|
|
| Next: discount UGG boots hot sell on(www.selljordanzoom.. |
| Author |
Message |
Kiribati
Joined: Jun 11, 2009
Posts: 5
|
 Posted: Wed Nov 18, 2009 5:33 am Post subject: No apparent Search Engine Hijack BUT... |
|
|
I am experiencing symptoms of a browser hijack. I've gone through this whole search engine hijack business once (posted a thread here asking for help around June 09, but ended up formatting), and I really don't want to go through it again. Anyway, lately my browser has been acting up. It began opening up new tabs for ads. And once it opened a new window with about 6 tabs that were just ads. I don't know if this is considered a any sort of hijack but I want to give it a try.
| Quote: |
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:35:27 AM, on 11/18/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal
Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avast4\ashDisp.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AIM7\aim.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Jeffrey\AppData\Local\Temp\IXP000.TMP\SUPERAntiSpyware.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jeffrey\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_U...mp;c=73
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_U...mp;c=73
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbReg1.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbReg1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbReg1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [MMTray2k] MMTray2k.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Jeffrey\AppData\Local\Temp\IXP000.TMP\"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM7\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O18 - Protocol: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files\NavNetApp\ComUtilities.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate1c9e894881ac770) (gupdate1c9e894881ac770) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbl_device - - C:\Windows\system32\lxblcoms.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exe
O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 13201 bytes
|
I have Malwarebytes' Antimalware scanning right now, I will post up those results when it is done.
| Quote: |
Malwarebytes' Anti-Malware 1.41
Database version: 3192
Windows 6.0.6001 Service Pack 1
11/18/2009 8:27:48 AM
mbam-log-2009-11-18 (08-27-4 .txt
Scan type: Full Scan (C:\|)
Objects scanned: 396982
Time elapsed: 2 hour(s), 16 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\System32\memman.vxd (Rogue.sysCleaner) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\ProgramData\{5AC06A7F-E1C7-46A4-BA28-5A4B25F3BB23}\OFFLINE\71747601\2302A1E7\memman.vxd (Rogue.sysCleaner) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Local\Temp\AFB0.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Local\Temp\B3D5.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Local\Temp\DA0D.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Local\Temp\E1E7.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\memman.vxd (Rogue.sysCleaner) -> Quarantined and deleted successfully.
|
Is there anything suspicious? Thanks! |
|
| Back to top |
|
 |
greyknight17
Joined: Feb 03, 2003
Posts: 5773
Location: Brooklyn, NY
|
| Posted: Wed Nov 18, 2009 10:19 pm Post subject: |
|
|
|
| Do you know what the following is used for?
C:\Program Files\Reganam
Go to http://www.bleepingcomputer.com/combofix/how-to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here. |
|
|
| Back to top |
|
|
Kiribati
Joined: Jun 11, 2009
Posts: 5
|
| Posted: Sun Nov 22, 2009 6:30 pm Post subject: |
|
|
| Quote: |
ComboFix 09-11-18.07 - Jeffrey 11/18/2009 22:49.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1982.1222 [GMT -8:00]
Running from: c:\users\Jeffrey\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-154915605-2572248287-58432082-500
c:\$recycle.bin\S-1-5-21-3102239989-1682233996-76167453-500
c:\users\Jeffrey\AppData\Roaming\Microsoft\AdjMmsVista.dll
c:\windows\system32\skinboxer43.dll
Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-10-19 to 2009-11-19 )))))))))))))))))))))))))))))))
.
2009-11-19 07:08 . 2009-11-19 07:09 -------- d-----w- c:\users\Jeffrey\AppData\Local\temp
2009-11-19 07:08 . 2009-11-19 07:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-18 09:49 . 2009-11-18 09:49 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\Malwarebytes
2009-11-18 09:49 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-18 09:49 . 2009-11-18 09:49 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-18 09:49 . 2009-11-18 09:49 -------- d-----w- c:\programdata\Malwarebytes
2009-11-18 09:49 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-18 07:08 . 2009-11-18 07:13 117760 ----a-w- c:\users\Jeffrey\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-16 05:24 . 2009-11-16 05:30 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\DiskAid
2009-11-16 05:24 . 2009-11-16 05:24 4096 d-----w- c:\program files\DiskAid
2009-11-11 07:01 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 07:01 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-04 04:42 . 2009-11-04 04:42 -------- d-----w- c:\program files\AskBarDis
2009-10-28 13:12 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 13:12 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-19 06:47 . 2009-02-22 09:03 42381 ----a-w- c:\programdata\nvModes.dat
2009-11-19 06:47 . 2009-03-20 22:58 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\WTablet
2009-11-19 06:45 . 2008-11-24 04:09 -------- d-----w- c:\program files\Conduit
2009-11-18 16:35 . 2008-01-15 22:54 4096 d-----w- c:\program files\SUPERAntiSpyware
2009-11-18 16:27 . 2009-03-09 10:47 8192 d-----w- c:\program files\Internet Download Manager
2009-11-18 10:21 . 2009-03-09 10:47 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\DMCache
2009-11-18 07:08 . 2008-01-15 22:54 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\SUPERAntiSpyware.com
2009-11-18 07:08 . 2008-01-15 22:54 4096 d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-14 01:35 . 2008-05-29 19:41 -------- d-----w- c:\program files\Common Files\AOL
2009-11-11 11:22 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-11 11:07 . 2007-08-04 10:35 8192 d-----w- c:\programdata\Microsoft Help
2009-11-10 19:18 . 2009-10-07 16:09 8192 d-----w- c:\program files\AIM7
2009-11-08 06:23 . 2007-11-27 06:43 16384 d-----w- c:\users\Jeffrey\AppData\Roaming\Azureus
2009-11-04 08:04 . 2007-11-27 06:43 4096 d-----w- c:\program files\Azureus
2009-11-04 03:34 . 2009-06-08 23:54 -------- d-----w- c:\program files\Google
2009-11-03 04:42 . 2009-10-12 20:36 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-21 07:16 . 2007-11-26 06:06 -------- d-----w- c:\program files\ooVoo
2009-10-16 21:37 . 2009-10-16 21:37 -------- d-----w- c:\program files\EA Games
2009-10-15 04:14 . 2008-01-08 09:40 1724 ----a-w- c:\users\Jeffrey\AppData\Roaming\wklnhst.dat
2009-10-14 10:05 . 2008-01-17 10:40 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-14 10:03 . 2007-08-04 10:31 40960 d-----w- c:\program files\Microsoft Works
2009-10-12 20:25 . 2009-10-12 20:25 16384 d-----w- c:\program files\Avast4
2009-10-12 19:57 . 2009-02-05 09:59 4096 d-----w- c:\programdata\McAfee
2009-10-09 04:57 . 2009-09-23 05:04 12288 d-----w- c:\program files\ResumeMaker
2009-10-08 22:39 . 2009-10-08 22:39 4096 d-----w- c:\program files\NavNetApp
2009-10-08 22:39 . 2009-10-08 22:39 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\NavNet Solutions
2009-10-07 16:10 . 2009-09-05 05:16 -------- d-----w- c:\program files\Viewpoint
2009-10-07 16:10 . 2009-10-07 16:10 -------- d-----w- c:\programdata\AIM
2009-10-02 04:40 . 2009-09-15 03:13 126970 ----a-w- c:\users\Jeffrey\AppData\Roaming\Move Networks\uninstall.exe
2009-10-02 04:40 . 2009-08-03 21:48 4187512 ----a-w- c:\users\Jeffrey\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
2009-10-02 04:40 . 2009-06-07 11:47 4096 d-----w- c:\users\Jeffrey\AppData\Roaming\Move Networks
2009-10-01 04:02 . 2008-01-21 04:11 4096 d-----w- c:\program files\Fraps
2009-10-01 03:27 . 2009-10-01 03:27 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\JGoodies
2009-10-01 03:27 . 2009-10-01 03:27 -------- d-----w- c:\program files\JGoodies
2009-10-01 02:03 . 2009-10-01 02:02 -------- d-----w- c:\program files\PFPortChecker
2009-09-23 05:07 . 2007-11-25 01:53 99720 ----a-w- c:\users\Jeffrey\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-23 05:07 . 2009-09-23 05:07 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\Individual Software
2009-09-23 05:05 . 2009-09-23 05:05 -------- d-----w- c:\programdata\Individual Software
2009-09-15 10:59 . 2009-10-12 20:25 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 10:55 . 2009-10-12 20:25 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2009-10-12 20:25 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 10:55 . 2009-10-12 20:25 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-09-15 10:54 . 2009-10-12 20:25 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 10:54 . 2009-10-12 20:25 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 10:53 . 2009-10-12 20:25 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-15 03:13 . 2009-06-16 06:35 4183416 ----a-w- c:\users\Jeffrey\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
2009-09-15 00:58 . 2009-10-16 21:36 1291640 ----a-w- c:\users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\fsb6yxrk.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-09-15 00:58 . 2009-10-16 21:36 729088 ----a-w- c:\users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\fsb6yxrk.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-09-14 09:44 . 2009-10-14 09:31 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 18:48 . 2009-09-18 15:02 93552 ----a-w- c:\windows\Help\OEM\scripts\RegRestore.exe
2009-09-10 18:48 . 2009-09-18 15:02 12288 ----a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager1_5.dll
2009-09-10 18:48 . 2009-09-18 15:04 9728 ----a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager.DLL
2009-09-10 17:30 . 2009-10-14 09:40 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 12:24 . 2009-10-14 09:31 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-08-31 13:55 . 2009-10-14 09:39 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-08-31 13:55 . 2009-10-14 09:39 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-08-28 12:39 . 2009-09-02 23:59 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-02 23:59 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 13:32 . 2009-10-14 09:40 833024 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:29 . 2009-10-14 09:39 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 10:58 . 2009-10-14 09:39 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-21 22:15 . 2009-08-21 22:15 25214 ----a-r- c:\users\Jeffrey\AppData\Roaming\Microsoft\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_29D232B856F0A1CBA486B8.exe
2009-08-21 22:15 . 2009-08-21 22:15 10398 ----a-r- c:\users\Jeffrey\AppData\Roaming\Microsoft\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_3324690356DD71877A1B6A.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 09:06 . 2008-06-09 23:15 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2008-06-09 23:15 31232 --sha-r- c:\windows\System32\msfDX.dll
2007-12-17 12:43 . 2008-06-09 23:15 27648 --sha-w- c:\windows\System32\Smab0.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 20:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Aim"="c:\program files\AIM7\aim.exe" [2009-11-11 3949416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-23 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"avast!"="c:\progra~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]
"MMTray2k"="MMTray2k.exe" - c:\windows\System32\MMTray2k.exe [2001-10-31 57344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
c:\users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-11-27 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [10/12/2009 12:25 PM 114768]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [11/3/2009 8:42 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [11/3/2009 8:42 PM 234888]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [10/12/2009 12:25 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [10/12/2009 12:25 PM 53328]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [10/28/2008 4:42 PM 156968]
R2 lxbl_device;lxbl_device;c:\windows\system32\lxblcoms.exe -service --> c:\windows\system32\lxblcoms.exe -service [?]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\System32\Wacom_Tablet.exe [3/20/2009 2:55 PM 1373480]
R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/4/2009 9:16 PM 30152]
S2 gupdate1c9e894881ac770;Google Update Service (gupdate1c9e894881ac770);c:\program files\Google\Update\GoogleUpdate.exe [6/8/2009 3:54 PM 133104]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [5/27/2009 2:27 AM 29262680]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [8/2/2005 1:10 PM 32512]
--- Other Services/Drivers In Memory ---
*Deregistered* - mbr
*Deregistered* - PROCEXP113
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-08 23:54]
2009-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-08 23:54]
.
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_U...mp;c=73
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\fsb6yxrk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navcli...&gf
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff30\gears.dll
FF - component: c:\users\Jeffrey\AppData\Roaming\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\fsb6yxrk.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Jeffrey\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\Jeffrey\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\fsb6yxrk.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
BHO-{db9d7a78-a76c-4bf2-97c6-258925ee1542} - (no file)
AddRemove-HijackThis - c:\users\Jeffrey\Desktop\HijackThis.exe
AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742}
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-18 23:09
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-154915605-2572248287-58432082-1000_Classes\CLSID\{088e3f55-ff27-475b-8b01-918dd8fff13a}]
@Denied: (Full) (Everyone)
"Model"=dword:000000d9
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,3b,8a,0a,32,11,89,01,b5,f2,a2,d5,83,1a,f4,12,90,93,5e,13,b5,72,5a,\
[HKEY_USERS\S-1-5-21-154915605-2572248287-58432082-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):cc,58,38,26,1a,d8,64,9f,cf,19,89,76,b4,e2,ea,be,60,e9,a0,ad,cb,
ce,3c,b4,1c,12,ca,6e,aa,1c,07,82,56,d9,50,e5,be,cb,66,1f,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-11-18 23:13
ComboFix-quarantined-files.txt 2009-11-19 07:13
Pre-Run: 40,523,849,728 bytes free
Post-Run: 40,529,022,976 bytes free
- - End Of File - - 5C52D66D2A3D60495837C4F1C9F550AC |
Strange things happened after I ran ComboFix. My laptop no longer recognizes my own home wireless network from its location in the house. I have to move my laptop literally right next to the router for it to be able to find the network. Before, my laptop had no problem finding and connecting to the network from my room.
Also, Firefox, AIM, and other programs are extremely unstable, for reasons I don't know why. It seems my whole system has gone haywire. Firefox works slow, every time I open a tab, it gives the "Not Responding" message and I'd have to wait about 10 seconds for it to finish loading the tab. One tab! For me to open Firefox, navigate to this page and post up the log took me about 3 minutes, as opposed to a normal 30 seconds. I think I got this issue fixed. I uninstalled the Ask.com toolbar and my firefox has returned to normal. I thought that toolbar was legitimate....oh well. It came with an Installer as well. The only issue left is the network connection problems.[/b]
UAC (User Account Control) gives me an error saying it's not turned on (I never had it on to begin with, but never got any warnings or error messages). But when I do turn it on, I cannot run programs without them crashing, let alone run anything like I did before.
This all happened after running ComboFix. I don't know what went wrong, as it didn't give me any errors. Right about now, my laptop has turned into a digital pen and paper, as that's all I can basically do.
Any ideas or insight will definitely help.
Thanks,
Kiribati
P.S. As for the Reganam toolbar, I believe it came packaged with an Installer of a program I purchased. It installed onto Internet Explorer, but I never bothered with it since I don't use IE. I have since uninstalled it after you brought it up. |
|
| Back to top |
|
|
greyknight17
Joined: Feb 03, 2003
Posts: 5773
Location: Brooklyn, NY
|
| Posted: Sat Dec 05, 2009 9:37 pm Post subject: |
|
|
Sorry for the long delay in getting back.
For the UAC issue, go into your Control Panel and look for the security center. You should be able to disable the warnings from there so it doesn't bother you asking to enable it back.
ComboFix does make some changes to your system, but I don't remember it touching anything related to the network. Did you try removing the drivers, restarting the computer and reinstalling it back to see if it helps?
Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:
| Quote: |
Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
Reglock::
[HKEY_USERS\S-1-5-21-154915605-2572248287-58432082-1000_Classes\CLSID\{088e3f55-ff27-475b-8b01-918dd8fff13a}]
[HKEY_USERS\S-1-5-21-154915605-2572248287-58432082-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] |
Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.
Note: Do not click on combofix's window while it's running. That may cause it to stall. |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
| |
|
|
General