Windows 7: Web Browser Opens Up Random Sites?

bp96 · 18 Jan 2010

Firefox, Internet Explorer and Google Chrome open up random sites which are blank most of the time and have a long URL but sometimes some malicious websites open up which are blocked by WOT in Firefox. The sites usually open up every couple of hours at random times. I've scanned my computer with SuperAntispyware, Avast!, A2 and Malwarebytes. None of them have found anything apart from SuperAntispyware which keeps on finding tracking cookies in C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies with names on text files with the word 'ad' inside it. However, the tracking cookies keep on coming back (I don't know if they are the same ones). Any ideas on how to remove this annoying piece of malware?

By the way, I've tried XDelBox/ XDelScan but it did not find anything.

Zen00 · 18 Jan 2010

First, uninstall all anti-spyware/malware/virus programs on your computer.

Next run the Windows Malicious Software Removal Tool

If that doesn't find anything, then download, install, update, and run the Microsoft Security Essentials

If the last doesn't work, then you may have a new bug and need to do a clean install.

Also you could try uninstalling all your browsers and reinstalling them and seeing if it was just a fluke.

Orpheous · 18 Jan 2010

It could be just ad tracking cookies, but it sounds to me more like a browser hijacker.
Can you download and install HijackThis (HijackThis - Trend Micro USA) run and save a logfile, then post back with the logfile attached (paperclip icon).

*WARNING* HijackThis scans your registry, so it's important that you don't delete any random entries with HijackThis. Deleting stuff randomly can and probably will ruin your installation.

Zen00 · 18 Jan 2010

I would have suggested that too, but I don't know how to read the log files.

jav · 18 Jan 2010

Quote: Originally Posted by Zen00

I would have suggested that too, but I don't know how to read the log files.

You will learn

bp96 · 18 Jan 2010

HijackThis Log:

Code:

 Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:16:15, on 18/01/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Users\Brijesh Patel\Documents\CoreTemp32\Core Temp.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Brijesh Patel\Desktop\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Core Temp] "C:\Users\Brijesh Patel\Documents\CoreTemp32\Core Temp.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequireme...eqlab_srlx.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB929842-C69D-49F1-BCF1-183BECE4CD17}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{BB929842-C69D-49F1-BCF1-183BECE4CD17}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{BB929842-C69D-49F1-BCF1-183BECE4CD17}: NameServer = 8.8.8.8,8.8.4.4
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PskSvcRetailInst - Unknown owner - C:\Users\BRIJES~1\AppData\Local\Temp\ISSCAN\PskSvc.exe (file missing)
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 6641 bytes

ComboFix Log

ComboFix did not help

Code:

 ComboFix 10-01-17.04 - Brijesh Patel 18/01/2010  17:41:19.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.44.1033.18.2038.971 [GMT 0:00]
Running from: c:\users\Brijesh Patel\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1482476501-2000478354-725345543-1003
c:\recycler\S-1-5-21-1482476501-2000478354-725345543-1004
c:\windows\system32\OGACheckControl.dll

.
(((((((((((((((((((((((((   Files Created from 2009-12-18 to 2010-01-18  )))))))))))))))))))))))))))))))
.

2010-01-18 11:09 . 2010-01-18 11:09    --------    d-----w-    C:\RootkitNO
2010-01-18 10:51 . 2010-01-18 10:51    2    --shatr-    c:\windows\winstart.bat
2010-01-18 10:50 . 2010-01-18 11:36    --------    d-----w-    c:\program files\UnHackMe
2010-01-18 08:23 . 2010-01-18 08:23    --------    d-----w-    c:\program files\MSXML 4.0
2010-01-17 12:15 . 2010-01-17 12:19    --------    d-----w-    c:\programdata\Pinnacle VideoSpin
2010-01-17 12:15 . 2010-01-17 12:15    --------    d-----w-    c:\program files\Pinnacle
2010-01-17 12:15 . 2010-01-17 12:15    --------    d-----w-    c:\program files\Common Files\Yahoo!
2010-01-17 12:12 . 2010-01-17 12:12    --------    d-----w-    c:\programdata\Pinnacle
2010-01-17 12:08 . 2010-01-17 12:12    --------    d-----w-    c:\users\Brijesh Patel\AppData\Local\Downloaded Installations
2010-01-16 16:41 . 2010-01-18 11:46    --------    d-----w-    c:\users\Brijesh Patel\eee
2010-01-16 16:24 . 2010-01-16 16:24    476512    ----a-w-    c:\programdata\RapidSolution\Tunebite_2009\RadioRip\RadioRip.dll
2010-01-16 16:24 . 2010-01-16 16:24    169312    ----a-w-    c:\programdata\RapidSolution\Tunebite_2009\RadioRip\PlgSoundclick.dll
2010-01-16 16:24 . 2010-01-16 16:24    128352    ----a-w-    c:\programdata\RapidSolution\Tunebite_2009\RadioRip\PlgMyspace.dll
2010-01-16 16:24 . 2010-01-16 16:24    111968    ----a-w-    c:\programdata\RapidSolution\Tunebite_2009\RadioRip\PlgPandora.dll
2010-01-16 16:24 . 2010-01-16 16:24    99680    ----a-w-    c:\programdata\RapidSolution\Tunebite_2009\RadioRip\PlgIJigg.dll
2010-01-16 16:24 . 2010-01-16 16:24    230752    ----a-w-    c:\programdata\RapidSolution\Tunebite_2009\RadioRip\PlgHypemachine.dll
2010-01-16 16:24 . 2010-01-16 16:24    111968    ----a-w-    c:\programdata\RapidSolution\Tunebite_2009\RadioRip\PlgLastfm.dll
2010-01-16 16:24 . 2010-01-16 16:24    87392    ----a-w-    c:\programdata\RapidSolution\Tunebite_2009\RadioRip\PlgDefault.dll
2010-01-16 16:24 . 2010-01-16 16:24    140640    ----a-w-    c:\programdata\RapidSolution\Tunebite_2009\RadioRip\PlgDeezer.dll
2010-01-16 16:24 . 2010-01-16 16:24    120160    ----a-w-    c:\programdata\RapidSolution\Tunebite_2009\RadioRip\PlgGeneral.dll
2010-01-16 16:24 . 2010-01-16 16:24    495616    ----a-w-    c:\programdata\RapidSolution\Tunebite_2009\EncodingBackend\lame_enc.dll
2010-01-16 16:23 . 2010-01-16 16:23    --------    d-----w-    c:\program files\PixiePack Codec Pack
2010-01-16 16:20 . 2010-01-16 16:35    --------    d-----w-    c:\program files\RapidSolution
2010-01-16 16:20 . 2010-01-16 16:20    --------    d-----w-    c:\programdata\RapidSolution
2010-01-16 16:20 . 2010-01-16 16:20    --------    d-----w-    c:\users\Brijesh Patel\AppData\Local\RapidSolution
2010-01-16 15:54 . 2009-12-04 12:01    25704    ----a-w-    c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2010-01-16 15:21 . 2010-01-17 13:52    --------    d-----w-    c:\users\Brijesh Patel\AppData\Local\WMTools Downloaded Files
2010-01-16 15:11 . 2010-01-16 15:11    --------    d-----w-    c:\program files\Movie Maker 2.6
2010-01-16 15:08 . 2010-01-16 15:07    38784    ----a-w-    c:\users\Brijesh Patel\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-16 15:08 . 2010-01-16 15:07    38784    ----a-w-    c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-16 15:08 . 2010-01-16 15:08    --------    d-----w-    c:\program files\Common Files\Adobe AIR
2010-01-16 12:10 . 2010-01-16 13:59    --------    d-----w-    c:\program files\PowerMenu
2010-01-13 18:52 . 2010-01-13 18:52    --------    d-----w-    c:\program files\Lavasoft
2010-01-13 16:46 . 2010-01-13 16:46    6944624    ----a-w-    c:\programdata\Lavasoft\Ad-Aware\Update\aaw2008_upd.exe
2010-01-13 16:44 . 2010-01-13 16:46    --------    d-----w-    c:\programdata\Lavasoft
2010-01-13 15:53 . 2010-01-13 17:16    --------    d-----w-    c:\program files\FreeTime
2010-01-13 15:53 . 2009-10-19 14:10    108544    ----a-w-    c:\windows\system32\t2embed.dll
2010-01-13 15:53 . 2009-10-19 14:10    70656    ----a-w-    c:\windows\system32\fontsub.dll
2010-01-11 20:05 . 2010-01-11 20:05    37920    ----a-w-    c:\windows\system32\drivers\tbhsd.sys
2010-01-11 16:30 . 2010-01-11 16:32    --------    d-----w-    c:\users\Brijesh Patel\AppData\Local\Adobe
2010-01-10 12:39 . 2010-01-10 12:39    --------    d-----w-    c:\program files\Common Files\logishrd
2010-01-10 12:09 . 2009-11-24 23:49    48560    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2010-01-10 12:09 . 2009-11-24 23:48    23120    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2010-01-10 12:08 . 2009-11-24 23:50    114768    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2010-01-10 12:08 . 2009-11-24 23:50    20560    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2010-01-10 12:08 . 2009-11-24 23:47    97480    ----a-w-    c:\windows\system32\AvastSS.scr
2010-01-10 12:08 . 2009-11-24 23:54    1280480    ----a-w-    c:\windows\system32\aswBoot.exe
2010-01-10 12:08 . 2009-11-24 23:49    53328    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2010-01-10 12:02 . 2010-01-10 12:03    --------    d-----w-    c:\windows\$regcmp$
2010-01-10 09:10 . 2010-01-07 16:07    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-10 09:10 . 2010-01-10 09:10    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-01-10 09:10 . 2010-01-07 16:07    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-01-09 16:55 . 2010-01-09 16:55    --------    d-----w-    c:\programdata\F-Secure
2010-01-09 15:46 . 2010-01-09 15:47    --------    d-----w-    C:\SDFix
2010-01-09 15:30 . 2010-01-10 11:51    13896    ----a-w-    c:\windows\system32\drivers\hitmanpro35.sys
2010-01-09 15:29 . 2010-01-09 15:33    --------    d-----w-    c:\programdata\Hitman Pro
2010-01-09 15:29 . 2010-01-09 15:29    --------    d-----w-    c:\program files\Hitman Pro 3.5
2010-01-09 14:26 . 2010-01-09 14:28    --------    d-sh--w-    c:\users\Brijesh Patel\.COMMgr
2010-01-03 16:26 . 2008-01-21 07:54    485376    ----a-w-    c:\windows\system32\mspaint.exe
2010-01-01 13:14 . 2010-01-01 13:15    --------    d-----w-    c:\program files\SpeedBit Video Accelerator
2009-12-24 13:24 . 2009-12-24 13:24    --------    d-----w-    c:\programdata\Sony Corporation
2009-12-24 11:58 . 2009-12-24 12:01    --------    d-----w-    c:\users\Brijesh Patel\AppData\Roaming\ImgBurn
2009-12-24 11:38 . 2009-12-24 11:38    --------    d-----w-    c:\program files\ImgBurn
2009-12-22 13:53 . 2009-12-22 13:53    --------    d-----w-    c:\users\Brijesh Patel\AppData\Local\Yahoo
2009-12-22 13:53 . 2009-12-22 13:53    --------    d-----w-    c:\users\Brijesh Patel\AppData\Roaming\Yahoo!
2009-12-22 13:43 . 2009-12-22 13:43    --------    d-----w-    c:\programdata\Yahoo!
2009-12-22 13:43 . 2009-11-10 16:08    607544    ----a-w-    c:\programdata\Yahoo!\YUpdater\yupdater.exe
2009-12-22 13:40 . 2009-12-22 13:43    --------    d-----w-    c:\program files\Yahoo!

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-18 10:50 . 2009-10-24 17:44    --------    d-----w-    c:\program files\Java
2010-01-18 09:03 . 2009-10-24 17:30    117760    ----a-w-    c:\users\Brijesh Patel\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-17 17:53 . 2009-10-24 18:30    115096    ----a-w-    c:\users\Other Users\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-17 17:46 . 2009-10-25 17:43    --------    d-----w-    c:\users\Brijesh Patel\AppData\Roaming\vlc
2010-01-17 12:19 . 2009-10-24 16:54    115096    ----a-w-    c:\users\Brijesh Patel\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-14 16:52 . 2009-10-24 17:28    --------    d-----w-    c:\program files\Common Files\Wise Installation Wizard
2010-01-13 16:15 . 2009-12-18 08:53    52224    ----a-w-    c:\users\Brijesh Patel\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-13 16:13 . 2009-12-05 21:21    --------    d-----w-    c:\program files\a-squared Free
2010-01-13 15:58 . 2009-10-25 07:38    --------    d-----w-    c:\programdata\Microsoft Help
2010-01-10 15:08 . 2009-10-26 17:07    --------    d-----w-    c:\programdata\SpeedBit
2010-01-10 14:56 . 2009-10-24 17:47    --------    d-----w-    c:\program files\Mp3tag
2010-01-10 14:55 . 2009-10-24 17:47    --------    d-----w-    c:\users\Brijesh Patel\AppData\Roaming\Mp3tag
2010-01-10 13:01 . 2010-01-10 12:39    0    ----a-w-    c:\windows\system32\drivers\lvuvc.hs
2010-01-09 21:33 . 2009-12-10 08:10    --------    d-----w-    c:\program files\SpywareBlaster
2010-01-09 13:51 . 2009-10-24 17:52    --------    d-----w-    c:\program files\AviSynth 2.5
2010-01-03 12:38 . 2009-07-13 23:40    249856    ----a-w-    c:\windows\system32\uxtheme.dll
2010-01-03 12:38 . 2009-07-13 23:39    2755072    ----a-w-    c:\windows\system32\themeui.dll
2010-01-03 12:38 . 2009-07-13 23:39    37376    ----a-w-    c:\windows\system32\themeservice.dll
2009-12-30 10:35 . 2009-10-24 17:15    --------    d-----w-    c:\program files\BatteryBar
2009-12-30 10:35 . 2009-10-24 17:16    --------    d-----w-    c:\users\Brijesh Patel\AppData\Roaming\BatteryBar
2009-12-26 15:01 . 2009-10-24 17:37    --------    d-----w-    c:\program files\Google
2009-12-24 18:29 . 2009-10-25 16:01    --------    d-----w-    c:\program files\Sony
2009-12-24 13:24 . 2009-10-25 16:28    --------    d--h--w-    c:\program files\InstallShield Installation Information
2009-12-19 14:31 . 2009-10-24 18:03    --------    d-----w-    c:\program files\The KMPlayer
2009-12-18 16:35 . 2009-12-18 16:34    --------    d-----w-    c:\program files\QuickTime
2009-12-18 16:34 . 2009-12-18 16:34    --------    d-----w-    c:\programdata\Apple Computer
2009-12-16 20:12 . 2009-11-16 18:20    --------    d-----w-    c:\users\Brijesh Patel\AppData\Roaming\ICAClient
2009-12-12 10:18 . 2009-12-12 10:18    --------    d-----w-    c:\program files\Gameloft
2009-12-11 17:42 . 2009-12-11 17:42    0    ----a-w-    c:\programdata\RapidSolution\GUIcommon.dll
2009-12-11 15:59 . 2009-12-11 15:59    --------    d-----w-    c:\program files\ThreatFire
2009-12-11 15:59 . 2009-12-11 15:59    --------    d-----w-    c:\programdata\PC Tools
2009-12-04 19:00 . 2009-12-04 19:00    --------    d-----w-    c:\users\Brijesh Patel\AppData\Roaming\Ashampoo
2009-11-29 15:18 . 2009-11-29 15:18    444952    ----a-w-    c:\windows\system32\wrap_oal.dll
2009-11-29 15:18 . 2009-11-29 15:18    --------    d-----w-    c:\program files\OpenAL
2009-11-29 15:18 . 2009-11-29 15:18    109080    ----a-w-    c:\windows\system32\OpenAL32.dll
2009-11-28 17:11 . 2009-11-28 17:11    138240    ----a-w-    c:\users\Brijesh Patel\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2009-11-28 17:11 . 2009-11-28 17:11    138240    ----a-w-    c:\users\Brijesh Patel\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2009-11-28 17:11 . 2009-11-28 17:11    138240    ----a-w-    c:\users\Brijesh Patel\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2009-11-28 17:11 . 2009-11-28 17:11    138240    ----a-w-    c:\users\Brijesh Patel\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2009-11-28 17:11 . 2009-10-29 10:24    --------    d-----w-    c:\users\Brijesh Patel\AppData\Roaming\SystemRequirementsLab
2009-11-28 13:14 . 2009-11-28 13:01    --------    d-----w-    c:\program files\Opera
2009-11-26 19:14 . 2009-11-26 19:14    --------    d-----w-    c:\program files\Auslogics
2009-11-26 17:15 . 2009-11-26 17:15    --------    d-----w-    c:\program files\Citrix
2009-11-23 12:49 . 2009-12-11 15:59    59664    ----a-w-    c:\windows\system32\drivers\TfSysMon.sys
2009-11-23 12:49 . 2009-12-11 15:59    33552    ----a-w-    c:\windows\system32\drivers\TfNetMon.sys
2009-11-23 12:49 . 2009-12-11 15:59    51984    ----a-w-    c:\windows\system32\drivers\TfFsMon.sys
2009-11-17 07:45 . 2009-11-17 07:45    247296    ----a-w-    c:\users\Brijesh Patel\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_d_ind.dll
2009-11-17 07:45 . 2009-11-17 07:45    247296    ----a-w-    c:\users\Brijesh Patel\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_c_ind.dll
2009-11-17 07:45 . 2009-11-17 07:45    247296    ----a-w-    c:\users\Brijesh Patel\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_b_ind.dll
2009-11-17 07:45 . 2009-11-17 07:45    247296    ----a-w-    c:\users\Brijesh Patel\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_a_ind.dll
2009-11-15 08:53 . 2009-11-15 08:53    20480    ----a-w-    c:\users\Brijesh Patel\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.dll
2009-11-15 08:53 . 2009-11-15 08:53    18944    ----a-w-    c:\users\Brijesh Patel\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.dll
2009-11-15 08:53 . 2009-11-15 08:53    17408    ----a-w-    c:\users\Brijesh Patel\AppData\Roaming\LimeWire\browser\xulrunner\components\auth.dll
2009-11-15 08:53 . 2009-11-15 08:53    8192    ----a-w-    c:\users\Brijesh Patel\AppData\Roaming\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2009-11-15 08:53 . 2009-11-15 08:53    20480    ----a-w-    c:\users\Brijesh Patel\AppData\Roaming\LimeWire\browser\xulrunner\IA2Marshal.dll
2009-11-02 20:42 . 2009-12-13 18:33    195456    ------w-    c:\windows\system32\MpSigStub.exe
2009-10-29 10:24 . 2009-10-29 10:24    247296    ----a-w-    c:\users\Brijesh Patel\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_9_0_d_ind.dll
2009-10-29 10:24 . 2009-10-29 10:24    247296    ----a-w-    c:\users\Brijesh Patel\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_9_0_c_ind.dll
2009-10-29 10:24 . 2009-10-29 10:24    247296    ----a-w-    c:\users\Brijesh Patel\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_9_0_b_ind.dll
2009-10-29 10:24 . 2009-10-29 10:24    247296    ----a-w-    c:\users\Brijesh Patel\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_9_0_a_ind.dll
2009-10-29 07:22 . 2009-11-24 19:19    2048    ----a-w-    c:\windows\system32\tzres.dll
2009-10-25 13:53 . 2009-10-25 13:53    720896    ----a-w-    c:\windows\iun6002.exe
2009-10-24 17:13 . 2009-10-24 17:13    0    ----a-w-    c:\windows\nsreg.dat
2009-06-10 21:26 . 2009-07-14 02:04    9633792    --sha-r-    c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42    396800    --sha-w-    c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Core Temp"="c:\users\Brijesh Patel\Documents\CoreTemp32\Core Temp.exe" [2009-10-24 378384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2009-11-23 378128]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21    548352    ----a-w-    c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OfficeSAS.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk
backup=c:\windows\pss\OfficeSAS.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Brijesh Patel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerMenu.lnk]
path=c:\users\Brijesh Patel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerMenu.lnk
backup=c:\windows\pss\PowerMenu.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08    35696    ----a-w-    c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-11 17:15    173592    ----a-w-    c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-11 17:15    141848    ----a-w-    c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-01-07 16:07    1394000    ----a-w-    c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 15:39    5244216    ----a-w-    c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-11 17:15    150552    ----a-w-    c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 23:08    417792    ----a-w-    c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-06-26 00:39    4489216    ----a-w-    c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-06-26 00:39    1826816    ----a-w-    c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 04:17    149280    ----a-w-    c:\program files\Java\jre6\bin\jusched.exe

R0 TfFsMon;TfFsMon;c:\windows\System32\drivers\TfFsMon.sys [11/12/2009 15:59 51984]
R0 TfSysMon;TfSysMon;c:\windows\System32\drivers\TfSysMon.sys [11/12/2009 15:59 59664]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [10/01/2010 12:08 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/10/2009 20:24 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/10/2009 20:24 74480]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [05/12/2009 21:21 1858144]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [10/01/2010 12:08 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [10/01/2010 12:08 53328]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [26/10/2009 17:57 6000640]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/10/2009 20:24 7408]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [03/08/2007 5:36 9344]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\System32\drivers\VSTAZL3.SYS [13/07/2009 22:13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\System32\drivers\VSTDPV3.SYS [13/07/2009 22:13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\System32\drivers\VSTCNXT3.SYS [13/07/2009 22:13 661504]
R3 TfNetMon;TfNetMon;c:\windows\System32\drivers\TfNetMon.sys [11/12/2009 15:59 33552]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [24/10/2009 16:13 812544]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\System32\drivers\WsAudio_DeviceS(1).sys [16/01/2010 15:54 25704]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\System32\drivers\yk62x86.sys [13/07/2009 22:02 311296]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24/10/2009 17:37 133104]
S2 PskSvcRetailInst;PskSvcRetailInst;c:\users\BRIJES~1\AppData\Local\Temp\ISSCAN\PskSvc.exe --> c:\users\BRIJES~1\AppData\Local\Temp\ISSCAN\PskSvc.exe [?]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - Partizan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 16:32    8192    ----a-w-    c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-24 17:37]

2010-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-24 17:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
TCP: {BB929842-C69D-49F1-BCF1-183BECE4CD17} = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Brijesh Patel\AppData\Roaming\Mozilla\Firefox\Profiles\5xaz82fm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.google.co.uk/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-WgaLogon - (no file)
MSConfigStartUp-BCSSync - c:\program files\Microsoft Office\Office14\BCSSync.exe
MSConfigStartUp-GrooveMonitor - c:\progra~1\MIF5BA~1\Office14\GROOVEMN.EXE



**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x859A0841]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
 SecurityProcedure -> 0x84cade88
 QueryNameProcedure -> 0x84cad018
user & kernel MBR OK 

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d6,1c,11,cd,36,a4,8e,4f,aa,c8,da,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d6,1c,11,cd,36,a4,8e,4f,aa,c8,da,\

[HKEY_USERS\S-1-5-21-496605846-828089313-3777899986-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* \BBC]
"Order"=hex:08,00,00,00,02,00,00,00,dc,02,00,00,01,00,00,00,05,00,00,00,92,00,
   00,00,00,00,00,00,84,00,32,00,cd,00,00,00,00,bf,f7,e9,20,00,42,42,43,2d,42,\

[HKEY_USERS\S-1-5-21-496605846-828089313-3777899986-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* \Bookmarks bar]
"Order"=hex:08,00,00,00,02,00,00,00,9c,05,00,00,01,00,00,00,0d,00,00,00,7e,00,
   00,00,00,00,00,00,70,00,32,00,cd,00,00,00,00,61,f6,a9,20,00,43,41,4c,4c,4f,\

[HKEY_USERS\S-1-5-21-496605846-828089313-3777899986-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* \Other]
"Order"=hex:08,00,00,00,02,00,00,00,6c,00,00,00,01,00,00,00,01,00,00,00,60,00,
   00,00,00,00,00,00,52,00,31,00,00,00,00,00,00,9e,10,65,10,00,45,79,65,73,69,\

[HKEY_USERS\S-1-5-21-496605846-828089313-3777899986-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* \Other\Eyesight]
"Order"=hex:08,00,00,00,02,00,00,00,dc,07,00,00,01,00,00,00,0a,00,00,00,bc,00,
   00,00,00,00,00,00,ae,00,32,00,cd,00,00,00,00,90,52,a8,20,00,41,4e,44,52,45,\

[HKEY_USERS\S-1-5-21-496605846-828089313-3777899986-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* \PC]
"Order"=hex:08,00,00,00,02,00,00,00,bc,0e,00,00,01,00,00,00,16,00,00,00,c6,00,
   00,00,14,00,00,00,b8,00,32,00,cd,00,00,00,00,57,89,8c,20,00,5f,54,4f,4f,4c,\

[HKEY_USERS\S-1-5-21-496605846-828089313-3777899986-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* \PSP]
"Order"=hex:08,00,00,00,02,00,00,00,b2,00,00,00,01,00,00,00,01,00,00,00,a6,00,
   00,00,00,00,00,00,98,00,32,00,cd,00,00,00,00,e4,b4,8c,20,00,47,41,4d,45,57,\

[HKEY_USERS\S-1-5-21-496605846-828089313-3777899986-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* \YouTube]
"Order"=hex:08,00,00,00,02,00,00,00,7c,03,00,00,01,00,00,00,06,00,00,00,82,00,
   00,00,00,00,00,00,74,00,32,00,cd,00,00,00,00,b3,13,9e,20,00,42,45,53,54,59,\

[HKEY_USERS\S-1-5-21-496605846-828089313-3777899986-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\O*t*h*e*r* \Eyesight]
"Order"=hex:08,00,00,00,02,00,00,00,dc,07,00,00,01,00,00,00,0a,00,00,00,bc,00,
   00,00,00,00,00,00,ae,00,32,00,cd,00,00,00,00,5a,9b,20,20,00,41,4e,44,52,45,\

[HKEY_USERS\S-1-5-21-496605846-828089313-3777899986-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*C* ]
@Allowed: (Read) (RestrictedCode)
@SACL=(02 0001)
"Order"=hex:08,00,00,00,02,00,00,00,0e,0f,00,00,01,00,00,00,16,00,00,00,a2,00,
   00,00,03,00,00,00,94,00,32,00,cd,00,00,00,00,42,cf,5e,20,00,41,44,42,4c,4f,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\program files\ThreatFire\TFWAH.dll
c:\windows\system32\MPR.dll

- - - - - - - > 'lsass.exe'(540)
c:\program files\SpeedBit Video Accelerator\Accelerator.dll
c:\program files\SpeedBit Video Accelerator\CommPipe.dll
c:\program files\SpeedBit Video Accelerator\Collector.dll
c:\program files\ThreatFire\TFWAH.dll
c:\windows\system32\psbase.dll
.
Completion time: 2010-01-18  18:01:18
ComboFix-quarantined-files.txt  2010-01-18 18:01

Pre-Run: 123,391,926,272 bytes free
Post-Run: 123,737,174,016 bytes free

- - End Of File - - 1075F4874AF0E2C1274270529424340C

jav · 18 Jan 2010

can you please put tags to the log:

HTML Code:

[CODE] your log [/CODE]

Looks fine for me...

But wait for the response of the more experienced user with Hijack logs.

P.S. you are using google DNS?

Orpheous · 18 Jan 2010

Looks like you've been running quite a few different scans lately hey?
There's nothing too suspicious in there
(although I'm still not too sure about the three similar entries like this one: O17 - HKLM\System\CCS\Services\Tcpip\..\{BB929842-C69D-49F1-BCF1-183BECE4CD17}: NameServer = 8.8.8.8,8.8.4.4
Perhaps just something to do with Google products?)

Anyway, Do a full system scan in safe mode with MalwareBytes Antimalware, then SuperAntiSpyware just to be sure. Reboot, then download and install CCleaner. Run CCleaner, then run the registry scan and clean with it. Repeat the registry scan until either there are no entries found, or there is only 1.

The following are unnecessary entries and can be fixed with HJT:
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

bp96 · 18 Jan 2010

@jav
yes, i am using google dns- should i disable it?
@Zen00
windows malicious removal tool did not detect anything and neither did microsoft security essentials.

Orpheous · 18 Jan 2010

Oh, forgot to mention... If you're using the free version of SuperAntiSpyware, you can stop it from loading at system startup as it's not a real time scanner. The settings to turn it off are somewhere in SAS, or you can just use CCleaner, tools - startup - disable

Then just use it "on demand" after updating

Windows 7: Web Browser Opens Up Random Sites?

Web Browser Opens Up Random Sites? problems?