wastnawayagn

Members

View Profile See their activity

Posts
2
Joined
February 9, 2012
Last visited
February 9, 2012

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by wastnawayagn

Browser won't open Google sites

wastnawayagn replied to wastnawayagn's topic in Resolved Malware Removal Logs

Intersestingly enough, after completing the tdskiller, i opened a browser to attempt to see the next step you have listed. Google opened fine, however THIS site would not open. So i ran the tdskiller and the combofix again, and this time i didnt open browser or reboot in between and i am able to post the logs. ????? 10:06:33.0312 1036 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57 10:06:33.0671 1036 ============================================================ 10:06:33.0671 1036 Current date / time: 2012/02/09 10:06:33.0671 10:06:33.0671 1036 SystemInfo: 10:06:33.0671 1036 10:06:33.0671 1036 OS Version: 5.1.2600 ServicePack: 3.0 10:06:33.0671 1036 Product type: Workstation 10:06:33.0671 1036 ComputerName: CRANEDIVISION 10:06:33.0671 1036 UserName: RobPierce 10:06:33.0671 1036 Windows directory: C:\WINDOWS 10:06:33.0671 1036 System windows directory: C:\WINDOWS 10:06:33.0671 1036 Processor architecture: Intel x86 10:06:33.0671 1036 Number of processors: 2 10:06:33.0671 1036 Page size: 0x1000 10:06:33.0671 1036 Boot type: Normal boot 10:06:33.0671 1036 ============================================================ 10:06:35.0328 1036 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 10:06:35.0328 1036 \Device\Harddisk0\DR0: 10:06:35.0328 1036 MBR used 10:06:35.0328 1036 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8104266 10:06:35.0328 1036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x8108166, BlocksNum 0x140249A 10:06:35.0375 1036 Initialize success 10:06:35.0375 1036 ============================================================ 10:06:39.0828 1840 ============================================================ 10:06:39.0828 1840 Scan started 10:06:39.0828 1840 Mode: Manual; SigCheck; TDLFS; 10:06:39.0828 1840 ============================================================ 10:06:41.0609 1840 Abiosdsk - ok 10:06:41.0609 1840 abp480n5 - ok 10:06:41.0671 1840 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys 10:06:43.0203 1840 ac97intc - ok 10:06:43.0343 1840 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 10:06:43.0484 1840 ACPI - ok 10:06:43.0515 1840 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 10:06:43.0625 1840 ACPIEC - ok 10:06:43.0625 1840 adfs - ok 10:06:43.0671 1840 ADIHdAudAddService (53b29a84f5105a6d887b662188c93503) C:\WINDOWS\system32\drivers\ADIHdAud.sys 10:06:43.0734 1840 ADIHdAudAddService - ok 10:06:43.0765 1840 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 10:06:43.0937 1840 adpu160m - ok 10:06:43.0953 1840 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys 10:06:44.0031 1840 adpu320 ( UnsignedFile.Multi.Generic ) - warning 10:06:44.0031 1840 adpu320 - detected UnsignedFile.Multi.Generic (1) 10:06:44.0046 1840 AEAudio (b4afcc2f911939a1c16a26e7eba7f36b) C:\WINDOWS\system32\drivers\AEAudio.sys 10:06:44.0125 1840 AEAudio - ok 10:06:44.0171 1840 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 10:06:44.0296 1840 aec - ok 10:06:44.0343 1840 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 10:06:44.0406 1840 AFD - ok 10:06:44.0421 1840 Aha154x - ok 10:06:44.0437 1840 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 10:06:44.0562 1840 aic78u2 - ok 10:06:44.0578 1840 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 10:06:44.0687 1840 aic78xx - ok 10:06:44.0703 1840 AliIde - ok 10:06:44.0703 1840 amsint - ok 10:06:44.0718 1840 asc - ok 10:06:44.0734 1840 asc3350p - ok 10:06:44.0734 1840 asc3550 - ok 10:06:44.0796 1840 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 10:06:44.0921 1840 AsyncMac - ok 10:06:44.0937 1840 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 10:06:45.0062 1840 atapi - ok 10:06:45.0093 1840 Atdisk - ok 10:06:45.0140 1840 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 10:06:45.0265 1840 Atmarpc - ok 10:06:45.0281 1840 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 10:06:45.0390 1840 audstub - ok 10:06:45.0406 1840 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 10:06:45.0531 1840 Beep - ok 10:06:45.0640 1840 catchme - ok 10:06:45.0656 1840 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 10:06:45.0765 1840 cbidf2k - ok 10:06:45.0781 1840 cd20xrnt - ok 10:06:45.0812 1840 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 10:06:45.0921 1840 Cdaudio - ok 10:06:45.0953 1840 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 10:06:46.0078 1840 Cdfs - ok 10:06:46.0109 1840 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 10:06:46.0234 1840 Cdrom - ok 10:06:46.0250 1840 Changer - ok 10:06:46.0265 1840 CmdIde - ok 10:06:46.0281 1840 Cpqarray - ok 10:06:46.0296 1840 dac2w2k - ok 10:06:46.0312 1840 dac960nt - ok 10:06:46.0328 1840 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 10:06:46.0421 1840 Disk - ok 10:06:46.0484 1840 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 10:06:46.0656 1840 dmboot - ok 10:06:46.0671 1840 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 10:06:46.0781 1840 dmio - ok 10:06:46.0812 1840 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 10:06:46.0921 1840 dmload - ok 10:06:46.0937 1840 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 10:06:47.0062 1840 DMusic - ok 10:06:47.0203 1840 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 10:06:47.0359 1840 dpti2o - ok 10:06:47.0406 1840 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 10:06:47.0500 1840 drmkaud - ok 10:06:47.0531 1840 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 10:06:47.0640 1840 E100B - ok 10:06:47.0687 1840 e1express (8942419786970adb32b05bb7950aee72) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 10:06:47.0718 1840 e1express - ok 10:06:47.0765 1840 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 10:06:47.0890 1840 Fastfat - ok 10:06:47.0906 1840 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 10:06:48.0015 1840 Fdc - ok 10:06:48.0031 1840 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 10:06:48.0156 1840 Fips - ok 10:06:48.0187 1840 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 10:06:48.0296 1840 Flpydisk - ok 10:06:48.0328 1840 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 10:06:48.0437 1840 FltMgr - ok 10:06:48.0484 1840 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 10:06:48.0578 1840 Fs_Rec - ok 10:06:48.0593 1840 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 10:06:48.0703 1840 Ftdisk - ok 10:06:48.0750 1840 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 10:06:48.0859 1840 Gpc - ok 10:06:48.0906 1840 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 10:06:49.0015 1840 HDAudBus - ok 10:06:49.0046 1840 HECI (c865d1f6d03595df213dc3c67e4e4c58) C:\WINDOWS\system32\DRIVERS\HECI.sys 10:06:49.0140 1840 HECI - ok 10:06:49.0171 1840 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 10:06:49.0281 1840 HidUsb - ok 10:06:49.0296 1840 HPFXBULK - ok 10:06:49.0328 1840 HPFXBULKLEDM (6f98a555acf3c1b68fcc1f50e0fd2091) C:\WINDOWS\system32\drivers\hppcbulkio.sys 10:06:49.0343 1840 HPFXBULKLEDM - ok 10:06:49.0375 1840 HPFXFAX (7f854bd9c113b4569ce6579ea3847a2a) C:\WINDOWS\system32\drivers\hppcfaxio.sys 10:06:49.0390 1840 HPFXFAX - ok 10:06:49.0406 1840 hpn - ok 10:06:49.0437 1840 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 10:06:49.0500 1840 HPZid412 - ok 10:06:49.0515 1840 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 10:06:49.0546 1840 HPZipr12 - ok 10:06:49.0578 1840 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 10:06:49.0625 1840 HPZius12 - ok 10:06:49.0671 1840 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 10:06:49.0734 1840 HTTP - ok 10:06:49.0734 1840 i2omgmt - ok 10:06:49.0750 1840 i2omp - ok 10:06:49.0796 1840 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 10:06:49.0937 1840 i8042prt - ok 10:06:49.0968 1840 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys 10:06:50.0093 1840 i81x - ok 10:06:50.0156 1840 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys 10:06:50.0281 1840 iAimFP0 - ok 10:06:50.0296 1840 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys 10:06:50.0421 1840 iAimFP1 - ok 10:06:50.0453 1840 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys 10:06:50.0578 1840 iAimFP2 - ok 10:06:50.0609 1840 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys 10:06:50.0734 1840 iAimFP3 - ok 10:06:50.0750 1840 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys 10:06:50.0859 1840 iAimFP4 - ok 10:06:50.0890 1840 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys 10:06:51.0000 1840 iAimFP5 - ok 10:06:51.0000 1840 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys 10:06:51.0125 1840 iAimFP6 - ok 10:06:51.0156 1840 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys 10:06:51.0250 1840 iAimFP7 - ok 10:06:51.0281 1840 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys 10:06:51.0375 1840 iAimTV0 - ok 10:06:51.0390 1840 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys 10:06:51.0500 1840 iAimTV1 - ok 10:06:51.0515 1840 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys 10:06:51.0656 1840 iAimTV3 - ok 10:06:51.0671 1840 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys 10:06:51.0750 1840 iAimTV4 - ok 10:06:51.0781 1840 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys 10:06:51.0875 1840 iAimTV5 - ok 10:06:51.0890 1840 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys 10:06:51.0968 1840 iAimTV6 - ok 10:06:52.0140 1840 ialm (bffa387180121df1e4646c4ced3e16ca) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 10:06:52.0484 1840 ialm - ok 10:06:52.0515 1840 IFXTPM (2cdf483f8fc2bf3f7b93e3bdd734cfbd) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS 10:06:52.0593 1840 IFXTPM - ok 10:06:52.0609 1840 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 10:06:52.0765 1840 Imapi - ok 10:06:52.0765 1840 ini910u - ok 10:06:52.0812 1840 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 10:06:52.0921 1840 IntelIde - ok 10:06:52.0953 1840 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 10:06:53.0062 1840 intelppm - ok 10:06:53.0093 1840 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 10:06:53.0203 1840 Ip6Fw - ok 10:06:53.0250 1840 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 10:06:53.0359 1840 IpFilterDriver - ok 10:06:53.0375 1840 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 10:06:53.0500 1840 IpInIp - ok 10:06:53.0531 1840 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 10:06:53.0640 1840 IpNat - ok 10:06:53.0671 1840 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 10:06:53.0828 1840 IPSec - ok 10:06:53.0875 1840 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 10:06:53.0984 1840 IRENUM - ok 10:06:54.0000 1840 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 10:06:54.0109 1840 isapnp - ok 10:06:54.0140 1840 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 10:06:54.0265 1840 Kbdclass - ok 10:06:54.0281 1840 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 10:06:54.0390 1840 kbdhid - ok 10:06:54.0406 1840 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 10:06:54.0515 1840 kmixer - ok 10:06:54.0546 1840 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 10:06:54.0656 1840 KSecDD - ok 10:06:54.0656 1840 lbrtfdc - ok 10:06:54.0687 1840 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys 10:06:54.0734 1840 MBAMProtector - ok 10:06:54.0765 1840 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 10:06:54.0875 1840 mnmdd - ok 10:06:54.0906 1840 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 10:06:55.0015 1840 Modem - ok 10:06:55.0046 1840 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 10:06:55.0187 1840 Mouclass - ok 10:06:55.0218 1840 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 10:06:55.0328 1840 mouhid - ok 10:06:55.0359 1840 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 10:06:55.0468 1840 MountMgr - ok 10:06:55.0531 1840 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 10:06:55.0562 1840 MpFilter - ok 10:06:55.0562 1840 mraid35x - ok 10:06:55.0578 1840 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 10:06:55.0687 1840 MRxDAV - ok 10:06:55.0718 1840 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 10:06:55.0796 1840 MRxSmb - ok 10:06:55.0859 1840 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 10:06:55.0968 1840 Msfs - ok 10:06:55.0984 1840 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 10:06:56.0093 1840 MSKSSRV - ok 10:06:56.0125 1840 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 10:06:56.0234 1840 MSPCLOCK - ok 10:06:56.0265 1840 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 10:06:56.0375 1840 MSPQM - ok 10:06:56.0421 1840 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 10:06:56.0531 1840 mssmbios - ok 10:06:56.0562 1840 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 10:06:56.0625 1840 Mup - ok 10:06:56.0671 1840 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 10:06:56.0796 1840 NDIS - ok 10:06:56.0843 1840 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 10:06:56.0906 1840 NdisTapi - ok 10:06:56.0953 1840 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 10:06:57.0062 1840 Ndisuio - ok 10:06:57.0078 1840 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 10:06:57.0250 1840 NdisWan - ok 10:06:57.0281 1840 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 10:06:57.0359 1840 NDProxy - ok 10:06:57.0375 1840 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 10:06:57.0531 1840 NetBIOS - ok 10:06:57.0562 1840 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 10:06:57.0750 1840 NetBT - ok 10:06:57.0781 1840 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 10:06:57.0921 1840 Npfs - ok 10:06:57.0968 1840 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 10:06:58.0140 1840 Ntfs - ok 10:06:58.0171 1840 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 10:06:58.0296 1840 Null - ok 10:06:58.0312 1840 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 10:06:58.0437 1840 NwlnkFlt - ok 10:06:58.0453 1840 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 10:06:58.0578 1840 NwlnkFwd - ok 10:06:58.0609 1840 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys 10:06:58.0718 1840 P3 - ok 10:06:58.0750 1840 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 10:06:58.0875 1840 Parport - ok 10:06:58.0906 1840 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 10:06:59.0015 1840 PartMgr - ok 10:06:59.0046 1840 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 10:06:59.0156 1840 ParVdm - ok 10:06:59.0187 1840 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 10:06:59.0296 1840 PCI - ok 10:06:59.0312 1840 PCIDump - ok 10:06:59.0343 1840 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 10:06:59.0453 1840 PCIIde - ok 10:06:59.0468 1840 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 10:06:59.0593 1840 Pcmcia - ok 10:06:59.0609 1840 PDCOMP - ok 10:06:59.0609 1840 PDFRAME - ok 10:06:59.0625 1840 PDRELI - ok 10:06:59.0640 1840 PDRFRAME - ok 10:06:59.0640 1840 perc2 - ok 10:06:59.0656 1840 perc2hib - ok 10:06:59.0703 1840 Point32 (273afc65fabf97326aa78ffe38b1e071) C:\WINDOWS\system32\DRIVERS\point32.sys 10:06:59.0750 1840 Point32 - ok 10:06:59.0796 1840 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 10:06:59.0906 1840 PptpMiniport - ok 10:06:59.0937 1840 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 10:07:00.0062 1840 PSched - ok 10:07:00.0093 1840 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 10:07:00.0203 1840 Ptilink - ok 10:07:00.0203 1840 ql1080 - ok 10:07:00.0218 1840 Ql10wnt - ok 10:07:00.0234 1840 ql12160 - ok 10:07:00.0234 1840 ql1240 - ok 10:07:00.0250 1840 ql1280 - ok 10:07:00.0265 1840 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 10:07:00.0390 1840 RasAcd - ok 10:07:00.0421 1840 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 10:07:00.0562 1840 Rasl2tp - ok 10:07:00.0578 1840 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 10:07:00.0687 1840 RasPppoe - ok 10:07:00.0718 1840 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 10:07:00.0828 1840 Raspti - ok 10:07:00.0859 1840 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 10:07:00.0968 1840 Rdbss - ok 10:07:00.0984 1840 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 10:07:01.0093 1840 RDPCDD - ok 10:07:01.0109 1840 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 10:07:01.0250 1840 rdpdr - ok 10:07:01.0296 1840 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 10:07:01.0359 1840 RDPWD - ok 10:07:01.0406 1840 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 10:07:01.0515 1840 redbook - ok 10:07:01.0531 1840 RimUsb - ok 10:07:01.0562 1840 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys 10:07:01.0609 1840 RimVSerPort - ok 10:07:01.0625 1840 rkhdrv40 - ok 10:07:01.0656 1840 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 10:07:01.0750 1840 ROOTMODEM - ok 10:07:01.0859 1840 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 10:07:01.0890 1840 SASDIFSV - ok 10:07:01.0906 1840 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 10:07:01.0953 1840 SASKUTIL - ok 10:07:02.0000 1840 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 10:07:02.0109 1840 Secdrv - ok 10:07:02.0140 1840 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 10:07:02.0265 1840 serenum - ok 10:07:02.0312 1840 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 10:07:02.0437 1840 Serial - ok 10:07:02.0500 1840 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 10:07:02.0593 1840 Sfloppy - ok 10:07:02.0609 1840 Simbad - ok 10:07:02.0625 1840 Sparrow - ok 10:07:02.0656 1840 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 10:07:02.0750 1840 splitter - ok 10:07:02.0796 1840 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 10:07:02.0921 1840 sr - ok 10:07:02.0953 1840 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 10:07:03.0031 1840 Srv - ok 10:07:03.0062 1840 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 10:07:03.0171 1840 swenum - ok 10:07:03.0203 1840 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 10:07:03.0312 1840 swmidi - ok 10:07:03.0359 1840 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 10:07:03.0484 1840 symc810 - ok 10:07:03.0500 1840 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 10:07:03.0593 1840 symc8xx - ok 10:07:03.0609 1840 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys 10:07:03.0656 1840 Symmpi ( UnsignedFile.Multi.Generic ) - warning 10:07:03.0656 1840 Symmpi - detected UnsignedFile.Multi.Generic (1) 10:07:03.0671 1840 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 10:07:03.0781 1840 sym_hi - ok 10:07:03.0812 1840 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 10:07:03.0906 1840 sym_u3 - ok 10:07:03.0937 1840 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 10:07:04.0046 1840 sysaudio - ok 10:07:04.0093 1840 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 10:07:04.0125 1840 Tcpip - ok 10:07:04.0171 1840 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 10:07:04.0281 1840 TDPIPE - ok 10:07:04.0312 1840 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 10:07:04.0406 1840 TDTCP - ok 10:07:04.0437 1840 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 10:07:04.0546 1840 TermDD - ok 10:07:04.0562 1840 TosIde - ok 10:07:04.0593 1840 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 10:07:04.0718 1840 Udfs - ok 10:07:04.0734 1840 ultra - ok 10:07:04.0765 1840 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 10:07:04.0875 1840 usbccgp - ok 10:07:04.0921 1840 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 10:07:05.0015 1840 usbehci - ok 10:07:05.0031 1840 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 10:07:05.0156 1840 usbhub - ok 10:07:05.0187 1840 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 10:07:05.0296 1840 usbprint - ok 10:07:05.0328 1840 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 10:07:05.0421 1840 usbscan - ok 10:07:05.0453 1840 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 10:07:05.0562 1840 USBSTOR - ok 10:07:05.0593 1840 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 10:07:05.0687 1840 usbuhci - ok 10:07:05.0734 1840 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 10:07:05.0843 1840 VgaSave - ok 10:07:05.0859 1840 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 10:07:05.0968 1840 ViaIde - ok 10:07:05.0984 1840 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 10:07:06.0093 1840 VolSnap - ok 10:07:06.0109 1840 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 10:07:06.0218 1840 Wanarp - ok 10:07:06.0234 1840 WDICA - ok 10:07:06.0265 1840 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 10:07:06.0375 1840 wdmaud - ok 10:07:06.0421 1840 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 10:07:06.0515 1840 WmiAcpi - ok 10:07:06.0562 1840 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 10:07:06.0656 1840 WpdUsb - ok 10:07:06.0687 1840 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 10:07:06.0812 1840 WS2IFSL - ok 10:07:06.0859 1840 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 10:07:06.0937 1840 WudfPf - ok 10:07:06.0968 1840 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 10:07:07.0015 1840 WudfRd - ok 10:07:07.0046 1840 MBR (0x1B8) (4f02a8d4048a138c450ed7f867eb0144) \Device\Harddisk0\DR0 10:07:07.0265 1840 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 10:07:07.0265 1840 \Device\Harddisk0\DR0 - detected TDSS File System (1) 10:07:07.0265 1840 Boot (0x1200) (be6fefc778ce5a65d254ab5f7fc38716) \Device\Harddisk0\DR0\Partition0 10:07:07.0265 1840 \Device\Harddisk0\DR0\Partition0 - ok 10:07:07.0281 1840 Boot (0x1200) (f3186eb0bdaebb6703dd53c4a2243d24) \Device\Harddisk0\DR0\Partition1 10:07:07.0281 1840 \Device\Harddisk0\DR0\Partition1 - ok 10:07:07.0281 1840 ============================================================ 10:07:07.0281 1840 Scan finished 10:07:07.0281 1840 ============================================================ 10:07:07.0390 3552 Detected object count: 3 10:07:07.0390 3552 Actual detected object count: 3 10:07:18.0968 3552 adpu320 ( UnsignedFile.Multi.Generic ) - skipped by user 10:07:18.0968 3552 adpu320 ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:07:18.0968 3552 Symmpi ( UnsignedFile.Multi.Generic ) - skipped by user 10:07:18.0968 3552 Symmpi ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:07:18.0968 3552 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 10:07:18.0968 3552 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 10:07:23.0078 3224 Deinitialize success COMBOFIX: ComboFix 12-02-09.02 - RobPierce 02/09/2012 10:11:42.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3053.2245 [GMT -5:00] Running from: c:\documents and settings\RobPierce\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((( Files Created from 2012-01-09 to 2012-02-09 ))))))))))))))))))))))))))))))) . . 2012-02-09 15:10 . 2012-02-09 15:10 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{67EB383D-9C8E-4022-BC05-99889B08B6FA}\MpKsla698b4c4.sys 2012-02-09 15:03 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{67EB383D-9C8E-4022-BC05-99889B08B6FA}\mpengine.dll 2012-02-09 14:32 . 2012-02-09 14:32 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-08 16:12 . 2012-02-08 16:12 -------- d-----w- c:\documents and settings\RobPierce\Application Data\SUPERAntiSpyware.com 2012-02-08 16:11 . 2012-02-08 16:12 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-02-08 16:11 . 2012-02-08 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2012-02-08 12:23 . 2012-02-08 12:23 -------- d-----w- c:\program files\ESET 2012-02-07 19:18 . 2012-02-07 19:18 -------- d-----w- c:\windows\system32\wbem\Repository 2012-01-13 21:21 . 2012-01-13 21:21 -------- d-----w- c:\documents and settings\RobPierce\Application Data\ERS Game Studios 2012-01-13 21:07 . 2012-01-13 21:08 -------- d-----w- c:\program files\Dark Tales - Edgar Allan Poe's The Black Cat 2012-01-13 20:53 . 2012-02-08 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Big Fish Games 2012-01-13 20:52 . 2012-02-08 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache 2012-01-10 20:46 . 2012-01-10 20:46 -------- d-----w- c:\program files\Common Files\Yahoo! 2012-01-10 20:46 . 2012-01-10 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle VideoSpin 2012-01-10 20:46 . 2012-01-10 20:46 -------- d-----w- c:\program files\Pinnacle 2012-01-10 20:45 . 2012-01-10 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle 2012-01-10 20:44 . 2012-01-10 20:44 -------- d-----w- c:\documents and settings\RobPierce\Local Settings\Application Data\Downloaded Installations 2012-01-10 20:37 . 2012-01-13 10:02 -------- d-----w- c:\documents and settings\RobPierce\Local Settings\Application Data\PMB Files 2012-01-10 20:37 . 2012-01-10 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files 2012-01-10 20:36 . 2012-01-10 20:36 -------- d-----w- c:\program files\Pando Networks 2012-01-10 17:12 . 2008-04-14 10:42 10752 ------w- c:\windows\system32\smtpapi.dll 2012-01-10 17:12 . 2008-04-14 10:42 9728 ------w- c:\windows\system32\rwnh.dll 2012-01-10 17:12 . 2007-04-03 05:12 1327320 ------w- c:\program files\MSN\MSNCoreFiles\Install\msnsusii.exe 2012-01-10 17:12 . 2007-04-03 05:04 884712 ------w- c:\program files\MSN\MSNCoreFiles\Install\MSN9Components\digcore.exe 2012-01-10 17:12 . 2007-04-03 05:09 11053008 ------w- c:\program files\MSN\MSNCoreFiles\Install\MSN9Components\msncli.exe 2012-01-10 17:12 . 2008-04-14 10:40 229376 ------w- c:\program files\MSN\MSNCoreFiles\OOBE\obelog.dll 2012-01-10 17:12 . 2008-04-14 10:40 966656 ------w- c:\program files\MSN\MSNCoreFiles\OOBE\obemetal.dll 2012-01-10 17:12 . 2008-04-14 10:40 86016 ------w- c:\program files\MSN\MSNCoreFiles\OOBE\obepopc.dll 2012-01-10 17:12 . 2007-04-03 05:14 77824 ------w- c:\program files\MSN\MSNCoreFiles\OOBE\obemtllc.dll 2012-01-10 17:11 . 2006-12-29 05:31 19569 ----a-w- c:\windows\000001_.tmp . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-31 12:44 . 2012-01-05 20:00 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-06 04:19 . 2012-01-06 20:28 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-12-10 20:24 . 2008-09-05 17:16 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-23 13:25 . 2006-02-28 02:00 1859584 ---ha-w- c:\windows\system32\win32k.sys 2007-09-28 17:19 . 2010-06-03 14:29 1769472 -c--a-w- c:\program files\mozilla firefox\plugins\fluxcore.dll 2006-07-28 16:29 . 2010-06-03 14:29 36864 -c--a-w- c:\program files\mozilla firefox\plugins\fluxcryp.dll 2007-09-28 17:19 . 2010-06-03 14:29 798720 -c-ha-w- c:\program files\mozilla firefox\plugins\fluxdx8.dll 2007-09-28 16:56 . 2010-06-03 14:29 61440 -c--a-w- c:\program files\mozilla firefox\plugins\HawkNL.dll 2011-12-13 17:09 . 2011-12-13 17:09 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2010-10-14 02:28 . 2010-08-27 18:50 24376 ---ha-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((( SnapShot_2012-02-09_14.55.17 ))))))))))))))))))))))))))))))))))))))))) . + 2012-02-09 15:02 . 2012-02-09 15:02 16384 c:\windows\Temp\Perflib_Perfdata_850.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 4617600] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1036288] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824] "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856] "Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 166424] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 1505144] "ToolboxFX"="c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-10-25 58936] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= . R1 MpKsla698b4c4;MpKsla698b4c4;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{67EB383D-9C8E-4022-BC05-99889B08B6FA}\MpKsla698b4c4.sys [2/9/2012 10:10 AM 29904] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608] R2 HP LaserJet Service;HP LaserJet Service;c:\program files\Hp\HPLaserJetService\HPLaserJetService.exe [10/25/2010 1:53 PM 145920] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/5/2008 12:16 PM 652360] R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [9/27/2011 3:21 PM 20504] R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppcfaxio.sys [9/27/2011 3:21 PM 21528] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [1/23/2007 3:13 PM 36608] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/5/2008 12:16 PM 20464] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/10/2010 2:09 PM 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/10/2010 2:09 PM 136176] S3 rkhdrv40;Rootkit Unhooker Driver; [x] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 01242889 *NewlyCreated* - 21131958 *NewlyCreated* - MPKSLA698B4C4 *Deregistered* - 01242889 *Deregistered* - 21131958 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder . 2012-02-08 c:\windows\Tasks\At10.job - c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 12:18] . 2012-02-07 c:\windows\Tasks\At11.job - c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 12:18] . 2012-02-07 c:\windows\Tasks\At12.job - c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 12:18] . 2012-02-07 c:\windows\Tasks\At3.job - c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 12:18] . 2012-02-07 c:\windows\Tasks\At4.job - c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 12:18] . 2012-02-07 c:\windows\Tasks\At7.job - c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 12:18] . 2012-02-07 c:\windows\Tasks\At8.job - c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 12:18] . 2012-02-07 c:\windows\Tasks\At9.job - c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 12:18] . 2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 19:09] . 2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 19:09] . 2012-02-09 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ TCP: DhcpNameServer = 74.5.116.242 74.5.116.246 DPF: {460324E8-CFB4-4357-85EF-CE3EBFE23A62} - hxxp://shawwwahps.sha.state.md.us/ahps/ActiveXViewer.cab DPF: {7A16F968-8E79-11D4-AFC3-0060978DD938} - hxxp://apps.dmv.virginia.gov/eRoute/slactvx.cab FF - ProfilePath - c:\documents and settings\RobPierce\Application Data\Mozilla\Firefox\Profiles\262noymt.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - hxxp://search.ask.com/?l=dis&o=15083 FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . Supplementary scan did not complete! . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-09 10:17 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(692) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(1976) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\windows\system32\ImgUtil.dll c:\windows\system32\pngfilt.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2012-02-09 10:19:39 ComboFix-quarantined-files.txt 2012-02-09 15:19 ComboFix2.txt 2010-11-15 16:03 . Pre-Run: 18,129,444,864 bytes free Post-Run: 18,092,707,840 bytes free . - - End Of File - - A5CE08B8DEB52A147EBDAD33FA1C6B0A
- February 9, 2012
- 4 replies
Browser won't open Google sites

wastnawayagn posted a topic in Resolved Malware Removal Logs

I cannot get my browser (IE8) to connect to any Google sites. I know there's a problem as Malwarebytes keeps blocking IP addresses. My PC is running a little slow. I ran Malwarebytes and it removed a few threats. I also flushed the DNS. SuperAntispyware also ran, and removed a few things, but i continue to have the same problem. Here's the dds.txt log: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_10 Run by RobPierce at 8:11:09 on 2012-02-09 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3053.2205 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe svchost.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\WINDOWS\SMINST\Scheduler.exe C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mURLSearchHooks: H - No File TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [soundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray mRun: [setRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe mRun: [scheduler] c:\windows\sminst\Scheduler.exe mRun: [Reminder] c:\windows\creator\Remind_XP.exe mRun: [Recguard] c:\windows\sminst\Recguard.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [ToolboxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [yBlqxAdBNPjQ.exe] c:\documents and settings\all users\application data\yBlqxAdBNPjQ.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {460324E8-CFB4-4357-85EF-CE3EBFE23A62} - hxxp://shawwwahps.sha.state.md.us/ahps/ActiveXViewer.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} - hxxps://fixit.support.microsoft.com/ActiveX/FixItClient.CAB DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207576752328 DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect114a.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {7A16F968-8E79-11D4-AFC3-0060978DD938} - hxxp://apps.dmv.virginia.gov/eRoute/slactvx.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} - hxxp://www.cortona3d.com/cortona3d.cab DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {BE65189A-4770-47A0-9B7B-68827DB1C317} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u10-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 74.5.116.242 74.5.116.246 TCP: Interfaces\{15B63FED-754D-4952-B515-94115B5CC121} : DhcpNameServer = 74.5.116.242 74.5.116.246 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\robpierce\application data\mozilla\firefox\profiles\262noymt.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - hxxp://search.ask.com/?l=dis&o=15083 FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - plugin: c:\program files\common files\parallelgraphics\cortona\npCortona.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCortona.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\nos\bin\np_gp.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll . ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608] R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2010-10-25 145920] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-9-5 652360] R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2011-9-27 20504] R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppcfaxio.sys [2011-9-27 21528] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-1-23 36608] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-9-5 20464] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-10 136176] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-10 136176] S3 rkhdrv40;Rootkit Unhooker Driver; [x] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-02-09 12:04:18 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9081978a-82d4-4a32-b123-7993cf8d6c09}\mpengine.dll 2012-02-08 16:12:20 -------- d-----w- c:\documents and settings\robpierce\application data\SUPERAntiSpyware.com 2012-02-08 16:11:38 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-02-08 16:11:38 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com 2012-02-08 12:23:20 -------- d-----w- c:\program files\ESET 2012-02-07 19:18:05 -------- d-----w- c:\windows\system32\wbem\repository\FS 2012-02-07 19:18:05 -------- d-----w- c:\windows\system32\wbem\Repository 2012-01-13 21:21:04 -------- d-----w- c:\documents and settings\robpierce\application data\ERS Game Studios 2012-01-13 21:07:00 -------- d-----w- c:\program files\Dark Tales - Edgar Allan Poe's The Black Cat 2012-01-13 20:53:06 -------- d-----w- c:\documents and settings\all users\application data\Big Fish Games 2012-01-13 20:52:09 -------- d-----w- c:\documents and settings\all users\application data\BigFishGamesCache 2012-01-10 20:46:09 -------- d-----w- c:\program files\common files\Yahoo! 2012-01-10 20:46:08 -------- d-----w- c:\program files\Pinnacle 2012-01-10 20:46:08 -------- d-----w- c:\documents and settings\all users\application data\Pinnacle VideoSpin 2012-01-10 20:44:40 -------- d-----w- c:\documents and settings\robpierce\local settings\application data\Downloaded Installations 2012-01-10 20:37:16 -------- d-----w- c:\documents and settings\robpierce\local settings\application data\PMB Files 2012-01-10 20:37:13 -------- d-----w- c:\documents and settings\all users\application data\PMB Files 2012-01-10 20:36:54 -------- d-----w- c:\program files\Pando Networks 2012-01-10 17:12:21 9728 ------w- c:\windows\system32\rwnh.dll 2012-01-10 17:12:21 10752 ------w- c:\windows\system32\smtpapi.dll 2012-01-10 17:12:15 884712 ------w- c:\program files\msn\msncorefiles\install\msn9components\digcore.exe 2012-01-10 17:12:15 1327320 ------w- c:\program files\msn\msncorefiles\install\msnsusii.exe 2012-01-10 17:12:13 11053008 ------w- c:\program files\msn\msncorefiles\install\msn9components\msncli.exe 2012-01-10 17:12:11 229376 ------w- c:\program files\msn\msncorefiles\oobe\obelog.dll 2012-01-10 17:12:10 966656 ------w- c:\program files\msn\msncorefiles\oobe\obemetal.dll 2012-01-10 17:12:10 86016 ------w- c:\program files\msn\msncorefiles\oobe\obepopc.dll 2012-01-10 17:12:10 77824 ------w- c:\program files\msn\msncorefiles\oobe\obemtllc.dll 2012-01-10 17:11:08 19569 ----a-w- c:\windows\000001_.tmp . ==================== Find3M ==================== . 2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe 2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-23 13:25:32 1859584 ---ha-w- c:\windows\system32\win32k.sys . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: WDC_WD800AAJS-60WAA0 rev.58.01D58 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AEAF49F]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8aeb6738]; MOV EAX, [0x8aeb68ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8B2A4AB8] 3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000067[0x8B2AD6C8] 5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8B2A6D98] \Driver\atapi[0x8B1D6220] -> IRP_MJ_CREATE -> 0x8AEAF49F error: Read A device attached to the system is not functioning. kernel: MBR read successfully _asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5d; } detected disk devices: detected hooks: \Driver\atapi DriverStartIo -> 0x8AEAF2C6 user & kernel MBR OK Warning: possible TDL3 rootkit infection ! . ============= FINISH: 8:14:09.10 =============== And this is the attach.txt file: DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 4/7/2008 9:55:53 AM System Uptime: 2/9/2012 8:07:51 AM (0 hours ago) . Motherboard: Hewlett-Packard | | 2820h Processor: Intel® Core2 Duo CPU E4600 @ 2.40GHz | XU1 PROCESSOR | 2394/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 65 GiB total, 15.919 GiB free. D: is FIXED (NTFS) - 10 GiB total, 6.307 GiB free. E: is CDROM (UDF) F: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318} Description: Microsoft PS/2 Port Mouse (IntelliPoint) Device ID: ACPI\PNP0F13\4&1E368A7A&0 Manufacturer: Microsoft Name: Microsoft PS/2 Port Mouse (IntelliPoint) PNP Device ID: ACPI\PNP0F13\4&1E368A7A&0 Service: i8042prt . Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318} Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard Device ID: ACPI\PNP0303\4&1E368A7A&0 Manufacturer: (Standard keyboards) Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard PNP Device ID: ACPI\PNP0303\4&1E368A7A&0 Service: i8042prt . ==== System Restore Points =================== . RP1154: 12/21/2011 4:52:45 PM - System Checkpoint RP1155: 12/23/2011 3:11:20 AM - System Checkpoint RP1156: 12/24/2011 3:54:40 AM - System Checkpoint RP1157: 12/25/2011 3:05:57 PM - System Checkpoint RP1158: 12/26/2011 4:06:39 PM - System Checkpoint RP1159: 12/27/2011 5:07:27 PM - System Checkpoint RP1160: 12/28/2011 10:42:52 AM - Removed Ask Toolbar. RP1161: 12/28/2011 10:43:44 AM - Removed I.R.I.S. OCR RP1162: 12/28/2011 10:45:03 AM - Removed Marketsplash Shortcuts RP1163: 12/29/2011 11:32:21 AM - System Checkpoint RP1164: 1/3/2012 6:15:20 AM - System Checkpoint RP1165: 1/4/2012 1:24:10 PM - System Checkpoint RP1166: 1/4/2012 2:42:31 PM - Installed HP FWUpdateEDO3 RP1167: 1/5/2012 3:00:46 PM - Software Distribution Service 3.0 RP1168: 1/6/2012 3:28:14 PM - Software Distribution Service 3.0 RP1169: 1/7/2012 3:00:17 AM - Software Distribution Service 3.0 RP1170: 1/7/2012 3:42:47 PM - Software Distribution Service 3.0 RP1171: 1/8/2012 3:44:24 PM - Software Distribution Service 3.0 RP1172: 1/9/2012 3:03:04 PM - Software Distribution Service 3.0 RP1173: 1/9/2012 4:50:15 PM - Software Distribution Service 3.0 RP1174: 1/10/2012 12:11:19 PM - Installed Windows XP Service Pack 3. RP1175: 1/10/2012 3:45:56 PM - Installed Pinnacle VideoSpin. RP1176: 1/10/2012 5:12:59 PM - Software Distribution Service 3.0 RP1177: 1/11/2012 3:00:17 AM - Software Distribution Service 3.0 RP1178: 1/11/2012 12:31:09 PM - Software Distribution Service 3.0 RP1179: 1/12/2012 12:30:59 PM - Software Distribution Service 3.0 RP1180: 1/13/2012 12:43:18 PM - Software Distribution Service 3.0 RP1181: 1/14/2012 2:35:57 PM - Software Distribution Service 3.0 RP1182: 1/15/2012 2:27:38 AM - Software Distribution Service 3.0 RP1183: 1/16/2012 2:28:28 AM - System Checkpoint RP1184: 1/16/2012 2:31:51 AM - Software Distribution Service 3.0 RP1185: 1/17/2012 3:01:41 AM - System Checkpoint RP1186: 1/17/2012 5:41:45 PM - Software Distribution Service 3.0 RP1187: 1/19/2012 2:05:27 AM - Software Distribution Service 3.0 RP1188: 1/19/2012 5:34:39 PM - Software Distribution Service 3.0 RP1189: 1/20/2012 5:42:18 PM - Software Distribution Service 3.0 RP1190: 1/21/2012 5:55:02 PM - Software Distribution Service 3.0 RP1191: 1/22/2012 5:58:55 PM - System Checkpoint RP1192: 1/22/2012 6:25:26 PM - Software Distribution Service 3.0 RP1193: 1/23/2012 6:37:50 PM - Software Distribution Service 3.0 RP1194: 1/24/2012 6:49:20 PM - Software Distribution Service 3.0 RP1195: 1/25/2012 4:09:05 PM - Software Distribution Service 3.0 RP1196: 1/26/2012 5:28:46 PM - System Checkpoint RP1197: 1/26/2012 5:55:50 PM - Software Distribution Service 3.0 RP1198: 1/27/2012 11:26:49 PM - Software Distribution Service 3.0 RP1199: 1/29/2012 11:26:48 AM - Software Distribution Service 3.0 RP1200: 1/30/2012 11:59:42 AM - Software Distribution Service 3.0 RP1201: 2/3/2012 3:24:36 PM - System Checkpoint RP1202: 2/6/2012 10:34:12 AM - System Checkpoint RP1203: 2/6/2012 11:22:24 AM - Software Distribution Service 3.0 RP1204: 2/7/2012 1:37:19 PM - Software Distribution Service 3.0 RP1205: 2/7/2012 2:17:17 PM - Restore Operation RP1206: 2/7/2012 2:30:27 PM - Software Distribution Service 3.0 RP1207: 2/7/2012 3:03:16 PM - Installed Microsoft Fix it 50195 RP1208: 2/7/2012 4:06:10 PM - Removed Google Earth Plug-in. RP1209: 2/9/2012 7:04:14 AM - Software Distribution Service 3.0 . ==== Installed Programs ====================== . 2007 Microsoft Office system 32 Bit HP CIO Components Installer Acrobat.com Activation Assistant for the 2007 Microsoft Office suites Adobe AIR Adobe Atmosphere Player for Acrobat and Adobe Reader Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.4.1 Apple Application Support Apple Software Update Bing Maps 3D Buckscore Cortona3D Viewer Critical Update for Windows Media Player 11 (KB959772) CutePDF Writer 2.8 Dark Tales: ™ Edgar Allan Poe's The Black Cat ESET Online Scanner v3 GDR 4060 for SQL Server Database Services 2005 ENU (KB2494113) Google Update Helper Hewlett-Packard ACLM.NET v1.1.0.0 High Definition Audio Driver Package - KB888111 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB958655-v2) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB971276-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Backup and Recovery Manager HP Driver Diagnostics HP LaserJet Professional CM1410 Series HP LJ CM1410 MFP Series HP Scan HP Update HPLaserJetHelp_LearnCenter HPLJUT hppCM1410LaserJetService hppFaxDrvCM1410 hppFaxUtilityCM1410 hppLaserJetService hppSendFaxCM1410 hppTLBXFXCM1410 hpzTLBXFX Intel® Graphics Media Accelerator Driver Intel® PRO Network Connections 12.1.14.1 Intel® Management Engine Interface InterVideo Register Manager Java 6 Update 10 Java 6 Update 2 Malwarebytes Anti-Malware version 1.60.1.1000 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Antimalware Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Default Manager Microsoft IntelliPoint 7.1 Microsoft IntelliType Pro 7.1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft J# Redist 2003 (KB819777) Microsoft National Language Support Downlevel APIs Microsoft Office 2003 Web Components Microsoft Office 2007 Primary Interop Assemblies Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Live Add-in 1.3 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Hybrid 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Small Business Connectivity Components Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft UI Engine Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual J# .NET Redistributable Package 1.1 Mozilla Firefox (3.5.2) Mozilla Thunderbird 9.0.1 (x86 en-US) MSVCSetup MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser (KB933579) OGA Notifier 2.0.0048.0 Pando Media Booster PhotoScape Picasa 3 Pinnacle VideoSpin QuickTime Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) SoundMAX SUPERAntiSpyware Tone Mapping Plug-In 1.2 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 (KB2583910) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Outlook 2007 Junk Email Filter (KB2596560) Update for Windows Internet Explorer 8 (KB972636) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB943729) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Watchtower Library 2009 - English WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinRAR archiver XPS Essentials Pack XPS Essentials Pack 1.0 . ==== Event Viewer Messages From Past Week ======== . 2/8/2012 11:36:48 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect. 2/8/2012 11:36:48 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2/7/2012 3:38:44 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 2/7/2012 2:19:37 PM, error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0 2/6/2012 7:17:56 AM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 001E0BB3BD89 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message). 2/6/2012 7:16:36 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.956.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8001.0&avdelta=1.119.956.0&asdelta=1.119.956.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 2/6/2012 7:16:36 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.956.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8001.0&avdelta=1.119.956.0&asdelta=1.119.956.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 2/6/2012 7:16:36 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.956.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8001.0&avdelta=1.119.956.0&asdelta=1.119.956.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 2/6/2012 7:16:36 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.956.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8001.0&avdelta=1.119.956.0&asdelta=1.119.956.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 2/6/2012 7:16:31 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.956.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 2/6/2012 6:59:52 AM, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 001E0BB3BD89 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message). 2/6/2012 6:57:42 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.956.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 2/6/2012 6:56:51 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 2/6/2012 6:56:48 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 2/3/2012 4:08:20 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.956.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 2/3/2012 3:06:44 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.956.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 2/3/2012 2:50:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt 2/3/2012 2:50:40 PM, error: Service Control Manager [7024] - The SQL Server (MSSMLBIZ) service terminated with service-specific error 3417 (0xD59). 2/3/2012 2:50:40 PM, error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the path specified. 2/3/2012 2:50:40 PM, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified. . ==== End Of File ===========================
- February 9, 2012
- 4 replies

Sign In

wastnawayagn

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by wastnawayagn

Browser won't open Google sites

Browser won't open Google sites

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information