Thank you for your help, SuperDave.
What I mean by "It logs me out every time I change a page" is that, on some sites, I will log in. Then, after I log in, when I click a link to navigate through the website, on arrival of the next page I will not be logged in anymore. Or, like Facebook, when I log in it automatically loads a new page that prompts me to log in again.
And, in HijackThis, none of those options were there so I did not have to do anything.
Here are the logs:
Combofix Log
ComboFix 10-01-04.01 - Aaron Tholl 02/05/2010 15:50:00.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2772 [GMT -7:00]
Running from: c:\documents and settings\Aaron Tholl\My Documents\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100105-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\grecorder.dll
c:\windows\system32\SIntf16.dll
.
((((((((((((((((((((((((( Files Created from 2010-01-05 to 2010-02-05 )))))))))))))))))))))))))))))))
.
2010-02-05 22:25 . 2010-02-05 22:25 -------- d-----w- c:\program files\AGEIA Technologies
2010-02-05 22:25 . 2010-02-05 22:25 -------- d-----w- c:\windows\system32\AGEIA
2010-02-05 22:25 . 2010-02-05 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-02-05 22:25 . 2010-02-05 22:26 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-05 22:24 . 2009-11-21 02:34 69632 ----a-w- c:\windows\system32\OpenCL.dll
2010-02-05 22:24 . 2009-11-21 02:34 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-02-05 22:24 . 2009-11-21 02:34 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-02-05 22:24 . 2009-11-21 02:34 2293286 ----a-w- c:\windows\system32\nvdata.bin
2010-02-05 22:24 . 2009-11-21 02:34 11374592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-02-05 22:24 . 2010-02-05 22:24 -------- d-----w- C:\NVIDIA
2010-02-05 11:32 . 2008-05-30 21:17 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2010-02-03 19:40 . 2010-02-03 19:40 -------- d-sh--w- c:\documents and settings\asdfsda\PrivacIE
2010-02-03 19:40 . 2010-02-03 19:40 -------- d-----w- c:\documents and settings\asdfsda\Application Data\Yahoo!
2010-02-03 19:39 . 2010-02-03 19:46 -------- d-----w- c:\documents and settings\asdfsda\Local Settings\Application Data\AskToolbar
2010-02-03 19:38 . 2010-02-03 19:38 -------- d-----w- c:\documents and settings\asdfsda\Local Settings\Application Data\Mozilla
2010-02-03 19:33 . 2010-02-03 19:48 -------- d-----w- c:\documents and settings\asdfsda\Application Data\Apple Computer
2010-02-02 21:31 . 2010-02-02 21:31 -------- d-----w- c:\program files\Trend Micro
2010-02-02 19:12 . 2010-02-02 19:16 -------- d-----w- c:\documents and settings\Aaron Tholl\Application Data\Xfire
2010-02-02 19:12 . 2010-02-02 19:13 -------- d-----w- c:\program files\Xfire
2010-02-02 18:36 . 2009-03-27 08:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2010-02-02 18:36 . 2010-02-02 18:36 -------- d-----w- c:\program files\CPUID
2010-02-02 17:45 . 2010-02-02 17:45 -------- d-----w- c:\program files\ZD Soft
2010-02-02 17:41 . 2010-02-02 17:44 -------- d-----w- c:\program files\Warcraft III
2010-02-01 12:30 . 2010-02-01 12:30 -------- d-----w- c:\program files\Audacity
2010-02-01 02:25 . 2010-02-03 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-02-01 02:25 . 2010-02-01 02:25 -------- d-----w- c:\documents and settings\Aaron Tholl\Application Data\Yahoo!
2010-02-01 02:25 . 2010-02-01 02:25 -------- d-----w- c:\program files\Yahoo!
2010-02-01 02:25 . 2010-02-01 02:25 -------- d-----w- c:\program files\CCleaner
2010-02-01 02:24 . 2010-02-02 20:28 52224 ----a-w- c:\documents and settings\Aaron Tholl\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-01 02:24 . 2010-02-02 20:28 117760 ----a-w- c:\documents and settings\Aaron Tholl\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-01 02:23 . 2010-02-01 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-01 02:23 . 2010-02-01 02:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-01 02:23 . 2010-02-01 02:23 -------- d-----w- c:\documents and settings\Aaron Tholl\Application Data\SUPERAntiSpyware.com
2010-02-01 02:22 . 2010-02-01 02:22 -------- d-----w- c:\documents and settings\Aaron Tholl\Application Data\Malwarebytes
2010-02-01 02:22 . 2009-12-30 21:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-01 02:22 . 2010-02-01 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-01 02:22 . 2010-02-01 02:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-01 02:22 . 2009-12-30 21:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-01 00:35 . 2010-02-01 00:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
2010-02-01 00:35 . 2010-02-01 00:35 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 22:35 . 2009-10-17 07:38 -------- d-----w- c:\documents and settings\Aaron Tholl\Application Data\uTorrent
2010-02-05 22:25 . 2009-10-08 21:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-05 22:21 . 2009-12-31 04:55 -------- d-----w- c:\program files\SystemRequirementsLab
2010-02-05 21:55 . 2009-12-27 01:36 -------- d-----w- c:\documents and settings\Aaron Tholl\Application Data\Skype
2010-02-05 16:03 . 2010-02-05 11:32 -------- d-----w- c:\program files\Cryptic Studios
2010-02-05 15:08 . 2009-12-27 01:38 -------- d-----w- c:\documents and settings\Aaron Tholl\Application Data\skypePM
2010-02-05 11:28 . 2009-09-26 17:39 -------- d-----w- c:\program files\LogMeIn
2010-02-03 19:32 . 2010-02-03 19:32 -------- d-----w- c:\documents and settings\asdfsda\Application Data\HP
2010-02-03 19:32 . 2010-02-03 19:32 41184 ----a-w- c:\documents and settings\asdfsda\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-03 19:32 . 2010-02-03 19:32 130 ----a-w- c:\documents and settings\asdfsda\Local Settings\Application Data\fusioncache.dat
2010-02-02 17:49 . 2009-09-09 22:23 1 ----a-w- c:\documents and settings\Aaron Tholl\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-31 07:00 . 2009-12-31 07:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\CyberLink
2009-12-31 06:58 . 2009-12-31 06:58 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-12-31 06:58 . 2009-09-08 03:35 41184 ----a-w- c:\documents and settings\Aaron Tholl\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-31 06:58 . 2009-12-31 06:58 -------- d-----w- c:\documents and settings\Aaron Tholl\Application Data\CyberLink
2009-12-31 06:52 . 2009-12-31 06:52 -------- d-----w- c:\program files\Sonic Foundry
2009-12-31 06:52 . 2009-12-31 06:52 -------- d-----w- c:\program files\Pure Motion
2009-12-31 06:52 . 2009-12-31 06:52 -------- d-----w- c:\program files\DebugMode
2009-12-31 06:43 . 2009-09-08 03:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-31 06:41 . 2009-12-31 06:39 -------- d-----w- c:\program files\CyberLink
2009-12-31 04:55 . 2009-12-31 04:55 138240 ----a-w- c:\documents and settings\Aaron Tholl\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2009-12-31 04:55 . 2009-12-31 04:55 138240 ----a-w- c:\documents and settings\Aaron Tholl\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2009-12-31 04:55 . 2009-12-31 04:55 138240 ----a-w- c:\documents and settings\Aaron Tholl\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2009-12-31 04:55 . 2009-12-31 04:55 -------- d-----w- c:\documents and settings\Aaron Tholl\Application Data\SystemRequirementsLab
2009-12-31 04:55 . 2009-12-31 04:55 138240 ----a-w- c:\documents and settings\Aaron Tholl\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2009-12-30 21:57 . 2009-12-30 21:57 -------- d-----w- c:\program files\Cucusoft
2009-12-30 10:38 . 2009-12-30 10:38 -------- d-----w- c:\program files\Electronic Arts
2009-12-30 07:06 . 2009-12-30 07:06 -------- d-----w- c:\program files\Alwil Software
2009-12-30 04:34 . 2009-12-30 04:34 -------- d-----w- c:\documents and settings\Aaron Tholl\Application Data\Petroglyph
2009-12-30 04:33 . 2009-12-30 04:33 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2009-12-30 04:17 . 2009-12-29 07:27 -------- d-----w- c:\program files\LucasArts
2009-12-29 07:33 . 2009-09-08 03:49 -------- d-----w- c:\program files\Activision
2009-12-27 01:38 . 2009-12-27 01:38 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-27 01:36 . 2009-12-27 01:36 -------- d-----r- c:\program files\Skype
2009-12-27 01:36 . 2009-12-27 01:36 -------- d-----w- c:\program files\Common Files\Skype
2009-12-27 01:36 . 2009-12-27 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-12-27 00:29 . 2009-12-27 00:27 -------- d-----w- c:\program files\MSN Toolbar Installer
2009-12-27 00:28 . 2009-12-27 00:28 -------- d-----w- c:\program files\Microsoft
2009-12-27 00:28 . 2009-12-27 00:28 -------- d-----w- c:\program files\MSN Toolbar
2009-12-27 00:26 . 2009-09-09 22:20 -------- d-----w- c:\program files\Java
2009-12-27 00:26 . 2009-12-27 00:26 152576 ----a-w- c:\documents and settings\Aaron Tholl\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-27 00:11 . 2009-12-27 00:11 79488 ----a-w- c:\documents and settings\Aaron Tholl\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-26 05:41 . 2009-12-26 05:41 -------- d-----w- c:\program files\Windows Media Connect 2
2009-12-25 20:08 . 2009-12-25 20:02 -------- d-----w- c:\documents and settings\Aaron Tholl\Application Data\Apple Computer
2009-12-25 20:04 . 2009-10-31 08:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-25 20:02 . 2009-12-25 20:01 -------- d-----w- c:\program files\iTunes
2009-12-25 20:02 . 2009-12-25 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-25 20:01 . 2009-12-25 20:01 -------- d-----w- c:\program files\iPod
2009-12-25 20:01 . 2009-11-04 14:41 -------- d-----w- c:\program files\Common Files\Apple
2009-12-25 20:01 . 2009-12-15 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-25 20:01 . 2009-12-25 20:01 -------- d-----w- c:\program files\Bonjour
2009-12-17 03:08 . 2009-11-14 23:05 -------- d-----w- c:\program files\Starcraft
2009-12-15 16:07 . 2009-12-15 16:07 -------- d-----w- c:\program files\QuickTime
2009-12-02 01:23 . 2009-09-12 19:41 1248 ----a-w- c:\windows\War3Unin.dat
2009-11-30 19:37 . 2009-11-30 19:37 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-24 23:54 . 2009-12-30 07:06 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-12-30 07:07 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-12-30 07:07 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-12-30 07:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-12-30 07:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-12-30 07:07 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-12-30 07:07 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-12-30 07:07 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-12-30 07:07 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 03:32 . 2009-11-21 03:32 278120 ----a-w- c:\windows\system32\nvmccs.dll
2009-11-21 03:32 . 2009-11-21 03:32 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2009-11-21 03:32 . 2009-11-21 03:32 145000 ----a-w- c:\windows\system32\nvcolor.exe
2009-11-21 03:32 . 2009-11-21 03:32 12669544 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-21 03:32 . 2009-11-21 03:32 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-21 03:32 . 2009-11-21 03:32 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-11-21 02:34 . 2009-09-08 03:32 592488 ----a-w- c:\windows\system32\nvudisp.exe
2009-11-21 02:34 . 2008-01-30 12:52 13602816 ----a-w- c:\windows\system32\nvoglnt.dll
2009-11-21 02:34 . 2008-01-03 22:26 6282752 ----a-w- c:\windows\system32\nv4_disp.dll
2009-11-21 02:34 . 2008-01-03 22:26 4038656 ----a-w- c:\windows\system32\nvcuda.dll
2009-11-21 02:34 . 2008-01-03 22:26 182888 ----a-w- c:\windows\system32\nvcodins.dll
2009-11-21 02:34 . 2008-01-03 22:26 182888 ----a-w- c:\windows\system32\nvcod.dll
2009-11-21 02:34 . 2008-01-03 22:26 1056768 ----a-w- c:\windows\system32\nvapi.dll
2009-11-21 02:34 . 2008-01-03 22:26 10235968 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-11-20 04:42 . 2009-09-08 03:30 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-14 23:05 . 2009-11-14 23:05 32738 ----a-w- c:\windows\scunin.dat
2009-11-14 23:05 . 2009-11-14 23:05 967 ----a-w- c:\windows\ScUnin.pif
2009-11-14 23:05 . 2009-11-14 23:05 94208 ----a-w- c:\windows\ScUnin.exe
2009-11-13 00:07 . 2009-11-13 00:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-11 04:56 . 2009-10-13 09:05 74072 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-08 06:09 . 2009-09-08 03:58 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-08 05:39 . 2009-09-08 03:58 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Aaron Tholl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-08 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-14 198160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]
c:\documents and settings\Aaron Tholl\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2009-9-7 987136]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-01 17:40 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/30/2009 12:07 AM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/30/2009 12:07 AM 20560]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2/2/2010 11:36 AM 12672]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 11:41 AM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [9/26/2009 10:39 AM 47640]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/7/2009 10:38 PM 721904]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 1:22 PM 34064]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [9/7/2009 8:27 PM 176128]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [9/7/2009 8:27 PM 13532]
S4 LMIRfsClientNP;LMIRfsClientNP;
.
Contents of the 'Scheduled Tasks' folder
2010-02-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
2010-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1284227242-1417001333-1003Core.job
- c:\documents and settings\Aaron Tholl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-08 04:53]
2010-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1284227242-1417001333-1003UA.job
- c:\documents and settings\Aaron Tholl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-08 04:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Aaron Tholl\Application Data\Mozilla\Firefox\Profiles\0rjmaort.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15153&l=dis
FF - prefs.js: keyword.URL -
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Aaron Tholl\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Musicnotes\npmusicn.dll
FF - plugin: c:\program files\Musicnotes\NPSibelius.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-nwiz - nwiz.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-02-05 15:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(776)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2010-02-05 15:53:44
ComboFix-quarantined-files.txt 2010-02-05 22:53
Pre-Run: 135,102,029,824 bytes free
Post-Run: 135,255,506,944 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - B5A927D6D57E7EBA3D34E2530C362D43
HijackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:01:13 PM, on 2/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\Aaron Tholl\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Aaron Tholl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) -
http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 9915 bytes