tweis
Members-
Posts
8 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by tweis
-
Cannot remove rootkit.TDSS or Trojan.DNSChange
tweis replied to tweis's topic in Resolved Malware Removal Logs
Done! Thanks again for all your help!! -
Cannot remove rootkit.TDSS or Trojan.DNSChange
tweis replied to tweis's topic in Resolved Malware Removal Logs
Everything seems to be working ok. No more system freezes or spawning iexplorer.exe processes. Can I assume I'm clean at this point? -
Cannot remove rootkit.TDSS or Trojan.DNSChange
tweis replied to tweis's topic in Resolved Malware Removal Logs
I ran a full system scan and found nothing! Malwarebytes' Anti-Malware 1.44 Database version: 3524 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/9/2010 8:55:25 AM mbam-log-2010-01-09 (08-55-25).txt Scan type: Full Scan (C:\|E:\|H:\|) Objects scanned: 646396 Time elapsed: 1 hour(s), 57 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) -
Cannot remove rootkit.TDSS or Trojan.DNSChange
tweis replied to tweis's topic in Resolved Malware Removal Logs
I ran another scan with mbam (still in safe mode) and nothing was detected. Tonight I'll boot normally and test things out. Should I run DeFogger again to reactivate the drivers it disabled? -
Cannot remove rootkit.TDSS or Trojan.DNSChange
tweis replied to tweis's topic in Resolved Malware Removal Logs
Ok, I ran the ComboFix script and it seemed to complete just fine. I've attached the new logfile. Thanks again! Cfixlog2.txt -
Cannot remove rootkit.TDSS or Trojan.DNSChange
tweis replied to tweis's topic in Resolved Malware Removal Logs
Thanks. I've attached the combofix log and here is the subsequent hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:53:53 PM, on 1/5/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINPRO\System32\smss.exe C:\WINPRO\system32\winlogon.exe C:\WINPRO\system32\services.exe C:\WINPRO\system32\lsass.exe C:\WINPRO\system32\svchost.exe C:\WINPRO\system32\svchost.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\WINPRO\explorer.exe C:\WINPRO\system32\ctfmon.exe C:\Documents and Settings\todd.DRBUNNY.003\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O4 - HKLM\..\Run: [DNS7reminder] "E:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users.WINPRO\Application Data\Nuance\NaturallySpeaking9\Ereg.ini O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [stxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINPRO\system32\NeroCheck.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINPRO\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINPRO\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\Copy of mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINPRO\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINPRO\system32\Macromed\Flash\FlashUtil10c.exe O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Seagate\AutoBackup\MemeoLauncher.exe O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINPRO\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINPRO\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200601...meInstaller.exe O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://plugin.fileopen.com/current/FileOpen.CAB O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...841/mcfscan.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: MPICH Daemon © 2001 Argonne National Lab (mpich_mpd) - Unknown owner - C:\Program Files\MPICH\mpd\bin\mpd.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINPRO\system32\nvsvc32.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe -- End of file - 8781 bytes combolog.txt -
Cannot remove rootkit.TDSS or Trojan.DNSChange
tweis replied to tweis's topic in Resolved Malware Removal Logs
Yes please! I am considering reformatting but if my system can be cleaned I'd like to try. -
Cannot remove rootkit.TDSS or Trojan.DNSChange
tweis posted a topic in Resolved Malware Removal Logs
After several scans with mbam, I cannot get rid of these two. The most notable effect is my system will hang unless I boot into safe mode. Following the instructions in the master thread, I ran DeFogger, DDS, and the Rootkit Scanner, and am attaching all the relevant log files. FWIW, I am also having problems removing something called Rogue.SmartProtector when running SuperAntiSpyware. Thanks for your help! Most recent malwarebytes log: ------------------------------------------------------------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.43 Database version: 3482 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 1/2/2010 3:27:19 PM mbam-log-2010-01-02 (15-27-19).txt Scan type: Quick Scan Objects scanned: 256343 Time elapsed: 6 minute(s), 0 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINPRO\system32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully. ------------------------------------------------------------------------------------------------------------------------------- DDS.txt: ------------------------------------------------------------------------------------------------------------------------------- DDS (Ver_09-12-01.01) - NTFSx86 NETWORK Run by todd at 17:56:53.67 on Sat 01/02/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.3005 [GMT -8:00] AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9} AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINPRO\system32\svchost -k DcomLaunch svchost.exe C:\WINPRO\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINPRO\Explorer.EXE C:\WINPRO\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Documents and Settings\todd.DRBUNNY.003\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File uRun: [ctfmon.exe] c:\winpro\system32\ctfmon.exe uRunOnce: [FlashPlayerUpdate] c:\winpro\system32\macromed\flash\FlashUtil10c.exe mRun: [DNS7reminder] "e:\program files\nuance\naturallyspeaking9\ereg\ereg.exe" -r "c:\documents and settings\all users.winpro\application data\nuance\naturallyspeaking9\Ereg.ini mRun: [WD Button Manager] WDBtnMgr.exe mRun: [sunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe mRun: [stxTrayMenu] "c:\program files\seagate\systemtray\StxMenuMgr.exe" mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [soundMan] SOUNDMAN.EXE mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe" mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe" mRun: [NeroFilterCheck] c:\winpro\system32\NeroCheck.exe mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\winpro\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\winpro\system32\NvCpl.dll,NvStartup mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Tvoxaxaga] rundll32.exe "c:\winpro\adiyosamavabowin.dll",Startup mRun: [MSConfig] c:\winpro\pchealth\helpctr\binaries\MSConfig.exe /auto mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\Copy of mbam.exe" /runcleanupscript StartupFolder: c:\docume~1\todddr~1.003\startm~1\programs\startup\autoba~1.lnk - c:\program files\seagate\autobackup\MemeoLauncher.exe StartupFolder: c:\docume~1\todddr~1.003\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE StartupFolder: c:\documents and settings\todd.drbunny.003\start menu\programs\startup\PowerReg Scheduler.exe StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\billmi~1.lnk - c:\quickenw\BILLMIND.EXE StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\quicke~1.lnk - c:\quickenw\QWDLLS.EXE StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\vpncli~1.lnk - c:\winpro\installer\{4c271126-c295-4828-a901-5910ae0c258b}\Icon3E5562ED7.ico IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL Trusted Zone: internet Trusted Zone: mcafee.com Trusted Zone: turbotax.com DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20060104/qtinstall.info.apple.com/snape/us/win/QuickTimeInstaller.exe DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} - hxxp://www.systemrequirementslab.com/sysreqlab.cab DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} - hxxp://plugin.fileopen.com/current/FileOpen.CAB DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5841/mcfscan.cab Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winpro\system32\WPDShServiceObj.dll SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\progra~1\qualcomm\eudora\EuShlExt.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL LSA: Notification Packages = scecli fsdcocl.dll ============= SERVICES / DRIVERS =============== R1 Ext2fs;Ext2fs;c:\winpro\system32\drivers\ext2fs.sys [2006-5-13 131840] R3 USBFVNETR;NETGEAR MA101 USB Adapter;c:\winpro\system32\drivers\ma101rnd.sys [2006-4-26 80000] S0 qfyfiwn;qfyfiwn;c:\winpro\system32\drivers\sujcio.sys --> c:\winpro\system32\drivers\sujcio.sys [?] S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-2 11608] S1 IfsDrives;IfsDrives;c:\winpro\system32\drivers\IfsDrives.sys [2006-5-13 4608] S1 mfehidk;McAfee Inc. mfehidk;c:\winpro\system32\drivers\mfehidk.sys [2009-11-4 214664] S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968] S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-2 108289] S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-2 185089] S2 avgntflt;avgntflt;c:\winpro\system32\drivers\avgntflt.sys [2010-1-2 55656] S2 mpich_mpd;MPICH Daemon © 2001 Argonne National Lab;c:\program files\mpich\mpd\bin\mpd.exe [2006-6-7 184320] S3 mferkdk;McAfee Inc. mferkdk;c:\winpro\system32\drivers\mferkdk.sys [2009-12-22 34248] S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408] S3 TCNear;TC Near;c:\winpro\system32\drivers\TCNear.sys [2007-10-17 124800] S3 TCNearAudio;TC Near Audio;c:\winpro\system32\drivers\TCNearAudio.sys [2007-10-17 20864] S3 TCNearMidi;TC Near MIDI;c:\winpro\system32\drivers\TCNearMidi.sys [2007-10-17 20480] S3 VisorUsb;Handspring USB;c:\winpro\system32\drivers\visorusb.sys --> c:\winpro\system32\drivers\VisorUsb.sys [?] S3 vsdatant;vsdatant;c:\winpro\system32\vsdatant.sys [2005-1-26 280344] =============== Created Last 30 ================ 2010-01-03 01:55:32 202 ----a-w- c:\winpro\system32\srcr.dat 2010-01-03 01:50:58 0 ----a-w- c:\documents and settings\todd.drbunny.003\defogger_reenable 2010-01-02 23:29:56 869 ----a-w- c:\winpro\system32\krl32mainweq.dll 2010-01-02 18:34:19 0 d-----w- c:\winpro\LastGood.Tmp 2010-01-02 18:34:11 55656 ----a-w- c:\winpro\system32\drivers\avgntflt.sys 2010-01-02 18:34:06 0 d-----w- c:\program files\Avira 2010-01-02 18:34:06 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Avira 2010-01-02 02:06:45 0 --sha-w- c:\winpro\nvDrv.sy 2009-12-29 07:48:20 0 d-----w- c:\program files\CCleaner 2009-12-29 07:22:36 0 d-----w- c:\docume~1\todddr~1.003\applic~1\McAfee 2009-12-29 00:43:26 0 d-----w- c:\docume~1\todddr~1.003\applic~1\Malwarebytes 2009-12-26 18:27:22 0 d-----w- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com 2009-12-26 18:16:58 38224 ----a-w- c:\winpro\system32\drivers\mbamswissarmy.sys 2009-12-26 18:16:57 19160 ----a-w- c:\winpro\system32\drivers\mbam.sys 2009-12-26 18:16:57 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-26 18:16:57 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes 2009-12-26 18:15:32 0 d-----w- c:\program files\SUPERAntiSpyware 2009-12-26 18:15:32 0 d-----w- c:\docume~1\todddr~1.003\applic~1\SUPERAntiSpyware.com 2009-12-23 08:13:12 0 d-----w- c:\winpro\McAfee.com 2009-12-23 07:04:48 0 d-----w- c:\program files\McAfee.com 2009-12-23 07:04:48 0 d-----w- c:\program files\common files\McAfee 2009-12-23 07:04:37 0 d-----w- c:\program files\McAfee 2009-12-23 07:01:59 34248 ----a-w- c:\winpro\system32\drivers\mferkdk.sys 2009-12-22 15:30:12 120 ----a-w- c:\winpro\Gjeweziwa.dat 2009-12-22 15:30:12 0 ----a-w- c:\winpro\Tcetogilime.bin 2009-12-22 15:26:25 471552 -c----w- c:\winpro\system32\dllcache\aclayers.dll ==================== Find3M ==================== 2009-11-05 00:54:12 214664 ----a-w- c:\winpro\system32\drivers\mfehidk.sys 2009-10-29 07:45:38 916480 ----a-w- c:\winpro\system32\wininet.dll 2009-10-21 05:38:36 75776 ----a-w- c:\winpro\system32\strmfilt.dll 2009-10-21 05:38:36 25088 ----a-w- c:\winpro\system32\httpapi.dll 2009-10-13 10:30:16 270336 ----a-w- c:\winpro\system32\oakley.dll 2009-10-12 13:38:19 149504 ----a-w- c:\winpro\system32\rastls.dll 2009-10-12 13:38:18 79872 ----a-w- c:\winpro\system32\raschap.dll 2009-10-12 00:43:57 41504 ---ha-w- c:\winpro\system32\mlfcache.dat 2007-07-31 04:01:14 604 ---ha-w- c:\program files\STLL Notifier 2008-09-04 04:06:00 32768 --sha-w- c:\winpro\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090320080904\index.dat ============= FINISH: 17:58:08.34 =============== Attach.zip