Jump to content

tweis

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

 Content Type 

Everything posted by tweis

  1. tweis
    Done! Thanks again for all your help!!
  2. tweis
    Everything seems to be working ok. No more system freezes or spawning iexplorer.exe processes. Can I assume I'm clean at this point?
  3. tweis
    I ran a full system scan and found nothing! Malwarebytes' Anti-Malware 1.44 Database version: 3524 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/9/2010 8:55:25 AM mbam-log-2010-01-09 (08-55-25).txt Scan type: Full Scan (C:\|E:\|H:\|) Objects scanned: 646396 Time elapsed: 1 hour(s), 57 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  4. tweis
    I ran another scan with mbam (still in safe mode) and nothing was detected. Tonight I'll boot normally and test things out. Should I run DeFogger again to reactivate the drivers it disabled?
  5. tweis
    Ok, I ran the ComboFix script and it seemed to complete just fine. I've attached the new logfile. Thanks again! Cfixlog2.txt
  6. tweis
    Thanks. I've attached the combofix log and here is the subsequent hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:53:53 PM, on 1/5/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINPRO\System32\smss.exe C:\WINPRO\system32\winlogon.exe C:\WINPRO\system32\services.exe C:\WINPRO\system32\lsass.exe C:\WINPRO\system32\svchost.exe C:\WINPRO\system32\svchost.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\WINPRO\explorer.exe C:\WINPRO\system32\ctfmon.exe C:\Documents and Settings\todd.DRBUNNY.003\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O4 - HKLM\..\Run: [DNS7reminder] "E:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users.WINPRO\Application Data\Nuance\NaturallySpeaking9\Ereg.ini O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [stxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINPRO\system32\NeroCheck.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINPRO\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINPRO\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\Copy of mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINPRO\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINPRO\system32\Macromed\Flash\FlashUtil10c.exe O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Seagate\AutoBackup\MemeoLauncher.exe O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINPRO\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINPRO\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200601...meInstaller.exe O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://plugin.fileopen.com/current/FileOpen.CAB O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...841/mcfscan.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: MPICH Daemon © 2001 Argonne National Lab (mpich_mpd) - Unknown owner - C:\Program Files\MPICH\mpd\bin\mpd.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINPRO\system32\nvsvc32.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe -- End of file - 8781 bytes combolog.txt
  7. tweis
    Yes please! I am considering reformatting but if my system can be cleaned I'd like to try.
  8. tweis
    After several scans with mbam, I cannot get rid of these two. The most notable effect is my system will hang unless I boot into safe mode. Following the instructions in the master thread, I ran DeFogger, DDS, and the Rootkit Scanner, and am attaching all the relevant log files. FWIW, I am also having problems removing something called Rogue.SmartProtector when running SuperAntiSpyware. Thanks for your help! Most recent malwarebytes log: ------------------------------------------------------------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.43 Database version: 3482 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 1/2/2010 3:27:19 PM mbam-log-2010-01-02 (15-27-19).txt Scan type: Quick Scan Objects scanned: 256343 Time elapsed: 6 minute(s), 0 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINPRO\system32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully. ------------------------------------------------------------------------------------------------------------------------------- DDS.txt: ------------------------------------------------------------------------------------------------------------------------------- DDS (Ver_09-12-01.01) - NTFSx86 NETWORK Run by todd at 17:56:53.67 on Sat 01/02/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.3005 [GMT -8:00] AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9} AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINPRO\system32\svchost -k DcomLaunch svchost.exe C:\WINPRO\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINPRO\Explorer.EXE C:\WINPRO\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Documents and Settings\todd.DRBUNNY.003\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File uRun: [ctfmon.exe] c:\winpro\system32\ctfmon.exe uRunOnce: [FlashPlayerUpdate] c:\winpro\system32\macromed\flash\FlashUtil10c.exe mRun: [DNS7reminder] "e:\program files\nuance\naturallyspeaking9\ereg\ereg.exe" -r "c:\documents and settings\all users.winpro\application data\nuance\naturallyspeaking9\Ereg.ini mRun: [WD Button Manager] WDBtnMgr.exe mRun: [sunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe mRun: [stxTrayMenu] "c:\program files\seagate\systemtray\StxMenuMgr.exe" mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [soundMan] SOUNDMAN.EXE mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe" mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe" mRun: [NeroFilterCheck] c:\winpro\system32\NeroCheck.exe mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\winpro\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\winpro\system32\NvCpl.dll,NvStartup mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Tvoxaxaga] rundll32.exe "c:\winpro\adiyosamavabowin.dll",Startup mRun: [MSConfig] c:\winpro\pchealth\helpctr\binaries\MSConfig.exe /auto mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\Copy of mbam.exe" /runcleanupscript StartupFolder: c:\docume~1\todddr~1.003\startm~1\programs\startup\autoba~1.lnk - c:\program files\seagate\autobackup\MemeoLauncher.exe StartupFolder: c:\docume~1\todddr~1.003\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE StartupFolder: c:\documents and settings\todd.drbunny.003\start menu\programs\startup\PowerReg Scheduler.exe StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\billmi~1.lnk - c:\quickenw\BILLMIND.EXE StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\quicke~1.lnk - c:\quickenw\QWDLLS.EXE StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\vpncli~1.lnk - c:\winpro\installer\{4c271126-c295-4828-a901-5910ae0c258b}\Icon3E5562ED7.ico IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL Trusted Zone: internet Trusted Zone: mcafee.com Trusted Zone: turbotax.com DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20060104/qtinstall.info.apple.com/snape/us/win/QuickTimeInstaller.exe DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} - hxxp://www.systemrequirementslab.com/sysreqlab.cab DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} - hxxp://plugin.fileopen.com/current/FileOpen.CAB DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5841/mcfscan.cab Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winpro\system32\WPDShServiceObj.dll SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\progra~1\qualcomm\eudora\EuShlExt.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL LSA: Notification Packages = scecli fsdcocl.dll ============= SERVICES / DRIVERS =============== R1 Ext2fs;Ext2fs;c:\winpro\system32\drivers\ext2fs.sys [2006-5-13 131840] R3 USBFVNETR;NETGEAR MA101 USB Adapter;c:\winpro\system32\drivers\ma101rnd.sys [2006-4-26 80000] S0 qfyfiwn;qfyfiwn;c:\winpro\system32\drivers\sujcio.sys --> c:\winpro\system32\drivers\sujcio.sys [?] S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-2 11608] S1 IfsDrives;IfsDrives;c:\winpro\system32\drivers\IfsDrives.sys [2006-5-13 4608] S1 mfehidk;McAfee Inc. mfehidk;c:\winpro\system32\drivers\mfehidk.sys [2009-11-4 214664] S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968] S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-2 108289] S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-2 185089] S2 avgntflt;avgntflt;c:\winpro\system32\drivers\avgntflt.sys [2010-1-2 55656] S2 mpich_mpd;MPICH Daemon © 2001 Argonne National Lab;c:\program files\mpich\mpd\bin\mpd.exe [2006-6-7 184320] S3 mferkdk;McAfee Inc. mferkdk;c:\winpro\system32\drivers\mferkdk.sys [2009-12-22 34248] S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408] S3 TCNear;TC Near;c:\winpro\system32\drivers\TCNear.sys [2007-10-17 124800] S3 TCNearAudio;TC Near Audio;c:\winpro\system32\drivers\TCNearAudio.sys [2007-10-17 20864] S3 TCNearMidi;TC Near MIDI;c:\winpro\system32\drivers\TCNearMidi.sys [2007-10-17 20480] S3 VisorUsb;Handspring USB;c:\winpro\system32\drivers\visorusb.sys --> c:\winpro\system32\drivers\VisorUsb.sys [?] S3 vsdatant;vsdatant;c:\winpro\system32\vsdatant.sys [2005-1-26 280344] =============== Created Last 30 ================ 2010-01-03 01:55:32 202 ----a-w- c:\winpro\system32\srcr.dat 2010-01-03 01:50:58 0 ----a-w- c:\documents and settings\todd.drbunny.003\defogger_reenable 2010-01-02 23:29:56 869 ----a-w- c:\winpro\system32\krl32mainweq.dll 2010-01-02 18:34:19 0 d-----w- c:\winpro\LastGood.Tmp 2010-01-02 18:34:11 55656 ----a-w- c:\winpro\system32\drivers\avgntflt.sys 2010-01-02 18:34:06 0 d-----w- c:\program files\Avira 2010-01-02 18:34:06 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Avira 2010-01-02 02:06:45 0 --sha-w- c:\winpro\nvDrv.sy 2009-12-29 07:48:20 0 d-----w- c:\program files\CCleaner 2009-12-29 07:22:36 0 d-----w- c:\docume~1\todddr~1.003\applic~1\McAfee 2009-12-29 00:43:26 0 d-----w- c:\docume~1\todddr~1.003\applic~1\Malwarebytes 2009-12-26 18:27:22 0 d-----w- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com 2009-12-26 18:16:58 38224 ----a-w- c:\winpro\system32\drivers\mbamswissarmy.sys 2009-12-26 18:16:57 19160 ----a-w- c:\winpro\system32\drivers\mbam.sys 2009-12-26 18:16:57 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-26 18:16:57 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes 2009-12-26 18:15:32 0 d-----w- c:\program files\SUPERAntiSpyware 2009-12-26 18:15:32 0 d-----w- c:\docume~1\todddr~1.003\applic~1\SUPERAntiSpyware.com 2009-12-23 08:13:12 0 d-----w- c:\winpro\McAfee.com 2009-12-23 07:04:48 0 d-----w- c:\program files\McAfee.com 2009-12-23 07:04:48 0 d-----w- c:\program files\common files\McAfee 2009-12-23 07:04:37 0 d-----w- c:\program files\McAfee 2009-12-23 07:01:59 34248 ----a-w- c:\winpro\system32\drivers\mferkdk.sys 2009-12-22 15:30:12 120 ----a-w- c:\winpro\Gjeweziwa.dat 2009-12-22 15:30:12 0 ----a-w- c:\winpro\Tcetogilime.bin 2009-12-22 15:26:25 471552 -c----w- c:\winpro\system32\dllcache\aclayers.dll ==================== Find3M ==================== 2009-11-05 00:54:12 214664 ----a-w- c:\winpro\system32\drivers\mfehidk.sys 2009-10-29 07:45:38 916480 ----a-w- c:\winpro\system32\wininet.dll 2009-10-21 05:38:36 75776 ----a-w- c:\winpro\system32\strmfilt.dll 2009-10-21 05:38:36 25088 ----a-w- c:\winpro\system32\httpapi.dll 2009-10-13 10:30:16 270336 ----a-w- c:\winpro\system32\oakley.dll 2009-10-12 13:38:19 149504 ----a-w- c:\winpro\system32\rastls.dll 2009-10-12 13:38:18 79872 ----a-w- c:\winpro\system32\raschap.dll 2009-10-12 00:43:57 41504 ---ha-w- c:\winpro\system32\mlfcache.dat 2007-07-31 04:01:14 604 ---ha-w- c:\program files\STLL Notifier 2008-09-04 04:06:00 32768 --sha-w- c:\winpro\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090320080904\index.dat ============= FINISH: 17:58:08.34 =============== Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.