You are welcome, I'm only sorry I couldn't tell you sooner. Anyways, things *should* be fixed now as far as the internet goes. Obviously it was a little more of an ordeal than I thought it would be. Everything seems to be running fine as far as the computer goes. It hasn't started overheating or redirecting again. So it seems to be good on that front. It did start running randomly when it was supposed to be in hibernate. Not really sure why it does that (or if it's even relevant)- it's not updating or anything, but the obvious problems seem to be gone.
Anyways, here is the combofix log:
ComboFix 12-10-23.01 - Steven Wilkins 11/07/2012 14:21:14.14.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2769 [GMT -6:00]
Running from: c:\documents and settings\Steven Wilkins\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Steven Wilkins\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\STEVEN~1\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\documents and settings\Steven Wilkins\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-10-07 to 2012-11-07 )))))))))))))))))))))))))))))))
.
.
2012-10-26 17:24 . 2012-10-26 17:24 -------- d-----w- C:\_OTL
2012-10-18 16:54 . 2012-10-18 16:54 -------- d-----w- C:\RK_Quarantine
2012-10-16 23:07 . 2012-10-16 23:07 -------- d-----w- c:\documents and settings\Steven Wilkins\Local Settings\Application Data\FalloutNV
2012-10-16 23:07 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-10-16 23:07 . 2009-09-04 22:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2012-10-16 23:07 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-10-16 23:07 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-10-16 23:07 . 2009-09-04 22:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2012-10-16 23:07 . 2009-09-04 22:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2012-10-16 23:07 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-10-15 20:58 . 2012-10-15 20:58 -------- d-----w- C:\_OTM
2012-10-15 20:43 . 2012-10-15 20:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-15 20:43 . 2012-09-07 22:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-12 01:27 . 2012-10-30 13:06 -------- d-----w- c:\program files\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-23 10:18 . 2011-10-04 21:38 360392 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-23 10:18 . 2011-10-04 21:38 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-23 10:18 . 2011-10-04 21:38 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-23 10:18 . 2011-10-04 21:38 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-23 10:18 . 2011-10-04 21:38 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-23 10:18 . 2011-10-04 21:38 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-23 10:18 . 2011-10-04 21:38 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-23 10:18 . 2011-10-04 21:38 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-23 10:17 . 2011-10-04 21:38 41224 ----a-w- c:\windows\avastSS.scr
2012-10-23 10:17 . 2011-10-04 21:38 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-24 20:32 . 2012-07-06 13:48 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 20:32 . 2010-04-22 15:42 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 18:51 . 2012-07-06 13:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-28 15:14 . 2005-08-16 09:18 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2005-08-16 09:18 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2005-08-16 09:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2005-08-16 09:18 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2005-08-16 09:18 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2005-08-16 09:18 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-04 03:59 2027520 ------w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-23 10:17 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"PowerPanel Personal Edition User Interaction"="c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2005-10-24 262144]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-10-26 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-08 7110656]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"MBMon"="CTMBHA.DLL" [2005-05-19 1345520]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2009-11-04 597792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-23 4297136]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2012-05-09 201112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 136704]
.
c:\documents and settings\Steven Wilkins\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files\Broderbund\PrintMaster Express\pmremind.exe [2012-7-11 331776]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\windows\system32\ijebmevd.exe c:\windows\system32\ijebmevd.exe:changelist\0autocheck autochk *\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 19:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-06-13 04:34 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
2005-09-19 12:42 1159168 ------w- c:\program files\Creative\VoiceCenter\AndreaVC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TomTomHOMEService"=2 (0x2)
"PMBDeviceInfoProvider"=2 (0x2)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\the tiny bang story\\ttbs.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\lume\\Lume.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\borderlands\\Binaries\\Borderlands.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\fallout new vegas\\FalloutNVLauncher.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"2901:TCP"= 2901:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/1/2011 9:57 AM 64288]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/4/2011 3:38 PM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/4/2011 3:38 PM 360392]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/4/2011 3:38 PM 21256]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/11/2012 7:27 PM 136176]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [7/13/2008 9:53 AM 2560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/11/2012 7:27 PM 136176]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys --> c:\windows\system32\drivers\samhid.sys [?]
S4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 2:18 AM 360224]
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-07 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-11 10:17]
.
2012-11-05 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2005-08-16 00:12]
.
2012-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-12 01:27]
.
2012-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-12 01:27]
.
.
------- Supplementary Scan -------
.
uStart Page =
https://startpage.com/eng/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: neopets.com\www
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 97.64.209.36 97.64.168.13
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2012-11-07 14:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-68032846-1058140136-4283777642-1005\Software\SecuROM\License information*]
"datasecu"=hex:05,b2,77,2c,b2,e4,ef,5a,c6,d9,c2,88,94,ad,e4,0b,60,d5,77,51,82,
48,05,b8,ed,81,87,55,f5,de,3e,85,a2,47,f1,cc,86,3d,88,86,7f,29,63,b6,c1,0b,\
"rkeysecu"=hex:42,61,c1,53,ba,a3,3e,5a,6e,69,83,0a,25,30,a7,6b
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \04F7528984592EA0]
"1"=hex:d5,3e,50,00,82,25,c9,f6,dd,f6,18,c9,99,5b,70,06,b4,b6,07,c1,1b,95,01,
2f
"2"=hex:e4,d7,da,38,b0,b5,3c,88,a2,01,5f,80,71,fc,07,41,22,5f,c1,26,5d,01,8c,
86
"3"=hex:d5,3e,50,00,82,25,c9,f6,dd,f6,18,c9,99,5b,70,06,53,86,fb,a3,af,c0,18,
8b,f9,e5,ef,ce,f2,5f,47,59,1f,2b,25,f6,12,48,81,74
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \04F7528984592EA0\FD1E79A92259B5BC6F3673C7C70B3F80]
"1"=hex:a0,05,e5,14,70,56,59,19,19,f2,d5,d0,45,ea,42,c8,7b,0e,8f,12,8d,fe,0d,
89,e7,25,77,a8,98,63,f3,0c
"2"=hex:14,ce,87,8d,79,74,ee,b2
"3"=hex:4a,96,16,fb,80,e9,b8,09,b5,a8,4b,7d,13,05,ed,a9,36,6f,2e,0a,c1,b9,4f,
13,60,7b,5d,83,7e,a0,72,39,72,37,3f,58,1d,6c,1e,94,33,24,6f,1b,39,dd,60,ce,\
"4"=hex:eb,1f,6a,44,5b,57,2e,42
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:c9,3a,93,65,d5,aa,5c,a5,af,ff,f0,6c,ea,dc,3b,16,d5,46,14,1e,de,21,e3,
92,cf,d2,a7,a7,d7,a8,3c,60,6f,1e,ad,24,4c,e4,b3,35,f5,88,93,81,10,50,6e,57,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,d5,51,9f,32,fb,06,fa,
8c,e8,22,fe,5a,96,f6,72,ff,b7,d3,87,b3,8d,54,9f,32,5f,3a,e2,a1,97,10,45,b9,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:c7,b0,18,85,7b,39,96,ed
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-11-07 14:29:30
ComboFix-quarantined-files.txt 2012-11-07 20:29
ComboFix2.txt 2012-10-23 19:26
ComboFix3.txt 2012-10-19 17:21
ComboFix4.txt 2012-10-19 17:05
ComboFix5.txt 2012-11-07 20:19
.
Pre-Run: 48,996,511,744 bytes free
Post-Run: 48,973,590,528 bytes free
.
- - End Of File - - 0BFFA04E213CA2474BF629CDF0BFF5F4
This topic is locked
Sign In
Create Account
