johnb35,
thanks for all your help. so far so good. Here is the log
ComboFix 12-08-17.03 - SJK05CC 08/18/2012 8:03.7.1 - x86
Running from: c:\documents and settings\sjk05cc\My Documents\Koscielak\Computer\ComboFix\ComboFix.exe
Command switches used :: c:\documents and settings\sjk05cc\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_!SASCORE
-------\Legacy_SASKUTIL
-------\Service_!SASCORE
-------\Service_SABKUTIL
-------\Service_SASKUTIL
.
.
((((((((((((((((((((((((( Files Created from 2012-07-18 to 2012-08-18 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 18:46 . 2010-07-17 14:01 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-23 02:02 . 2011-04-21 15:26 529562 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-06-04 22:35 . 2007-07-31 00:18 222448 ----a-w- c:\windows\system32\muweb.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-07-25_02.57.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-05 19:32 . 2012-08-17 01:17 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-02-05 14:41 . 2012-08-17 01:17 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-02-05 14:41 . 2012-07-22 20:54 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-09-02 02:44 . 2012-08-15 00:43 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2011-09-02 02:44 . 2012-07-25 00:44 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2012-06-24 13:13 . 2012-07-22 20:54 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-08-05 19:32 . 2012-08-17 01:17 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-08-05 03:23 . 2012-07-06 03:06 772544 c:\windows\system32\npDeployJava1.dll
+ 2012-08-05 03:23 . 2012-07-06 03:06 227760 c:\windows\system32\javaws.exe
+ 2012-08-05 03:23 . 2012-08-05 03:22 174064 c:\windows\system32\javaw.exe
+ 2012-08-05 03:23 . 2012-08-05 03:22 174064 c:\windows\system32\java.exe
+ 2012-08-05 03:25 . 2012-08-05 03:25 176128 c:\windows\Installer\24d4c40.msi
+ 2012-08-05 03:24 . 2012-08-05 03:25 457216 c:\windows\Installer\24d4c3b.msi
+ 2012-08-05 03:22 . 2012-08-05 03:22 863744 c:\windows\Installer\24d4c37.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-30 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2004-04-01 22:48 24668 ---ha-w- c:\windows\system32\ckpNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1123561945-1715567821-839522115-2218\Scripts\Logon\0\0]
"Script"=\\northamerica.gbcglobal.local\SysVol\northamerica.gbcglobal.local\scripts\SMSINST.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1123561945-1715567821-839522115-2218\Scripts\Logon\1\0]
"Script"=\\northamerica.gbcglobal.local\SysVol\northamerica.gbcglobal.local\scripts\DST_Patch.bat
.
[HKLM\~\startupfolder\C:^Documents and Settings^sjk05cc^Start Menu^Programs^Startup^eFax 4.4.lnk]
path=c:\documents and settings\sjk05cc\Start Menu\Programs\Startup\eFax 4.4.lnk
backup=c:\windows\pss\eFax 4.4.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 07:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 02:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2010-07-29 07:47 95576 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-03-15 02:09 2565520 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2011-03-28 17:40 1611160 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4]
2010-07-02 18:24 95744 ----a-w- c:\program files\eFax Messenger 4.4\J2GDllCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScannerSelectorEX]
2011-01-15 22:48 452016 ----a-w- c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 10:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 16:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-10-30 13:47 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-03-09 12:30 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SR_WatchDog"=2 (0x2)
"SR_Service"=2 (0x2)
"Bonjour Service"=2 (0x2)
"YahooAUService"=2 (0x2)
"idsvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"TomTomHOMEService"=2 (0x2)
"ServiceLayer"=3 (0x3)
"SeaPort"=2 (0x2)
"S24EventMonitor"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"MatSvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"FsUsbExService"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"WudfSvc"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"UPS"=3 (0x3)
"TrkWks"=2 (0x2)
"Fax"=2 (0x2)
"avast! Antivirus"=2 (0x2)
"IMFservice"=2 (0x2)
"helpsvc"=2 (0x2)
"!SASCORE"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*
isabled
xpsp2res.dll,-22009
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/3/2012 9:33 AM 610648]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/3/2012 9:33 AM 337112]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/3/2012 9:33 AM 20696]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/26/2012 10:59 AM 655944]
R2 Scap;SecureClient Application Policy Module;c:\windows\system32\drivers\scap.sys [5/30/2008 6:03 PM 17424]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [5/30/2008 6:03 PM 670128]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [5/30/2008 6:03 PM 2041744]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/17/2010 9:01 AM 22344]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [4/21/2005 10:58 PM 92550]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [7/11/2010 4:06 PM 49208]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2/27/2012 9:07 PM 253600]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [9/6/2011 4:34 PM 36608]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12/27/2010 11:50 PM 30969208]
S3 OMVA;VPN-1 SecureClient Adapter;c:\windows\system32\drivers\OMVA.sys [5/30/2008 6:03 PM 14924]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [9/6/2011 4:34 PM 238952]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/30/2010 8:47 AM 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/30/2010 8:47 AM 135664]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [3/9/2011 7:30 AM 92592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page =
https://mail.google.com/mail/?shva=1#inbox
uInternet Connection Wizard,ShellNext = hxxp://myacco/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: adobe.com
Trusted Zone: computerforum.com
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\v4.update
Trusted Zone: microsoft.com\www
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2012-08-18 08:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\avast! sandbox
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1848)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\crypserv.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
c:\windows\system32\CCM\CcmExec.exe
.
**************************************************************************
.
Completion time: 2012-08-18 08:40:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-18 13:40
ComboFix2.txt 2012-08-13 02:13
ComboFix3.txt 2012-08-04 16:33
ComboFix4.txt 2012-07-25 03:01
ComboFix5.txt 2012-08-18 12:59
.
Pre-Run: 1,797,857,280 bytes free
Post-Run: 1,989,730,304 bytes free
.
- - End Of File - - A636902512392C77A9E1711A1BDA5EBC