Jump to content

Canteatthecookies

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I had already deleted the Combofix.exe, and Defogger.exe and their logs before I received your last. I downloaded Defogger again and clicked Reenable. It performed quickly. However, Windows could not find ComboFix so I downloaded it again to the desktop, still no go. Should I run it again and then uninstall it? Or, is there another way to uninstall it? Thanks.
  2. Mr Tate, I must apologize for taking so much of your time, especially when the "problem" was of my own doing. The "mysterious" red FreakingNews.com banner was actually part of a photo I had received and was using as wallpaper. The thumb of the photo did not clearly show it, but when viewed in Paint it was very clear. This has been a wild goose chase for you and I am sorry for it. You have been very gracious during this time; please accept my apology and consider the case closed. Thank you PS I have not retained any of the programs you recommended that I download and run.
  3. It is not listed in Add/Remove Programs What item should I uncheck on the Task Bar? When the banner is there I have no access to the task bar because either I have activated the Shut Down or Restart process and the PcC is about to turn off, or I have to enter my password to log back in after the inactivity timer has activated (as soon as I enter my password the banner goes away). These are the only 2 times the banner is there. If I disable the password or disable the screen saver, then the only time I get the banner is during the shut down or restart process.
  4. Mr. Tate, Tried the reply button on the bottom of your post. Didn't seem to work. Combofix.txt file contents are below. Pc is operating normally but FreakingNews.com banner persists. Antivirus and antimalware program is still disabled. Thank you for your time and effort; waiting instructions. ComboFix 11-07-01.02 - Steve 07/02/2011 6:04.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.478.129 [GMT -5:00] Running from: c:\documents and settings\Steve\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Steve\WINDOWS . . ((((((((((((((((((((((((( Files Created from 2011-06-02 to 2011-07-02 ))))))))))))))))))))))))))))))) . . 2011-07-02 10:58 . 2011-06-07 13:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05A9A7B5-92DD-45B0-80DF-46733EE33531}\mpengine.dll 2011-07-02 10:52 . 2011-06-20 13:57 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{D4BD7B2B-0E9F-4981-8154-B330AA9CFE16}\mpengine.dll 2011-06-29 07:22 . 2011-06-20 13:57 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2011-06-19 20:35 . 2011-05-29 14:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-19 20:35 . 2011-06-19 20:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-19 20:35 . 2011-05-29 14:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-19 19:45 . 2011-06-19 19:45 -------- d-----w- c:\documents and settings\Steve\Application Data\Malwarebytes 2011-06-19 19:45 . 2011-06-19 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-06-18 01:34 . 2011-06-07 13:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-06-16 12:33 . 2011-06-16 12:33 -------- d-----w- c:\documents and settings\Guest 2011-06-13 04:03 . 2011-06-13 04:03 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom 2011-06-13 04:02 . 2011-06-13 04:02 -------- d-----w- c:\documents and settings\Steve\Local Settings\Application Data\TomTom 2011-06-13 04:02 . 2011-06-13 04:02 -------- d-----w- c:\documents and settings\Steve\Application Data\TomTom 2011-06-13 04:02 . 2011-06-13 04:02 -------- d-----w- c:\program files\TomTom International B.V 2011-06-13 04:01 . 2011-06-13 04:02 -------- d-----w- c:\program files\TomTom HOME 2 2011-06-13 03:53 . 2011-06-13 03:53 -------- d-----w- c:\program files\TomTom DesktopSuite 2011-06-13 03:41 . 2011-06-13 03:41 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-13 03:24 . 2011-06-20 02:30 -------- dc----w- c:\windows\system32\DRVSTORE 2011-06-13 03:23 . 2011-06-20 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2011-06-12 21:50 . 2011-06-12 21:50 -------- d-----w- c:\program files\Microsoft Security Client 2011-06-12 21:49 . 2011-06-12 21:49 -------- d-----w- c:\program files\Windows Defender 2011-06-12 21:47 . 2011-06-12 21:47 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-06-10 02:38 . 2011-06-10 02:38 -------- d-----w- c:\documents and settings\All Users\Uniblue 2011-06-10 02:34 . 2011-06-12 13:13 -------- d-----w- c:\documents and settings\Steve\Local Settings\Application Data\OpenCandy 2011-06-10 02:34 . 2011-06-10 02:34 -------- d-----w- c:\documents and settings\Steve\Application Data\OpenCandy 2011-06-10 00:39 . 2011-06-10 00:39 -------- d-----w- c:\program files\Common Files\xing shared 2011-06-10 00:38 . 2011-06-10 00:38 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-06-10 00:38 . 2011-06-10 00:38 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-06-09 23:51 . 2011-06-10 00:39 -------- d-----w- c:\program files\Real 2011-06-09 12:19 . 2011-06-29 03:14 -------- d-----w- c:\program files\CCleaner 2011-06-09 12:13 . 2011-06-09 12:14 -------- d-----w- c:\program files\OpenOffice.org 3 2011-06-09 04:37 . 2011-06-09 04:37 -------- d-----w- c:\windows\Sun 2011-06-09 04:37 . 2011-06-09 04:37 -------- d-----w- c:\program files\Common Files\Java 2011-06-09 04:37 . 2011-06-09 04:37 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-06-09 04:37 . 2011-06-09 04:36 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-09 04:36 . 2011-06-09 12:12 -------- d-----w- c:\program files\Java 2011-06-09 04:29 . 2011-06-12 13:39 -------- d-----w- c:\program files\Speccy 2011-06-09 04:15 . 2011-06-09 04:15 -------- d-----w- c:\documents and settings\Steve\Local Settings\Application Data\MicroVision Applications 2011-06-09 03:30 . 2011-06-09 03:30 -------- d-----w- c:\documents and settings\Steve\Local Settings\Application Data\Identities 2011-06-08 21:15 . 2011-06-08 21:15 -------- d-----w- c:\documents and settings\Steve\Local Settings\Application Data\Proxure 2011-06-08 21:13 . 2011-06-08 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\ClubSanDisk 2011-06-08 21:00 . 2011-06-08 21:01 -------- d-----w- C:\c2aece221182686b87cb2f 2011-06-08 20:49 . 2011-06-08 20:49 -------- d-----w- c:\program files\MSBuild 2011-06-08 20:46 . 2011-06-08 21:02 -------- d-----w- c:\windows\system32\XPSViewer 2011-06-08 20:45 . 2011-06-08 20:45 -------- d-----w- c:\program files\Reference Assemblies 2011-06-08 20:45 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2011-06-08 20:44 . 2006-06-29 18:07 14048 ------w- c:\windows\system32\spmsg2.dll 2011-06-08 19:59 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2011-06-08 11:27 . 2011-06-08 11:27 -------- d-----w- c:\documents and settings\Steve\Local Settings\Application Data\Temp 2011-06-08 03:39 . 2011-06-15 20:50 -------- d-----w- c:\program files\Common Files\Adobe 2011-06-08 03:35 . 2011-06-15 20:45 -------- d-----w- c:\program files\Common Files\Adobe AIR 2011-06-08 03:35 . 2011-06-08 11:27 -------- d-----w- c:\documents and settings\Steve\Local Settings\Application Data\Adobe 2011-06-08 02:39 . 2011-05-25 00:14 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-06-08 02:24 . 2011-06-08 02:24 -------- d-sh--w- c:\documents and settings\Steve\PrivacIE 2011-06-08 02:19 . 2011-06-08 02:19 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2011-06-08 02:19 . 2011-06-08 02:19 -------- d-sh--w- c:\documents and settings\Steve\IETldCache 2011-06-08 02:08 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll 2011-06-08 02:08 . 2011-04-25 16:11 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2011-06-08 02:08 . 2011-04-25 16:11 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2011-06-08 02:08 . 2011-04-25 16:11 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2011-06-08 02:08 . 2011-04-25 16:11 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2011-06-08 02:08 . 2011-04-25 16:11 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll 2011-06-08 02:08 . 2011-04-26 15:11 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll 2011-06-08 02:08 . 2011-04-25 16:11 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2011-06-08 02:07 . 2011-06-08 02:08 -------- dc-h--w- c:\windows\ie8 2011-06-08 01:43 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2011-06-08 01:43 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys 2011-06-08 01:32 . 2010-12-09 13:42 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2011-06-08 01:32 . 2010-12-09 13:38 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2011-06-08 01:32 . 2010-12-09 13:07 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2011-06-08 01:31 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2011-06-08 01:25 . 2011-06-08 01:25 -------- d-----w- c:\program files\Windows Media Connect 2 2011-06-08 01:24 . 2011-04-29 16:19 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2011-06-08 01:24 . 2011-06-09 03:20 -------- d-----w- c:\windows\system32\LogFiles 2011-06-08 01:24 . 2011-06-08 01:24 -------- d-----w- c:\windows\system32\drivers\UMDF 2011-06-08 01:15 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-06-08 01:14 . 2011-06-15 21:06 -------- d-sh--w- c:\documents and settings\Steve\UserData 2011-06-08 01:14 . 2009-01-08 01:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2011-06-08 01:14 . 2011-06-29 03:08 -------- d--h--w- c:\windows\$hf_mig$ 2011-06-08 01:06 . 2011-06-15 20:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-17 02:47 . 2006-07-24 10:00 45200 ------w- c:\windows\system32\drivers\pxhelp20.sys 2011-05-02 15:31 . 2011-05-25 01:59 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2008-04-14 12:00 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2008-04-14 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056] "LXSUPMON"="c:\windows\system32\LXSUPMON.EXE" [2002-03-14 906752] "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-06-10 273544] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\wirelesscm.exe [2011-5-25 13357056] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= . R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [5/24/2011 10:41 PM 3456] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/22/2011 7:21 AM 92592] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] S0 cerc6;cerc6; [x] . Contents of the 'Scheduled Tasks' folder . 2011-07-02 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20] . 2011-07-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-1715567821-1177238915-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47] . 2011-07-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-1715567821-1177238915-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47] . . ------- Supplementary Scan ------- . uStart Page = https://mail.google.com/mail/?hl=en&shva=1#inbox uInternet Connection Wizard,ShellNext = hxxp://www.expedia.com/pub/agent.dll?qscr=mcst&strt1=3880+St.+Philip+Dr&city1=Bartlett&stnm1=TN&zipc1=38133-0937&cnty1=5 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-02 06:09 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(412) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-07-02 06:11:39 ComboFix-quarantined-files.txt 2011-07-02 11:11 . Pre-Run: 141,834,719,232 bytes free Post-Run: 141,800,157,184 bytes free . - - End Of File - - CDE5245ED452E6D816BE6710AE424BB7
  5. Larry, I followed the directions you included, however: 1. I was not offered a choice for using the SP3 or SP2 Package (I have SP3); 2. Early in the CF scanning process the red banner with FreakingNews.com appeared, and withing 10 seconds disappeared. I'm going to see if it reappears after inactivity period elapses. I'll advise in # 4, below. 3. After 2 minutes of CF's scanning I got the Microsoft Blue Screen advising me that Windows encountered an error and was shutting down, dumping memory to disk. 4. It's still there. What is the next step. Thanks.
  6. Thank you for assisting me thus far. Hope you can find it. . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Steve at 6:26:35 on 2011-06-29 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.478.78 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\LXSUPMON.EXE C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\wirelesscm.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = hxxp://www.expedia.com/pub/agent.dll?qscr=mcst&strt1=3880+St.+Philip+Dr&city1=Bartlett&stnm1=TN&zipc1=38133-0937&cnty1=5 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [uIUCU] c:\docume~1\steve\locals~1\temp\UIUCU.EXE -CLEAN_UP -S mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay mRun: [LXSUPMON] c:\windows\system32\LXSUPMON.EXE RUN mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe" mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\d-link dwa-552 xtreme n desktop adapter\wirelesscm.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1307530515296 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{ADC9A654-8015-4A7A-A245-2A10DFD38E4C} : DhcpNameServer = 192.168.1.254 SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll . ============= SERVICES / DRIVERS =============== . R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2011-5-24 3456] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264] R1 MpKsl1cd48cd6;MpKsl1cd48cd6;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{643eddf6-2088-4a4f-8bf8-54b501f1b895}\MpKsl1cd48cd6.sys [2011-6-29 28752] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592] S0 cerc6;cerc6; [x] S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] . =============== Created Last 30 ================ . 2011-06-29 11:21:25 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{643eddf6-2088-4a4f-8bf8-54b501f1b895}\MpKsl1cd48cd6.sys 2011-06-29 11:02:11 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{643eddf6-2088-4a4f-8bf8-54b501f1b895}\mpengine.dll 2011-06-29 07:22:16 2321288 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll 2011-06-29 07:22:10 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{c0f0cbdf-c490-476c-b433-0b632e56139e}\mpengine.dll 2011-06-20 02:31:44 -------- d-----w- c:\windows\system32\appmgmt 2011-06-19 20:35:55 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-19 20:35:51 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-19 20:35:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-19 19:45:57 -------- d-----w- c:\documents and settings\steve\application data\Malwarebytes 2011-06-19 19:45:46 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-06-18 01:34:00 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2011-06-13 04:03:21 -------- d-----w- c:\documents and settings\all users\application data\TomTom 2011-06-13 04:02:27 -------- d-----w- c:\documents and settings\steve\local settings\application data\TomTom 2011-06-13 04:02:27 -------- d-----w- c:\documents and settings\steve\application data\TomTom 2011-06-13 04:02:19 -------- d-----w- c:\program files\TomTom International B.V 2011-06-13 04:01:45 -------- d-----w- c:\program files\TomTom HOME 2 2011-06-13 03:53:49 -------- d-----w- c:\program files\TomTom DesktopSuite 2011-06-13 03:41:05 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-12 21:50:33 -------- d-----w- c:\program files\Microsoft Security Client 2011-06-12 21:47:44 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-06-10 02:38:02 -------- d-----w- c:\documents and settings\all users\Uniblue 2011-06-10 02:34:57 -------- d-----w- c:\documents and settings\steve\local settings\application data\OpenCandy 2011-06-10 02:34:54 -------- d-----w- c:\documents and settings\steve\application data\OpenCandy 2011-06-10 00:39:39 -------- d-----w- c:\program files\common files\xing shared 2011-06-10 00:38:56 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-06-10 00:38:55 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-06-09 12:19:42 -------- d-----w- c:\program files\CCleaner 2011-06-09 12:13:25 -------- d-----w- c:\program files\OpenOffice.org 3 2011-06-09 04:37:13 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-06-09 04:37:13 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-09 04:29:33 -------- d-----w- c:\program files\Speccy 2011-06-09 04:15:04 -------- d-----w- c:\documents and settings\steve\local settings\application data\MicroVision Applications 2011-06-09 03:30:23 -------- d-----w- c:\documents and settings\steve\local settings\application data\Identities 2011-06-08 21:15:39 -------- d-----w- c:\documents and settings\steve\local settings\application data\Proxure 2011-06-08 21:13:16 -------- d-----w- c:\documents and settings\all users\application data\ClubSanDisk 2011-06-08 21:00:54 -------- d-----w- C:\c2aece221182686b87cb2f 2011-06-08 20:46:05 -------- d-----w- c:\windows\system32\XPSViewer 2011-06-08 20:45:03 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll 2011-06-08 20:44:49 14048 ------w- c:\windows\system32\spmsg2.dll 2011-06-08 19:59:53 274288 ----a-w- c:\windows\system32\mucltui.dll 2011-06-08 19:59:53 16736 ----a-w- c:\windows\system32\mucltui.dll.mui 2011-06-08 11:27:58 -------- d-----w- c:\documents and settings\steve\local settings\application data\Temp 2011-06-08 03:35:17 -------- d-----w- c:\documents and settings\steve\local settings\application data\Adobe 2011-06-08 02:39:46 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-06-08 02:24:41 -------- d-sh--w- c:\documents and settings\steve\PrivacIE 2011-06-08 02:19:20 -------- d-sh--w- c:\documents and settings\steve\IETldCache 2011-06-08 02:08:52 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll 2011-06-08 02:08:41 -------- d-----w- c:\windows\ie8updates 2011-06-08 02:08:29 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2011-06-08 02:08:29 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2011-06-08 02:08:29 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2011-06-08 02:08:29 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll 2011-06-08 02:08:29 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2011-06-08 02:08:28 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2011-06-08 02:08:28 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll 2011-06-08 02:07:28 -------- dc-h--w- c:\windows\ie8 2011-06-08 01:43:18 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2011-06-08 01:43:18 272128 ------w- c:\windows\system32\drivers\bthport.sys 2011-06-08 01:32:42 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2011-06-08 01:32:42 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2011-06-08 01:32:42 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2011-06-08 01:25:35 -------- d-----w- c:\program files\Windows Media Connect 2 2011-06-08 01:24:47 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2011-06-08 01:24:15 -------- d-----w- c:\windows\system32\LogFiles 2011-06-08 01:15:21 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-06-08 01:14:52 -------- d-sh--w- c:\documents and settings\steve\UserData 2011-06-08 01:14:47 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2011-06-08 01:14:47 -------- d-----w- c:\windows\system32\PreInstall 2011-06-08 01:14:45 -------- d--h--w- c:\windows\$hf_mig$ 2011-06-08 01:06:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-08 00:58:22 -------- d-----w- c:\windows\system32\SoftwareDistribution . ==================== Find3M ==================== . 2011-06-17 02:47:59 45200 ------w- c:\windows\system32\drivers\pxhelp20.sys 2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11:11 43520 ------w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01:22 385024 ------w- c:\windows\system32\html.iec 2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys . ============= FINISH: 6:27:35.82 =============== mbam-log-2011-06-29 (05-34-50).txt attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.