Internet Explorer 8 - Please Help!

S

shayne

New Member
Hi guys,

I use a Sony Vaio VGN-Z21WN operating Vindows Vista 32-bit, and am currently having problems with Internet Explorer. All other browsers I have installed work fine.

Basically when I open Internet Explorer, the window opens but everything is inactive. A big white empty page appears (not even action cancelled or anything), and also the red top right hand cross doesn't work. Changes colour as if to signify it's responding, but doesn't actually close the window. So I have to CTRL+ALT and DEL the bleeding thing. Everything within the menu's is inactive other than the compatability option, and a few other things that do not really help at all.

I tried upgrading to Internet Explorer 9, but it still has the same problem oddly.

Any help would be greatly appreciated! :)

Shay
 
sfc /scannow http://www.updatexp.com/scannow-sfc.html

Also google dial-a-fix, download and open it, tick the boxes in the registration center, click go. Dial-a-fix hasn't been updated for newer versions of IE, but some of the dll files are still used by the later verions if I recall rightly, so it might fix it, and won't do any harm in any case.
 
One assumes IE8 was running OK previously. You should scan for malware.

Re DAF, the software was written in 2006 so beware. Wiki has the following warning:

Dial-a-fix does not work with any Windows OS higher than Windows XP. This includes Windows Vista, Windows 7.
Dial-a-fix also has a critical unpatched bug that will delete your C:\Documents folder.
It is highly recommended to read the Warnings page before downloading and using this software.
 
Thanks for the advice guys.

Yes it was previously working ok, then my virus software picked up a virus. After the file went in to quarantine, I deleted it. That's when I experienced the issue.

Also seem to be experiencing difficulties with Windows Defender, as it is now turned off and won't let me turn it back on!

Is there a free spyware/malware program that you would recommend?
 
Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com but DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
 
Thanks John. Just about to restart my laptop after malwarebytes found no less than 13 infections! If that was a human, a clinic visit would definitely be in their future. :)

The log file from malwarebytes is below:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5972

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

06/03/2011 10:08:40
mbam-log-2011-03-06 (10-08-40).txt

Scan type: Quick scan
Objects scanned: 150216
Time elapsed: 3 minute(s), 53 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
c:\Users\tiger12\AppData\Local\Temp\Dkm.exe (Trojan.Agent) -> 3772 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KUGHGZXAKT (Trojan.Agent) -> Value: KUGHGZXAKT -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\tiger12\AppData\Local\Temp\Dkm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\tiger12\AppData\Local\Temp\Dko.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\tiger12\AppData\Local\Temp\Dkk.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\tiger12\AppData\Local\Temp\Dkn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Dmekua.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
 
Hi John,

Here is the hijackthis log file.




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:23:42, on 06/03/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Users\tiger12\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\InternetEverywhere\Launcher.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Users\tiger12\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tiger12\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tiger12\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tiger12\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\tiger12\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [5NZQ29B3L2] C:\Users\tiger12\AppData\Local\Temp\Dkj.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Launcher.lnk = C:\Program Files\InternetEverywhere\Launcher.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: IviRegMgr - InterVideo - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: WTGService - Unknown owner - C:\Program Files\InternetEverywhere\WTGService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12728 bytes
 
You are still infected, please do the following.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
Combofix log file:


ComboFix 11-03-05.02 - tiger12 06/03/2011 17:04:53.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.3002.1505 [GMT 0:00]
Running from: c:\users\tiger12\Downloads\ComboFix.exe
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-06 to 2011-03-06 )))))))))))))))))))))))))))))))
.
.
2011-03-06 17:12 . 2011-03-06 17:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-06 11:03 . 2011-03-06 11:03 231248 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2011-03-06 11:03 . 2011-03-06 11:03 -------- d-----w- c:\program files\TrueCrypt
2011-03-06 10:23 . 2011-03-06 10:23 388096 ----a-r- c:\users\tiger12\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-06 10:23 . 2011-03-06 10:23 -------- d-----w- c:\program files\Trend Micro
2011-03-06 09:49 . 2011-03-06 09:49 -------- d-----w- c:\users\tiger12\AppData\Roaming\Malwarebytes
2011-03-06 09:49 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-06 09:49 . 2011-03-06 09:49 -------- d-----w- c:\programdata\Malwarebytes
2011-03-06 09:49 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-06 09:49 . 2011-03-06 09:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-06 00:45 . 2011-03-06 00:45 -------- d-----w- c:\users\tiger12\AppData\Roaming\Apple Computer
2011-03-05 22:31 . 2011-03-05 22:31 40960 ----a-r- c:\users\tiger12\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2011-03-05 22:31 . 2011-03-05 22:31 40960 ----a-r- c:\users\tiger12\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2011-03-05 22:31 . 2011-03-05 22:37 -------- d-----w- c:\program files\Project64 1.6
2011-03-05 22:08 . 2011-03-05 22:08 -------- d-----w- c:\program files\LibUSB-Win32-0.1.10.1
2011-03-05 22:08 . 2005-03-09 20:50 19456 ----a-w- c:\windows\system32\libusbd-9x.exe
2011-03-05 22:08 . 2005-03-09 20:50 18944 ----a-w- c:\windows\system32\libusbd-nt.exe
2011-03-05 22:08 . 2005-03-09 20:50 33792 ----a-w- c:\windows\system32\drivers\libusb0.sys
2011-03-05 22:08 . 2005-03-09 20:50 46592 ----a-w- c:\windows\system32\libusb0.dll
2011-03-05 20:43 . 2008-06-07 21:03 131000 ----a-r- c:\windows\system32\drivers\WimFltr.sys
2011-03-05 19:07 . 2011-03-05 19:07 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-05 18:57 . 2011-03-05 18:59 -------- d-----w- c:\program files\Microsoft User Agent String Utility
2011-03-05 18:55 . 2011-03-05 18:55 -------- d-----w- c:\users\tiger12\AppData\Local\Microsoft_Corporation
2011-03-05 11:12 . 2011-03-05 11:12 -------- d-----w- c:\users\tiger12\AppData\Local\ElevatedDiagnostics
2011-03-05 11:09 . 2011-03-05 11:10 -------- d-----w- c:\program files\Microsoft ATS
2011-03-05 10:45 . 2011-03-05 10:45 -------- d-----w- c:\program files\Feedback Tool
2011-03-05 09:10 . 2011-03-05 09:10 -------- d-----w- c:\users\tiger12\AppData\Local\{F05367C9-1F8A-4FB0-B1B9-A7812F046DCA}
2011-03-04 23:25 . 2011-03-04 23:25 -------- d-----w- c:\users\tiger12\AppData\Roaming\Avira
2011-03-04 23:20 . 2011-01-10 14:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-04 23:20 . 2011-01-10 14:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-04 23:20 . 2011-03-04 23:20 -------- d-----w- c:\programdata\Avira
2011-03-04 23:20 . 2011-03-04 23:20 -------- d-----w- c:\program files\Avira
2011-03-04 21:56 . 2011-03-04 21:56 -------- d-----w- c:\program files\BitTorrent
2011-03-04 21:55 . 2011-03-04 22:40 -------- d-----w- c:\users\tiger12\AppData\Roaming\BitTorrent
2011-03-04 21:19 . 2011-03-04 21:19 -------- d-----w- c:\windows\Sun
2011-03-04 21:17 . 2011-03-04 21:17 135168 --sha-r- c:\windows\system32\KBDSORST4.dll
2011-03-04 20:22 . 2011-03-04 20:22 -------- d-----w- c:\users\tiger12\AppData\Local\{7C9BE6CC-91DA-4AF6-B5A2-6D36EABE4EE6}
2011-03-04 12:02 . 2011-03-04 12:02 -------- d-----w- c:\users\tiger12\AppData\Local\{B505D819-7C8E-42DC-86FA-A7C899F3D908}
2011-03-04 10:56 . 2011-02-23 09:35 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{22614A93-F7D1-442D-A805-2BE23DA858EE}\mpengine.dll
2011-03-04 10:04 . 2011-03-04 10:04 -------- d-----w- c:\users\tiger12\AppData\Local\{E5388044-528F-455C-B2DA-34AAD218B8FF}
2011-03-04 08:58 . 2011-03-04 08:58 -------- d-----w- c:\users\tiger12\AppData\Local\{AF8DED43-E85F-40D2-8F17-049E9410ABFC}
2011-03-04 08:40 . 2011-03-04 08:40 -------- d-----w- c:\users\tiger12\AppData\Local\{F264356C-646E-4DC7-9161-53F166A853B3}
2011-03-04 08:35 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-03-03 23:13 . 2011-03-03 23:13 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-03-03 23:13 . 2011-03-03 23:13 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-03-03 23:13 . 2011-03-03 23:13 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-03-03 23:13 . 2011-03-03 23:13 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-03-03 23:13 . 2011-03-03 23:13 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-03-03 23:13 . 2011-03-03 23:13 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-03-03 23:13 . 2011-03-03 23:13 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-03-03 23:11 . 2011-03-03 23:13 -------- d-----w- c:\program files\QuickTime
2011-03-03 23:11 . 2011-03-03 23:11 -------- d-----w- c:\programdata\Apple Computer
2011-03-03 23:10 . 2011-03-03 23:10 -------- d-----w- c:\program files\Common Files\Apple
2011-03-03 23:10 . 2011-03-03 23:10 -------- d-----w- c:\users\tiger12\AppData\Local\Apple
2011-03-03 23:10 . 2011-03-03 23:10 -------- d-----w- c:\program files\Apple Software Update
2011-03-03 23:10 . 2011-03-03 23:10 -------- d-----w- c:\programdata\Apple
2011-03-03 21:53 . 2011-03-03 21:53 -------- d-----w- c:\users\tiger12\AppData\Local\{19F3D1D0-2AA1-4D7E-84A0-66FDF89F1915}
2011-03-03 20:01 . 2011-03-03 20:01 -------- d-----w- c:\users\tiger12\AppData\Local\{D9AFB7B1-0CCB-47E9-937E-1363F4C37E4A}
2011-03-03 18:04 . 2011-03-03 18:07 -------- d-----w- c:\users\tiger12\AppData\Roaming\FileZilla
2011-03-03 18:04 . 2011-03-03 18:04 -------- d-----w- c:\program files\FileZilla FTP Client
2011-03-03 11:03 . 2011-03-03 11:03 -------- d-----w- c:\users\tiger12\AppData\Local\{E9425B30-A6B1-456F-9F82-AAEF5BC2EFE2}
2011-03-03 11:03 . 2011-03-03 11:03 -------- d-----w- c:\users\tiger12\AppData\Local\{F5465E9D-F006-465D-936B-7B3BD5B50690}
2011-03-02 22:05 . 2011-03-03 13:56 -------- d-----w- c:\users\tiger12\AppData\Roaming\InternetEverywhere
2011-03-02 21:59 . 2011-03-02 21:58 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-03-02 21:59 . 2011-03-02 21:58 112128 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-03-02 21:59 . 2011-03-02 21:58 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-03-02 21:59 . 2011-03-02 21:58 103040 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2011-03-02 21:59 . 2011-03-02 21:58 100224 ----a-w- c:\windows\system32\drivers\ewsercd.sys
2011-03-02 21:58 . 2011-03-02 21:58 -------- d-----w- c:\program files\InternetEverywhere
2011-03-02 21:56 . 2011-03-02 21:56 -------- d-----w- c:\users\tiger12\AppData\Local\{1BE334A5-9029-4603-98B7-F58664B15597}
2011-03-02 20:01 . 2011-03-02 20:01 -------- d-----w- c:\program files\Common Files\SWF Studio
2011-03-02 09:50 . 2011-03-02 09:50 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-03-02 09:46 . 2011-03-02 09:46 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-03-02 09:43 . 2011-03-02 09:43 -------- d-----w- c:\users\tiger12\AppData\Local\{15A0A71B-B9A0-474D-AA6E-AF5B2D7D4D7F}
2011-03-01 21:51 . 2009-09-10 14:58 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2011-03-01 21:51 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2011-03-01 21:48 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-03-01 21:45 . 2009-10-23 17:10 714240 ----a-w- c:\windows\system32\timedate.cpl
2011-03-01 21:45 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2011-03-01 21:45 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-01 21:45 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-01 21:42 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2011-03-01 21:42 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-03-01 21:42 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-03-01 21:42 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2011-03-01 21:42 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2011-03-01 21:42 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-03-01 21:42 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-03-01 21:42 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2011-03-01 21:42 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-03-01 12:03 . 2011-03-01 12:03 -------- d-----w- c:\users\tiger12\AppData\Local\{E11A9E80-1197-4F24-A59E-C63C0439BCAD}
2011-03-01 00:03 . 2011-03-01 00:03 -------- d-----w- c:\users\tiger12\AppData\Local\{9B5DCC73-C5C5-4CC6-9532-AFE6EF17C8EC}
2011-03-01 00:02 . 2011-03-05 09:10 -------- d-----w- c:\users\tiger12\Tracing
2011-02-28 22:47 . 2009-09-04 17:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-02-28 22:47 . 2009-09-04 17:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-02-28 22:47 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-02-28 22:42 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2011-02-28 22:39 . 2011-03-03 11:03 -------- d-----w- c:\users\tiger12\AppData\Local\Windows Live
2011-02-28 22:25 . 2011-02-28 22:25 -------- d-----w- c:\program files\Windows Portable Devices
2011-02-28 22:20 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-02-28 22:20 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-02-28 22:20 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-02-28 21:58 . 2011-02-28 21:58 -------- d-----w- c:\windows\system32\ca-ES
2011-02-28 21:58 . 2011-02-28 21:58 -------- d-----w- c:\windows\system32\eu-ES
2011-02-28 21:58 . 2011-02-28 21:58 -------- d-----w- c:\windows\system32\vi-VN
2011-02-28 21:44 . 2011-02-28 21:44 -------- d-----w- c:\windows\system32\EventProviders
2011-02-28 21:42 . 2009-04-11 06:28 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2011-02-28 21:41 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2011-02-27 23:44 . 2009-11-08 10:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-02-27 23:44 . 2009-11-08 10:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-02-27 23:44 . 2009-11-08 10:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-02-27 23:44 . 2009-11-08 10:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-02-27 23:44 . 2009-11-08 10:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-02-27 23:42 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-02-27 23:42 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2011-02-27 23:42 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-27 23:42 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-27 23:42 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-27 23:37 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-02-27 23:37 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-02-27 23:35 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-02-27 22:22 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2011-02-27 22:19 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-02-27 22:06 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-02-27 22:06 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-29 01:23 . 2010-12-29 01:23 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-29 01:19 . 2010-12-29 01:19 45056 ----a-w- c:\windows\system32\ff_acm.acm
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2010-12-01 11:27 2735200 ----a-w- c:\program files\ZoneAlarm_Security\tbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-06-06 06:16 2955264 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-06-06 06:16 2955264 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-07-30 262144]
"Google Update"="c:\users\tiger12\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-07-21 136176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-23 6295552]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-06-06 122880]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-06-06 49168]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2010-07-16 24576]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-11-05 738808]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-02-27 273544]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-23 13531680]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-23 92704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-23 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-23 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-23 145944]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe [2008-8-22 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-21 768552]
Launcher.lnk - c:\program files\InternetEverywhere\Launcher.exe [2011-3-2 472528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-06-06 06:03 90112 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-16 01:04 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2011-03-02 103040]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2008-06-26 22944]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-11-05 26872]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-11-05 488952]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [2005-03-09 18944]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-07-30 299008]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-07-23 104992]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-08-07 411488]
S2 WTGService;WTGService;c:\program files\InternetEverywhere\WTGService.exe [2009-09-09 308688]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-07-31 29736]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-07-15 225920]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2008-02-18 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2008-02-08 59648]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-04-01 9344]
S3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys [2008-04-01 14720]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-711950495-1988841939-1711625005-1003Core.job
- c:\users\tiger12\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-27 16:32]
.
2011-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-711950495-1988841939-1711625005-1003UA.job
- c:\users\tiger12\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-27 16:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-06 17:16
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(756)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'Explorer.exe'(988)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\system32\NVSVC.DLL
c:\program files\TeamViewer\Version6\tv_w32.dll
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\fxsst.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Protector Suite QL\upeksvr.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\DllHost.exe
c:\program files\TeamViewer\Version6\TeamViewer.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
c:\program files\TeamViewer\Version6\tv_w32.exe
c:\windows\System32\rundll32.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-03-06 17:21:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-06 17:21
.
Pre-Run: 157,505,806,336 bytes free
Post-Run: 157,263,826,944 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,17
- - End Of File - - 286766DC1FCF3630A9FF27F6BF63AF29
 
Malwarebytes updated log:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5972

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

06/03/2011 17:30:54
mbam-log-2011-03-06 (17-30-54).txt

Scan type: Quick scan
Objects scanned: 151765
Time elapsed: 4 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)
 
You have one entry in your hijackthis log and quite a few in the combofix log that i'm concerned about.


I'm gonna ask you to run a couple other programs first.

1. download and run superantispyware from here.

http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html

After installing, update it and run a scan then post its logfile. You can find its logfile by clicking on prefernces on the main page and then click on the statistics/logs tab and then open the log and copy and paste it in a reply.

2.

Please download and run the ESET Online Scanner
Disable any antivirus/security programs.
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates, install and then start scanning your system.
When the scan is done, push list of found threats
Click on Export to text file , and save the file to your desktop using a file name, such as ESETlog. Include the contents of this report in your next reply.
If no threats are found then it won't produce a log.
 
You must log in or register to reply here.
Back
Top