102-00000004-20021102}.dat
2010-01-10 04:00 . 2008-10-13 16:34 -------- d-----w- c:\program files\Steam
2010-01-09 00:18 . 2009-01-03 04:20 0 ----a-w- c:\documents and settings\Daisy\Local Settings\Application Data\prvlcl.dat
2010-01-07 16:20 . 2008-10-13 17:27 39 ----a-w- c:\windows\popcinfot.dat
2010-01-05 21:52 . 2006-04-22 01:46 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-01-05 20:55 . 2006-04-20 20:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-05 02:26 . 2006-04-30 16:38 -------- d-----w- c:\program files\Java
2010-01-05 02:22 . 2009-11-06 17:14 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2009-12-30 17:48 . 2007-12-01 17:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-30 05:41 . 2007-03-04 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-21 15:43 . 2009-12-12 03:30 2066200 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-12-18 19:07 . 2008-07-05 15:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-18 19:07 . 2008-08-31 22:54 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-03 22:14 . 2008-08-31 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 22:13 . 2008-07-05 15:21 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-26 02:41 . 2009-11-26 02:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Ubisoft
2009-11-26 02:25 . 2009-11-26 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Tages
2009-11-26 02:18 . 2009-11-26 02:18 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-11-26 02:18 . 2009-11-26 02:18 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-11-26 02:12 . 2009-11-26 02:12 -------- d-----w- c:\program files\Ubisoft
2009-11-05 22:11 . 2009-11-05 22:11 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-29 07:45 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-16 21:44 . 2009-10-16 21:44 26612 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-16 13:56 . 2009-10-16 13:56 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2008-03-05 23:55 . 2007-05-04 20:15 19104 -c--a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-03-05 23:55 . 2007-05-04 20:15 105632 -c--a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RcMan.exe" [2003-10-08 139264]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"CTHelper"="CTHELPER.EXE" [2003-10-06 24576]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
SlimServer Tray Tool.lnk - c:\program files\SlimServer\SlimTray.exe [2007-1-15 1093701]
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\wirelesscm.exe [2008-2-3 13357056]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 18:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead demo\\left4dead.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle deluxe\\Peggle.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\slamit pinball big score\\BigScore.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sacred 2\\system\\sacred2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\outrun2006 coast 2 coast\\OR2006C2C.EXE"=
"c:\\Program Files\\Steam\\steamapps\\common\\outrun2006 coast 2 coast\\Config.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\worldwide soccer manager 2009\\wsm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\football manager 2010\\fm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"9000:TCP"= 9000:TCP:SlimServer 9000 tcp
"3483:UDP"= 3483:UDP:SlimServer 3483 udp
"3483:TCP"= 3483:TCP:SlimServer 3483 tcp
R0 SI3114;SiI-3114 SATALink Controller;c:\windows\system32\drivers\SI3114.sys [11/29/2005 12:24 PM 61696]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/2/2008 3:30 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/30/2009 7:38 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 4:26 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 74480]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/25/2009 9:28 PM 297752]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PfModNT.sys [4/20/2006 2:03 PM 15840]
S2 SlimServerMySQL;SlimServerMySQL;c:\progra~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=c:\progra~1\SLIMSE~1\server\Cache\my.cnf SlimServerMySQL --> c:\progra~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=c:\progra~1\SLIMSE~1\server\Cache\my.cnf SlimServerMySQL [?]
S3 gtermddo;gtermddo;\??\c:\docume~1\Owner\LOCALS~1\Temp\gtermddo.sys --> c:\docume~1\Owner\LOCALS~1\Temp\gtermddo.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\FC.tmp --> c:\windows\system32\FC.tmp [?]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 7408]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: aol.com\free
TCP: {6CA011C0-3DCA-4D2A-B7ED-8CB8CBD159ED} = 68.94.156.1,68.94.157.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\m1ciyppj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&o ... &gfns=1&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-RemoteControl - (no file)
HKLM-Run-Logitech Hardware Abstraction Layer - KHALMNPR.EXE
HKLM-Run-NVIDIA nTune - c:\program files\NVIDIA Corporation\nTune\\nTune.exe
HKLM-Run-RemoteCenter - (no file)
HKLM-Run-nwiz - c:\program files\NVIDIA Corporation\nView\nwiz.exe
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\UninstFl.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 08:51
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\FC.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1390067357-1682526488-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d3,6a,85,e5,1b,de,d9,7a,b6,0c,1f,bd,82,d3,d5,de,6f,6d,38,25,ed,8e,7b,
2c,e2,13,8a,6b,4f,a3,a2,54,6d,61,d7,0c,c4,7d,12,8c,ee,0d,b0,01,13,91,c3,29,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
[HKEY_USERS\S-1-5-21-1390067357-1682526488-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:43,39,2b,c6,41,45,42,bd,17,16,db,7c,f3,e5,2f,a1,fd,e6,13,56,1c,
dc,8c,dd,1c,b0,e4,1e,25,20,1b,3a,cb,6b,0f,64,40,8d,33,f4,21,f2,e2,12,2e,2b,\
"rkeysecu"=hex:43,f3,aa,9f,21,6c,4b,dd,45,a2,00,f9,87,61,78,b2
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(684)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
- - - - - - - > 'explorer.exe'(3560)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-01-11 08:54:38
ComboFix-quarantined-files.txt 2010-01-11 14:54
Pre-Run: 31,353,303,040 bytes free
Post-Run: 31,306,936,320 bytes free
- - End Of File - - C084756F7B895D327B6A4D5154DB6234
GORED FIX
GooredFix by jpshortstuff (08.01.10.1)
Log created at 00:53 on 10/01/2010 (Owner)
Firefox version 3.5.7 (en-US)
========== GooredScan ==========
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{F0704C49-1821-49B6-962C-52193E5B0DF8} -> Success!
Deleting C:\Documents and Settings\Owner\Local Settings\Application Data\{F0704C49-1821-49B6-962C-52193E5B0DF8} -> Success!
========== GooredLog ==========
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [02:27 21/11/2006]
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [20:23 06/03/2009]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [18:51 31/03/2009]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [20:32 12/06/2009]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [15:50 08/08/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [22:12 05/11/2009]
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\m1ciyppj.default\extensions\
moveplayer@movenetworks.com [13:37 18/03/2009]
{07b2a769-ed19-4483-87ce-c643914c9626} [19:58 19/12/2009]
{13407856-f9ea-4536-bd03-70fb56d5d0cd} [01:39 21/04/2007]
{7694c49c-9fbd-11dc-8314-0800200c9a66} [19:17 15/11/2008]
{7a94a9a7-be7f-4d51-afe9-06063380ca94} [19:57 19/12/2009]
{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [22:37 21/01/2007]
{a883dc70-3e3e-11db-a98b-0800200c9a66} [02:13 02/06/2007]
{b41cb5f0-2e52-11de-8c30-0800200c9a66} [15:16 28/12/2009]
{c1dffba0-628e-11d9-9669-0800200c9a66} [03:38 11/07/2009]
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox" [21:30 02/06/2008]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [20:22 06/03/2009]
-=E.O.F=-
kidcramer wrote:Here is the updated hijack this log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:52 AM, on 1/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\wirelesscm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SlimServer Tray Tool.lnk = C:\Program Files\SlimServer\SlimTray.exe
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\wirelesscm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 8591503609
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8591496578
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/g ... anager.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CA011C0-3DCA-4D2A-B7ED-8CB8CBD159ED}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SlimServerMySQL - Unknown owner - C:\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe
O23 - Service: SlimServer (slimsvc) - Unknown owner - C:\Program Files\SlimServer\server\slim.exe
--
End of file - 8988 bytes