Inactive Question about my Vista thread

It you think your computer is still infected.....

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
I don't think it is, but better safe than sorry,thanks.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.08.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
sdees :: SDEES-PC-MIGET2 [administrator]

9/8/2012 7:20:36 PM
mbam-log-2012-09-08 (19-20-36).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 315125
Time elapsed: 35 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-09-08 21:23:23
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600AAJS-22L7A0 rev.01.03E01
Running: nhmyg1yl.exe; Driver: C:\Users\sdees\AppData\Local\Temp\pwxorpod.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8F631966]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----
 
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by sdees at 21:25:05 on 2012-09-08
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.1791.953 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\eProtection\Service\eProtectionServ.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.kirotv.com
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vz32&d=0110&m=vl410g
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = <local>;*.local
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Shopping Assistant Plugin: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.6.4\PriceGongIE.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SpecialSavings: {74f475fa-6c75-43bd-aab9-ecda6184f600} - c:\program files\specialsavings\SpecialSavingsSinged.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [c:\dl31df.tmp] c:\DL31DF.tmp AUTOMATICUPDATECHECK=yes
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Facebook Update] "c:\users\sdees\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Google Update] "c:\users\sdees\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Apanel] c:\acersw\config\SetApanel.cmd
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe
mRun: [eRecoveryService]
mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\specialsavings\SpecialSavingsSinged.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.85/WebSlingPlayer.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 184.16.33.54
TCP: Interfaces\{06A5C46C-5C78-45B4-8CB2-636B1175F385} : DhcpNameServer = 192.168.1.1 184.16.33.54
TCP: Interfaces\{15AFD585-8A16-430D-B11E-0325F9EB1B38} : DhcpNameServer = 192.168.1.1 184.16.33.54
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sdees\appdata\roaming\mozilla\firefox\profiles\zkaqpwwn.default\
FF - prefs.js: browser.startup.homepage - www.kirotv.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\sdees\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-9-7 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-9-7 355632]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-9-7 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-9-7 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-9-7 44808]
R2 eProtection;eProtection Service;c:\program files\acer\eprotection\service\eProtectionServ.exe [2008-4-7 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-9-7 1153368]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2v.sys [2008-9-29 449536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-9-7 250056]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]
S3 hcwhdpvr;Hauppauge HD PVR Capture Device;c:\windows\system32\drivers\hcwhdpvr.sys [2010-3-4 157184]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-9-7 114144]
S3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2007-12-14 570880]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-9-7 27192]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2010-3-7 19968]
.
=============== Created Last 30 ================
.
2012-09-08 22:09:45 -------- d-----w- c:\users\sdees\appdata\local\Avg2013
2012-09-08 21:52:40 -------- d-----w- c:\users\sdees\appdata\roaming\TuneUp Software
2012-09-08 21:46:22 -------- d-----w- c:\users\sdees\appdata\local\MFAData
2012-09-08 19:50:12 -------- d-----w- c:\program files\ESET
2012-09-08 01:46:44 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-08 01:46:28 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-07 20:25:28 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-07 20:25:26 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-09-07 20:24:46 41224 ----a-w- c:\windows\avastSS.scr
2012-09-07 19:00:15 -------- d-----w- c:\users\sdees\appdata\roaming\SUPERAntiSpyware.com
2012-09-07 18:59:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-07 18:59:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-07 18:51:52 -------- d-----w- c:\program files\SpywareBlaster
2012-09-07 18:48:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-07 18:48:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-07 18:46:54 -------- d-----w- c:\users\sdees\appdata\roaming\Malwarebytes
2012-09-07 18:46:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-07 18:46:40 -------- d-----w- c:\programdata\Malwarebytes
2012-09-07 18:46:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-07 16:53:26 -------- d-----w- c:\program files\Belarc
2012-09-07 16:47:38 -------- d-----w- c:\program files\common files\Java(0)
2012-09-07 16:39:32 -------- d-----w- c:\programdata\AVAST Software
2012-09-07 16:39:32 -------- d-----w- c:\program files\AVAST Software
2012-09-07 16:27:06 -------- d-----w- c:\users\sdees\appdata\local\VS Revo Group
2012-09-07 16:27:03 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-09-07 16:27:02 -------- d-----w- c:\program files\VS Revo Group
2012-09-07 16:25:32 -------- d-----w- c:\users\sdees\appdata\local\Macromedia
2012-09-07 16:25:06 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 16:25:06 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-21 06:45:32 -------- d-----w- c:\users\sdees\appdata\roaming\PerformerSoft
2012-08-21 06:45:25 17464 ----a-w- c:\windows\system32\roboot.exe
2012-08-21 06:45:19 -------- d-----w- c:\programdata\InstallBrainService
2012-08-21 06:42:14 -------- d-----w- c:\users\sdees\appdata\local\Apps
2012-08-21 05:30:22 -------- d-----w- c:\program files\Yontoo
2012-08-21 05:30:18 -------- d-----w- c:\programdata\Tarma Installer
2012-08-21 05:30:13 -------- d-----w- c:\programdata\IBUpdaterService
2012-08-21 05:29:55 -------- d-----w- c:\users\sdees\appdata\local\CRE
2012-08-21 05:29:20 -------- d-----w- c:\program files\PriceGong
2012-08-21 05:29:16 -------- d-----w- c:\users\sdees\appdata\local\Savings Sidekick
2012-08-21 05:29:15 -------- d-----w- c:\program files\SpecialSavings
2012-08-21 05:29:13 -------- d-----w- c:\program files\Savings Sidekick
2012-08-16 17:10:59 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-16 01:45:14 623616 ----a-w- c:\windows\system32\localspl.dll
.
==================== Find3M ====================
.
2012-09-08 01:46:00 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-08 07:28:40 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-08-08 07:28:40 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 21:25:30.13 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume2
Install Date: 1/7/2010 8:53:01 PM
System Uptime: 9/8/2012 8:43:49 PM (1 hours ago)
.
Motherboard: Acer | | FRS690L
Processor: AMD Athlon(tm) Dual Core Processor 5600B | Socket AM2 | 2900/199mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 67 GiB total, 19.663 GiB free.
D: is FIXED (NTFS) - 67 GiB total, 62.299 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\3&2B8E0B4B&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\3&2B8E0B4B&0
Service: i8042prt
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
32 Bit HP CIO Components Installer
8000A809_BasicWeb
8000A809_Help_BasicWeb
AAC Decoder
Acer Assist
Acer Registration
Acer ScreenSaver
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Client Installation Program
ATI Catalyst Install Manager
Audacity 1.3.12 (Unicode)
AutoUpdate
avast! Free Antivirus
AVG 2011
AVG 2013
Belarc Advisor 8.2
Bing Rewards Client Installer
Bonjour
BPDSoftware_Ini
Business Contact Manager for Outlook 2007 SP2
Canon MP560 series MP Drivers
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
DivX Codec
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
Download Updater (AOL LLC)
eProtection
ESET Online Scanner v3
Facebook Video Calling 1.2.0.159
Google Chrome
Graboid Video 3.26
H.264 Decoder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Officejet Pro 8000 A809 Series
InstallBrain Updater Service
ITECIR Driver
iTunes
Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 22
LightScribe 1.4.142.1
Linksys Dual-Band Wireless-N USB Network Adapter
Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MKV Splitter
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
OGA Notifier 2.0.0048.0
Pando Media Booster
PowerDVD
Presto! PageManager 7.12.20
PriceGong 2.6.4
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Revo Uninstaller Pro 2.5.8
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
SpecialSavings
Spybot - Search & Destroy
SpywareBlaster 4.6
SUPERAntiSpyware
Toolbox
TVersity Codec Pack 1.2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
VLC media player 2.0.3
Vz In Home Agent
WD Discovery Software
WebReg
Windows Driver Package - ITE Tech.Inc. (itecir) HIDClass (06/20/2007 5.0.0004.2)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Yontoo 1.10.02
.
==== Event Viewer Messages From Past Week ========
.
9/8/2012 9:12:15 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer PageManager PDF Writer with shared resource name PageManager PDF Writer. Error 1722. The printer cannot be used by others on the network.
9/8/2012 8:45:21 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
9/8/2012 8:45:13 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
9/8/2012 8:44:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: archlp
9/8/2012 8:44:22 PM, Error: Service Control Manager [7000] - The osaio service failed to start due to the following error: The system cannot find the file specified.
9/8/2012 8:44:22 PM, Error: Service Control Manager [7000] - The netlimiter service failed to start due to the following error: The system cannot find the file specified.
9/8/2012 3:07:44 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
9/8/2012 3:04:27 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: After starting, the service hung in a start-pending state.
9/8/2012 3:04:04 PM, Error: Service Control Manager [7022] - The HP Network Devices Support service hung on starting.
9/8/2012 3:03:23 PM, Error: Service Control Manager [7022] - The Function Discovery Provider Host service hung on starting.
9/8/2012 2:58:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
9/8/2012 2:58:54 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/8/2012 2:56:36 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
9/8/2012 2:52:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect.
9/8/2012 2:52:47 PM, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/8/2012 12:10:34 PM, Error: Service Control Manager [7024] - The AVG WatchDog service terminated with service-specific error 3758161981 (0xE001003D).
9/7/2012 6:05:29 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer PageManager PDF Writer with shared resource name PageManager PDF Writer. Error 2114. The printer cannot be used by others on the network.
9/7/2012 11:21:57 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer PIUS-VAIO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{15AFD585-8A16-430D-B11E-0325F9EB. The master browser is stopping or an election is being forced.
9/7/2012 11:05:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
9/7/2012 11:05:17 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
9/7/2012 11:04:37 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: archlp aswSnx aswSP aswTdi i8042prt spldr Wanarpv6
9/7/2012 11:04:37 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/7/2012 11:04:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/7/2012 11:04:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/7/2012 11:03:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/7/2012 11:03:36 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
9/7/2012 11:03:10 AM, Error: EventLog [6008] - The previous system shutdown at 11:00:05 AM on 9/7/2012 was unexpected.
9/7/2012 10:21:56 AM, Error: EventLog [6008] - The previous system shutdown at 10:20:11 AM on 9/7/2012 was unexpected.
9/5/2012 10:05:37 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer PIUS-VAIO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{06A5C46C-5C78-45B4-8CB2-636B1175. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================
 
So far I don't see much....

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 12-09-09.02 - sdees 09/08/2012 21:45:20.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.1791.841 [GMT -7:00]
Running from: c:\users\sdees\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Savings Sidekick
c:\program files\Savings Sidekick\Savings Sidekick.ico
c:\program files\Savings Sidekick\Savings Sidekick.ini
c:\program files\Savings Sidekick\Savings SidekickInstaller.log
c:\users\sdees\AppData\Local\Savings Sidekick
c:\users\sdees\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-09 to 2012-09-09 )))))))))))))))))))))))))))))))
.
.
2012-09-09 04:55 . 2012-09-09 04:56 -------- d-----w- c:\users\sdees\AppData\Local\temp
2012-09-09 04:55 . 2012-09-09 04:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-09 04:55 . 2012-09-09 04:55 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-09-08 22:09 . 2012-09-08 22:09 -------- d-----w- c:\users\sdees\AppData\Local\Avg2013
2012-09-08 21:52 . 2012-09-08 21:52 -------- d-----w- c:\users\sdees\AppData\Roaming\TuneUp Software
2012-09-08 21:49 . 2012-09-08 22:01 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Avg2013
2012-09-08 21:46 . 2012-09-08 21:46 -------- d-----w- c:\users\sdees\AppData\Local\MFAData
2012-09-08 19:50 . 2012-09-08 19:50 -------- d-----w- c:\program files\ESET
2012-09-08 01:47 . 2012-09-08 01:47 -------- d-----w- c:\program files\Common Files\Java
2012-09-08 01:46 . 2012-09-08 01:46 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-08 01:46 . 2012-09-08 01:46 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-08 01:00 . 2012-09-08 01:03 -------- d-----w- c:\users\sdees\AppData\Roaming\vlc
2012-09-07 20:25 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-07 20:25 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-07 20:25 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-09-07 20:25 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-07 20:25 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-07 20:25 . 2012-08-21 09:13 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-09-07 20:24 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-07 16:27 . 2012-09-07 16:27 -------- d-----w- c:\users\sdees\AppData\Local\VS Revo Group
2012-09-07 16:27 . 2009-12-30 18:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-09-07 16:27 . 2012-09-07 16:27 -------- d-----w- c:\program files\VS Revo Group
2012-09-07 16:25 . 2012-09-07 16:25 -------- d-----w- c:\users\sdees\AppData\Local\Macromedia
2012-09-07 16:25 . 2012-09-07 18:31 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 16:25 . 2012-09-07 18:31 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-21 06:45 . 2012-08-21 06:49 -------- d-----w- c:\users\sdees\AppData\Roaming\PerformerSoft
2012-08-21 06:45 . 2012-09-08 20:13 -------- d-----w- c:\programdata\InstallBrainService
2012-08-21 06:42 . 2012-08-21 06:42 -------- d-----w- c:\users\sdees\AppData\Local\Apps
2012-08-21 05:30 . 2012-09-08 20:11 -------- d-----w- c:\program files\Yontoo
2012-08-21 05:30 . 2012-08-21 05:30 -------- d-----w- c:\programdata\Tarma Installer
2012-08-21 05:30 . 2012-08-21 05:30 -------- d-----w- c:\programdata\IBUpdaterService
2012-08-21 05:29 . 2012-08-21 05:29 -------- d-----w- c:\users\sdees\AppData\Local\CRE
2012-08-21 05:29 . 2012-08-21 05:29 -------- d-----w- c:\program files\PriceGong
2012-08-21 05:29 . 2012-08-21 05:29 -------- d-----w- c:\program files\SpecialSavings
2012-08-16 17:10 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-16 01:45 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-08 01:46 . 2010-11-24 21:20 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-08 07:28 . 2008-04-07 21:41 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-08-08 07:28 . 2008-04-07 21:41 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-07 18:39 . 2012-09-07 16:12 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-07 4780928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-09 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2007-04-11 26704]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-08-08 296096]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-4-7 535336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 18:31]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-792927261-3644060313-3262130061-1003Core.job
- c:\users\sdees\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-17 19:24]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-792927261-3644060313-3262130061-1003UA.job
- c:\users\sdees\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-17 19:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.kirotv.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\SpecialSavings\SpecialSavingsSinged.dll
TCP: DhcpNameServer = 192.168.1.1 184.16.33.54
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\users\sdees\AppData\Roaming\Mozilla\Firefox\Profiles\zkaqpwwn.default\
FF - prefs.js: browser.startup.homepage - www.kirotv.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
HKCU-Run-c:\dl31df.tmp - c:\DL31DF.tmp
HKCU-Run-Facebook Update - c:\users\sdees\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKLM-Run-Apanel - c:\acersw\config\SetApanel.cmd
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe
HKLM-Run-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
AddRemove-AVG - c:\program files\AVG\AVG2013\avgmfapx.exe
AddRemove-InstallBrain Updater Service - c:\programdata\InstallBrainService\ibsvc.exe
AddRemove-RealPlayer 15.0 - c:\program files\real\realplayer\Update\r1puninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-08 21:56
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Completion time: 2012-09-08 22:03:19
ComboFix-quarantined-files.txt 2012-09-09 05:03
.
Pre-Run: 21,523,152,896 bytes free
Post-Run: 21,597,241,344 bytes free
.
- - End Of File - - 98874A6123E914EE80DAB5A73995027A
 
I think MBAM got most of it when you ran it in your other topic.
You should be good to go :)
 
You're very welcome
th_smiley_says_hello.gif
 
  • Like
Reactions: learninmypc
You must log in or register to reply here.

Similar threads

Cal Jeffrey
Vision Pro users are angry the device has no reset or recovery measures for password loss
Replies
7
Views
246
Cal Jeffrey
Cal Jeffrey
midian182
Xbox still has plans for day-one Activision Blizzard titles on Game Pass
Replies
3
Views
170
Revolution 11
R
Daniel Sims
The Pokémon Company is investigating Palworld and the potential for IP violation
2
Replies
30
Views
577
Burty117
Burty117

Latest posts

Back