I ran VEW and put the log in my proposed post but didn't send it. I planned to run ComboFix and post both files but, of course. when I ran ComboFix I shut down the browser and lost the VEW file results.
ComboFix did run all the way through, and here is the log. Should I run VEW again and post log??
ComboFix 13-01-24.02 - Owner 01/24/2013 20:10:41.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1471.928 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\WINDOWS
c:\windows\dasetup.log
c:\windows\help\wmplayer.bak
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wt
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-12-25 to 2013-01-25 )))))))))))))))))))))))))))))))
.
.
2013-01-23 14:34 . 2013-01-23 14:34 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2013-01-23 14:32 . 2013-01-23 14:32 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2013-01-23 04:33 . 2013-01-23 04:33 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2013-01-23 04:25 . 2013-01-23 04:30 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Google
2013-01-22 13:12 . 2013-01-22 13:12 -------- d-----w- c:\windows\ShellNew
2013-01-22 13:00 . 2013-01-22 13:01 -------- dc-h--w- c:\windows\ie8
2013-01-22 12:07 . 2013-01-22 12:07 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2013-01-22 07:14 . 2013-01-22 07:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Avg2013
2013-01-22 06:38 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-22 06:32 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2013-01-22 06:27 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2013-01-22 06:25 . 2013-01-23 04:18 -------- d--h--w- c:\windows\$hf_mig$
2013-01-22 06:19 . 2008-04-14 10:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2013-01-22 06:19 . 2008-04-14 05:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2013-01-22 06:12 . 2013-01-22 06:17 -------- d-----w- C:\I386
2013-01-22 06:10 . 2013-01-22 06:10 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2013-01-22 06:01 . 2013-01-22 06:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Avg2013
2013-01-22 06:01 . 2013-01-25 01:18 -------- dcsh--r- c:\windows\system32\dllcache
2013-01-22 06:00 . 2013-01-22 06:00 -------- d-----w- C:\$AVG
2013-01-22 05:57 . 2013-01-22 16:12 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Avg2013
2013-01-22 05:57 . 2013-01-22 05:57 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\MFAData
2013-01-22 05:39 . 2008-04-14 10:42 221184 ----a-w- c:\windows\system32\wmpns.dll
2013-01-22 05:39 . 2013-01-22 05:39 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2013-01-22 05:31 . 2013-01-22 05:31 -------- d-----w- c:\windows\ServicePackFiles
2013-01-22 05:28 . 2008-04-14 10:42 15872 ----a-w- c:\windows\system32\perfmon.exe
2013-01-22 05:27 . 2002-08-29 09:00 9728 ----a-w- c:\windows\system32\label.exe
2013-01-22 05:25 . 2008-04-14 10:42 549888 ----a-w- c:\windows\system32\appwiz.cpl
2013-01-22 05:08 . 2013-01-23 13:51 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-22 05:08 . 2013-01-23 13:51 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-22 04:41 . 2013-01-22 04:41 -------- d-s---w- c:\documents and settings\Owner\UserData
2013-01-22 04:32 . 2013-01-22 04:32 -------- d-----w- c:\windows\system32\config\systemprofile\.javaws
2013-01-22 04:30 . 1995-07-31 18:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2013-01-22 04:29 . 2008-04-14 05:49 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-01-22 04:29 . 2008-04-14 05:15 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-01-22 04:29 . 2013-01-22 04:29 -------- d-----w- c:\windows\Downloaded Installations
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-24 05:39 . 2013-01-24 05:39 14635 ----a-w- C:\TDSSKiller.2.8.15.0_23.01.2013_16.13.37_log.txt.zip
2013-01-22 05:34 . 2013-01-22 05:34 126976 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\ContentUpdater.exe
2013-01-22 05:34 . 2013-01-22 05:34 106496 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\PluginCtrl.dll
2013-01-22 05:34 . 2013-01-22 05:34 77824 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\WinVerifyTrust.dll
2013-01-22 05:34 . 2013-01-22 05:34 49152 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\PCHI18N.dll
2013-01-22 05:34 . 2013-01-22 05:34 122880 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\SearchCtrl.dll
2013-01-22 05:34 . 2013-01-22 05:34 159744 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\PCHButton.exe
2012-11-16 04:33 . 2012-11-16 04:33 94048 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-11-02 02:02 . 2002-12-12 14:14 375296 ----a-w- c:\windows\system32\dpnet.dll
2013-01-16 20:11 . 2013-01-22 06:09 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\program files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [2003-06-23 24576]
"NVIEW"="nview.dll" [2003-05-03 835654]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 90112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-06-14 49152]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-08-23 151597]
"AutoTKit"="c:\hp\bin\AUTOTKIT.EXE" [2003-06-19 53248]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-03 4640768]
"nwiz"="nwiz.exe" [2003-05-03 323584]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 139264]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office 11\Programs\QFSCHD110.EXE" [2003-03-07 77887]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSubtract.exe [2003-8-28 552960]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-6-13 233472]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-9-20 53248]
Updates from HP.lnk - c:\program files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-8-23 16384]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
"c:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
.
R?2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [11/15/2012 11:34 PM 5814904]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [10/15/2012 3:48 AM 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 3:46 AM 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/14/2012 3:05 AM 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [10/22/2012 1:02 PM 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/21/2012 3:45 AM 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/2/2012 3:30 AM 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/21/2012 3:46 AM 164832]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 1:54 PM 116608]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [10/22/2012 1:05 PM 196664]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [1/22/2013 1:38 AM 398184]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/22/2013 1:38 AM 682344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/22/2013 1:38 AM 21104]
S2 mrtRate;mrtRate; [x]
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-24 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 0e3eb492-cbf8-45c6-b942-0acf4ac16323.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-01-23 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d5461f6d-cebd-4812-b517-c079b1b30ec8.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://finance.yahoo.com/
uDefault_Search_URL = hxxp://srch-us9.hpwis.com/
mSearch Bar = hxxp://srch-us9.hpwis.com/
uInternet Settings,ProxyOverride = localhost
LSP: SpSubLSP.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\nnyvx7il.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://finance.yahoo.com/|about:home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=w3i&type=W3i_DS,157,0_0,Search,20130104,6902,0,64,0&p=
FF - ExtSQL: 2013-01-23 12:13;
[email protected]; c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\nnyvx7il.default\extensions\
[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Itibiti.exe - c:\program files\Itibiti Soft Phone\Itibiti.exe
HKLM-Run-PS2 - c:\windows\system32\ps2.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2013-01-24 20:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(980)
c:\program files\Softex\OmniPass\opxpgina.dll
.
- - - - - - - > 'lsass.exe'(1036)
c:\windows\system32\SpSubLSP.dll
.
Completion time: 2013-01-24 20:24:08
ComboFix-quarantined-files.txt 2013-01-25 01:24
.
Pre-Run: 97,788,686,336 bytes free
Post-Run: 99,170,217,984 bytes free
.
- - End Of File - - 5E52485F841AA08D2EF9B3C46C8C11DC