TStafford
-
Posts
18 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by TStafford
-
ComboFix is uninstalled. I have SUPERAntiSpyware on my computer and Symantec Antivirus. Do I want to delete those before I download on of the antivirus programs you mentioned. Thanks again for all your help and advice.
-
I removed Java and installed the newest version. It seems to be working ok. Should I do a Malwarebytes scan? I usually run one once a week. How often should they be done? Thanks so much for all your help.
-
ESET Report Results ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=eed5f41d43244245af7aef02b58db82c # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-07-01 04:48:14 # local_time=2011-07-01 12:48:14 (-0500, Eastern Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1024 16777215 100 0 45431874 45431874 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=50528 # found=2 # cleaned=2 # scan_time=1369 C:\Qoobox\Quarantine\C\WINDOWS\system32\msgina32.dll.vir Win32/TrojanDownloader.Agent.PDY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{9F557019-F03F-44B6-AE98-F9FE2E785F9B}\RP1\A0000375.dll Win32/TrojanDownloader.Agent.PDY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C Bit Defender Results QuickScan Beta 32-bit v0.9.9.96 ------------------------------- Scan date: Fri Jul 01 12:54:01 2011 Machine ID: F8AB5529 No infection found. ------------------- Processes --------- AcroTray - Adobe Acrobat Distiller help 3192 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe Client and Host Security Platform 3068 C:\Program Files\Common Files\Symantec Shared\ccApp.exe Client and Host Security Platform 1656 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe Client and Host Security Platform 1628 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe Java Platform SE 6 U12 184 C:\Program Files\Java\jre6\bin\jqs.exe LightScribe 344 C:\Program Files\Common Files\LightScribe\LSSrvc.exe Microsoft® Windows® Operating System 1832 C:\WINDOWS\system32\spoolsv.exe SPBBC 1760 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe SUPERAntiSpyware 3804 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Symantec AntiVirus 1968 C:\Program Files\Symantec AntiVirus\DefWatch.exe Symantec AntiVirus 492 C:\Program Files\Symantec AntiVirus\Rtvscan.exe Symantec AntiVirus 3088 C:\PROGRA~1\SYMANT~1\VPTray.exe w3dbsmgr.exe 1964 C:\Program Files\Pervasive\bin\w3dbsmgr.exe (verified) FLEXnet Publisher (32 bit) 2608 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (verified) GrooveMonitor Utility 3288 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (verified) Microsoft® Windows® Operating System 4040 C:\WINDOWS\explorer.exe (verified) Microsoft® Windows® Operating System 2240 C:\WINDOWS\system32\alg.exe (verified) Microsoft® Windows® Operating System 856 C:\WINDOWS\system32\csrss.exe (verified) Microsoft® Windows® Operating System 2544 C:\WINDOWS\system32\ctfmon.exe (verified) Microsoft® Windows® Operating System 936 C:\WINDOWS\system32\lsass.exe (verified) Microsoft® Windows® Operating System 924 C:\WINDOWS\system32\services.exe (verified) Microsoft® Windows® Operating System 808 C:\WINDOWS\system32\smss.exe (verified) Microsoft® Windows® Operating System 1108 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1156 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1196 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1312 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1344 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1616 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 880 C:\WINDOWS\system32\winlogon.exe (verified) Windows® Internet Explorer 1004 C:\Program Files\Internet Explorer\iexplore.exe (verified) Windows® Internet Explorer 1636 C:\Program Files\Internet Explorer\iexplore.exe (verified) Windows® Internet Explorer 4056 C:\Program Files\Internet Explorer\iexplore.exe Network activity ---------------- Process iexplore.exe (1004) connected on port 80 (HTTP) --> 24.25.26.32 Process iexplore.exe (1004) connected on port 80 (HTTP) --> 69.171.224.42 Process iexplore.exe (1004) connected on port 80 (HTTP) --> 24.25.26.32 Process iexplore.exe (1004) connected on port 80 (HTTP) --> 24.25.26.89 Process iexplore.exe (1004) connected on port 80 (HTTP) --> 72.14.204.101 Process iexplore.exe (1004) connected on port 80 (HTTP) --> 66.235.142.24 Process svchost.exe (1156) listens on ports: 135 (RPC) Autoruns and critical files --------------------------- AcroTray - Adobe Acrobat Distiller help C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe Client and Host Security Platform C:\Program Files\Common Files\Symantec Shared\ccApp.exe GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll Intel® Common User Interface C:\WINDOWS\system32\igfxdev.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\ssflwbox.scr Microsoft® Windows® Operating System c:\windows\system32\userinit.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll SuperAntiSpyware C:\Program Files\SUPERAntiSpyware\SASSEH.DLL SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Symantec AntiVirus C:\Program Files\Symantec AntiVirus\VPTray.exe Symantec AntiVirus C:\WINDOWS\system32\NavLogon.dll (verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe (verified) GrooveMonitor Utility C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (verified) Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll (verified) SUPERAntiSpyware WinLogon Processor C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (verified) Windows® Internet Explorer C:\WINDOWS\system32\msfeedssync.exe (verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll Browser plugins --------------- AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll Adobe PDF Toolbar for IE C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll Google Toolbar for Internet Explorer C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll Java Platform SE 6 U12 C:\Program Files\Java\jre6\bin\jp2ssv.dll Java Platform SE 6 U12 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll Messenger C:\Program Files\Messenger\msmsgs.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll Move Streaming Media Player C:\Documents and Settings\User\Application Data\Move Networks\plugins\npqmp071505000011.dll Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll Windows® Internet Explorer C:\WINDOWS\system32\IEFRAME.dll (verified) Google Update C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe Scan ---- MD5: e66e9c5d42aa085891a4f67e7b2ca4df C:\Documents and Settings\User\Application Data\Move Networks\plugins\npqmp071505000011.dll MD5: 031ccdff85a57172f3402cb99b3e9d46 C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll MD5: 2786afc6ab1f04d7600228e39df2e186 C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll MD5: db4b28b8f25b3a2548b947a42b2df3b3 C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll MD5: 11ab72d5d603db401c190b454fb935a7 C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL MD5: ff29e3fb75e7726ee002b65a9f2d4a6e C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll MD5: 2ca81bee71573e5534ba8be515bad404 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.DEU MD5: 4a0bbdf88636f2ef08420bdcd343d286 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe MD5: fd0ad7ecc485d10f66824a92f16d46c0 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.FRA MD5: 39fe705fe7fab4b9f7642b324b1f382e C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adistres.dll MD5: de519c164f3300d83f4efb4a23dad2ac C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_epic.dll MD5: 4970cda5fc955a8a0b6eaee92bbd22ab C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_pcd.dll MD5: 3fb0f47b4c0c048ee97b0e2b4ff9c67d C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_personalization.dll MD5: 4b88bd98983a2cd9be90f368b4f59f0a C:\Program Files\Adobe\Acrobat 8.0\Acrobat\asneu.dll MD5: 6f2e09108202e5eb008c69488fafd27c C:\Program Files\Adobe\Acrobat 8.0\Acrobat\FNP_Act_Installer.dll MD5: 0bd343c45b4eccf8d6af94d6c3adc310 C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll MD5: 42d248c8b9460f908e9d11475bad534c C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll MD5: d2ada8af0ee98f3f76536015d74ee4bf C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll MD5: c228a432a5a1fd7803d5387089dd053c C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll MD5: 47c1de0a890613ffcff1d67648eedf90 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe MD5: 060daf68493ad7adf104413e5a62afa8 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe MD5: 469bd51b465887fd4c78a6a0d598902c C:\Program Files\Common Files\LightScribe\LSLog.dll MD5: b0ea38637d86c6bef855801f741e5027 C:\Program Files\Common Files\LightScribe\LSSProxy.dll MD5: f34b35f6f74e28a460749da11d1117f8 C:\Program Files\Common Files\LightScribe\LSSrvc.exe MD5: ef773f873f64a3ddced9f2dbd40cba6e C:\Program Files\Common Files\Symantec Shared\ccAlert.dll MD5: ae0f500ea5e01afef0bb9051969804b2 C:\Program Files\Common Files\Symantec Shared\ccApp.exe MD5: ea8670a06cd1efd512884c3283deac2e C:\Program Files\Common Files\Symantec Shared\ccDec.dll MD5: 180f0dc022fd27f5ef8aa179a3e334a5 C:\Program Files\Common Files\Symantec Shared\ccEmlPxy.dll MD5: 04945313bc60488e0c14ad1167160659 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe MD5: 9885dcb7f5fb550d9822b485a18e6ad7 C:\Program Files\Common Files\Symantec Shared\ccL40.dll MD5: 29c9d9b10aef1d3bf64cf0f3be458d2e C:\Program Files\Common Files\Symantec Shared\ccProSub.dll MD5: f47d1f3b41c00f4acf0a350dea30236f C:\Program Files\Common Files\Symantec Shared\ccScan.dll MD5: 30390fdef803eb3c87ec8a9b8e191519 C:\Program Files\Common Files\Symantec Shared\ccSet.dll MD5: 84f572454b354d3d7e2d1f9e65a3df11 C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll MD5: 2203161ec24c210d51db69c604f4a504 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe MD5: 9617743fa5d8770414858bbd58673095 C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll MD5: 545446ba4583b471739affe9625f7d39 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll MD5: dcfd4b0b4654f6a070873c8c75a458df C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll MD5: a0e10b03c91da932c85875e0587f30c7 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll MD5: 33b3051f2a2bef1474dcbd8879f62aab C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll MD5: e58c5c07812e99ffce7a9a88495c39ca C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll MD5: b1c720d4d4fe004625808915f8d85377 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll MD5: aadaf917cb38a78cfadbed3855ec00a3 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll MD5: ec9759527c5cf7737cee852f02e7b44f C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll MD5: c39654b3bffabc6b60d1be622c2df891 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll MD5: b2fff046e2fcbf005235840a056a3560 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll MD5: d044057f830e44f2761eb6ead555d6f3 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll MD5: 22439d1a72ed0293cd4ed6c4d8b0d7fd C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll MD5: 0acc49e7fe0ebf8d0886b6e435f51e45 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll MD5: 175a9c7f4695c289a719ebe73dace28d C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll MD5: 6cf6e9a539cbb5d855ffa7c5b057b4a2 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll MD5: ab2f99fc684eeb007cf048666c4cd7d8 C:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll MD5: bf4d6c3965216739da4d8b162a87d4a1 C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL MD5: 5461f01b7def17dc90d90b029f874c3b C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys MD5: 17fcc372d03ba39f3aee85198c0ec594 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys MD5: a16722715d3206ab7e1a6463ce0b747e C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe MD5: 81ddefd9384fb19a89ff580ce2c9af2b C:\Program Files\Common Files\Symantec Shared\SPBBC\bbRGen.dll MD5: ef9760a364d836a0ce6149ebdf71524d C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys MD5: e8ca507335c5aa7be0a05b11a3a3d625 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll MD5: 0a6bcab3bb4ad9d25e833fb3f840cae0 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe MD5: 73cdc02c00d576a6cb076a07e8879b82 c:\program files\common files\symantec shared\ssc\ScsComms.dll MD5: 45316d4e5677e60fadf25b101846ea24 C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110627.004\CCERASER.DLL MD5: db7d1a51056505da83fb9fa26b0eb8ef C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110627.004\ECMSVR32.DLL MD5: b2d872bcc254f3751d8ba12c2c544d12 C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110627.004\NAVENG32.DLL MD5: 420fbd8528978c83ec381904d2612046 C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110627.004\NAVEX32A.DLL MD5: f67a9f35ab9414f06fae3cc0361ce82e C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_2F821985C9445066.dll MD5: dd1d6ab37ccd88b5bf5cddf9fdb8ac7a C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll MD5: 21fcfc6fff22de67d60b475f74538163 C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll MD5: a953e104137df406b70477d60bc29008 C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll MD5: a9d7153b413dd0a43aac72190473eeaf C:\Program Files\Internet Explorer\ieproxy.dll MD5: 6f120933f87e7dec972476170288a267 C:\Program Files\Internet Explorer\plugins\nppdf32.dll MD5: 5dd552e15419354fcd8ee92ae2660814 C:\Program Files\Internet Explorer\xpshims.dll MD5: 2ca866c48bd8781383f63229d4d94349 C:\Program Files\Java\jre6\bin\jp2ssv.dll MD5: 511ab23a292497f2c527eee5775b0bfe C:\Program Files\Java\jre6\bin\jqs.exe MD5: 8f9867cea366201d7759f930f9f986bb C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe MD5: 451b004c4ace3b84a75cb982627b5e0c C:\Program Files\Microsoft Office\Office12\1033\GrooveIntlResource.dll MD5: 11da24e40264b9fcb14b8477e25ed09a C:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL MD5: 6d8fcdd5bb3b676ef58fa234073492c6 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe MD5: 7eb786c85b6e0c5e3734d784d975c69b C:\Program Files\Pervasive\bin\clientrb.dll MD5: 44806ac4b0ea07d7d20a1b3c13d669dc C:\Program Files\Pervasive\bin\mkderb.dll MD5: 79a3509bfff377416771010f35118ab9 C:\Program Files\Pervasive\bin\pscl3.dll MD5: 79adc98e13386306e63170e7e8c75ba6 C:\Program Files\Pervasive\bin\pscore3.dll MD5: e5ce32ee9497d3526ec56d36a03d2edb C:\Program Files\Pervasive\bin\W3CACHE.DLL MD5: 015d8e9acb6aa281a68cf6204f9330c4 C:\Program Files\Pervasive\bin\w3csm100.dll MD5: 611eb0dcf2d36543359270a90988ed8f C:\Program Files\Pervasive\bin\w3csp100.dll MD5: 76c56a7de868a5b5082978f4423fa9a4 C:\Program Files\Pervasive\bin\w3dbsmgr.exe MD5: 22c01218be301c75869fc70fc8e0802a C:\Program Files\Pervasive\bin\W3NSL260.DLL MD5: 31a7aa2dedefbd3927b0cade051aac2c C:\Program Files\SUPERAntiSpyware\deupx.dll MD5: ecd5517a6633826057d4f050927ddf56 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL MD5: a8e070a58772566b8452390a5273ac4a C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe MD5: df2737d5190be416306408c55cbb6c12 C:\Program Files\Symantec AntiVirus\Cliproxy.dll MD5: d622a7ad176d9ac6b64f384681a83baa C:\Program Files\Symantec AntiVirus\Cliscan.dll MD5: 383047f10315dda64069061dbe76e705 C:\Program Files\Symantec AntiVirus\DefUtDCD.dll MD5: 9709d3d9e592d3217353f3fafe29faa3 C:\Program Files\Symantec AntiVirus\DefWatch.exe MD5: dece4bcb913effe06ad7ed9b81009aea C:\Program Files\Symantec AntiVirus\I2ldvp3.dll MD5: 77edda1025d63ffac011d44e58903be4 C:\Program Files\Symantec AntiVirus\IMail.dll MD5: 3b79ee1e931136361b7027df12445907 C:\Program Files\Symantec AntiVirus\NAVLU.dll MD5: 67ce32e7d0cb24b74f65ad3db96c1db6 C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL MD5: aac734d1461b5a40f6fe97dc546fa580 C:\Program Files\Symantec AntiVirus\NotesExt.dll MD5: 0023cc5610b9c48cf68571dee4c686fc C:\Program Files\Symantec AntiVirus\Rtvscan.exe MD5: 213de5c1e80fd0fe13abd0bae60af029 C:\Program Files\Symantec AntiVirus\SavEmail.dll MD5: 5387eae86fb5f6b72052f5273bdd3e86 C:\Program Files\Symantec AntiVirus\SavRoam.exe MD5: 12b6e269ef8ac8ea36122544c8a1b6d8 C:\Program Files\Symantec AntiVirus\savrt.sys MD5: e8d8d57b398825bdea011c5be81afe5a C:\Program Files\Symantec AntiVirus\SAVRT32.DLL MD5: 97e5b6f3f95465e1f59360b59d8ec64e C:\Program Files\Symantec AntiVirus\Savrtpel.sys MD5: 7e3121f21e64bc9cf12435d8546aec15 C:\Program Files\Symantec AntiVirus\SymProtectStorage.dll MD5: df125e6217a360b2a0b00f007fa18c2e C:\Program Files\Symantec AntiVirus\vpmsece4.dll MD5: 4279e452e99a4f044ce37f03d57fa612 C:\Program Files\Symantec AntiVirus\VPTray.exe MD5: 920d9701bba90dbb7ccfd3536ea4d6f9 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110627.004\naveng.sys MD5: 31b1a9b53c3319b97f7874347cd992d2 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110627.004\navex15.sys MD5: fb3a35318ca7f6a10fa3c3826a69affe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE MD5: 4279e452e99a4f044ce37f03d57fa612 C:\PROGRA~1\SYMANT~1\VPTray.exe MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL MD5: 23dc75d158d484177ffe99e23264f89f C:\WINDOWS\Downloaded Program Files\qsax.dll MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll MD5: 2fd3e73d3e00c3b00a236ff3adf9e401 C:\WINDOWS\system32\AdobePDF.dll MD5: 3c946e1943ca16f6cc95463c2840305e C:\WINDOWS\system32\CBA.DLL MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\COMCTL32.dll MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll MD5: bdaaf79dd63f194434d31a74b9bb8b77 C:\WINDOWS\system32\CRYPT32.dll MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll MD5: 6100d350770a5595fbf4c96f3510badc C:\WINDOWS\system32\CSRSRV.dll MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll MD5: 78e862846112347eee8214b649ae563f C:\WINDOWS\system32\dispex.dll MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll MD5: 355556d9e580915118cd7ef736653a89 C:\WINDOWS\System32\drivers\afd.sys MD5: f6af59d6eee5e1c304f7f73706ad11d8 C:\WINDOWS\system32\drivers\Ambfilt.sys MD5: c0ded802ac884cdd13dc626d70c72d98 C:\WINDOWS\system32\DRIVERS\b57xp32.sys MD5: ac9cf17ee2ae003c98eb4f5336c38058 C:\WINDOWS\system32\DRIVERS\e100b325.sys MD5: 96f0e87376bc8cca259eaa7f3259f244 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys MD5: cbbbbcace1abda7336410df4ab3c74d7 C:\WINDOWS\system32\Drivers\iqvw32.sys MD5: b309912717c29fc67e1ba4730a82b6dd C:\WINDOWS\system32\drivers\mbamswissarmy.sys MD5: 9fa7207d1b1adead88ae8eed9cdbbaa5 C:\WINDOWS\system32\drivers\Monfilt.sys MD5: 0dc719e9b15e902346e87e9dcd5751fa C:\WINDOWS\system32\DRIVERS\mrxsmb.sys MD5: 70aeec67e87a2002e6b2cc353d56e222 C:\WINDOWS\system32\DRIVERS\rt2500usb.sys MD5: 20946e2db7709120b961bcefd4737c53 C:\WINDOWS\system32\drivers\RtkHDAud.sys MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys MD5: 49b20b430a4f219173f823536944474a C:\WINDOWS\system32\Drivers\SYMEVENT.SYS MD5: 626f733be7f951116c5c0804b068666c C:\WINDOWS\System32\Drivers\SYMREDRV.SYS MD5: cb7cc4ddbe09e224d4cd876760ba982c C:\WINDOWS\System32\Drivers\SYMTDI.SYS MD5: 326c012c7fe573829871fe9c9e41cf9b C:\WINDOWS\system32\DRIVERS\WUSB54GCv3.sys MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll MD5: fc80052194d5708254a346568f0e77c0 C:\WINDOWS\system32\GTNDIS5.SYS MD5: af61826b82de7b95d5db8ee075a172d2 C:\WINDOWS\system32\IEFRAME.dll MD5: c0b6195f1afda4a3061915501eb75d4a C:\WINDOWS\system32\iepeers.dll MD5: ba356bd33397936d2e292cb00f80c164 C:\WINDOWS\system32\iertutil.dll MD5: f9430e4169a0cec0188febb9db540261 C:\WINDOWS\system32\igfxdev.dll MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\jscript.dll MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll MD5: 7eb5ebe4c72d7d4fa335563b87b3e521 C:\WINDOWS\system32\KMPJLMN.DLL MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll MD5: 992a7b8b84649353b172cbb80c1e613c C:\WINDOWS\system32\Macromed\Flash\Flash10n.ocx MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\WINDOWS\system32\MFC71.DLL MD5: 1e744353bd534405187a404667da3dc3 C:\WINDOWS\system32\mgmtapi.dll MD5: 69a5adf546505f4c69ef3046bf798b49 C:\WINDOWS\system32\MPRUI.dll MD5: 14da23d2b9310c694aba9dcae14dc059 C:\WINDOWS\system32\msfeeds.dll MD5: 855f6333e3a4dfc6f3c8b0520c261fcd C:\WINDOWS\system32\MSFTEDIT.DLL MD5: ca6abe0b5e79b99bf98d24e7bb68d7db C:\WINDOWS\system32\MsgSys.dll MD5: 22ba5235ea846eda87f68a1dcc2bfcf9 C:\WINDOWS\system32\mshtml.dll MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll MD5: 3637ec6c50e02bb6fd80dd41cf47853e C:\WINDOWS\system32\NavLogon.dll MD5: 20fd44370267ccd0a64a1b31861c21d2 C:\WINDOWS\system32\netmsg.dll MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\System32\netshell.dll MD5: 1414e666316ca7d9823dbd2d4ada5971 C:\WINDOWS\system32\NETUI2.dll MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll MD5: 35c33d6a3a3fde320a842df24a652496 C:\WINDOWS\system32\NTS.dll MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll MD5: 931f84bf591a39f1c0dbc680fd9b09d4 C:\WINDOWS\system32\PDS.DLL MD5: b2cf9f1f606dec23f70a40b01df3c396 C:\WINDOWS\system32\printui.dll MD5: f1dac7969c1337af790bd1d981aa780c C:\WINDOWS\system32\qmgrprxy.dll MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll MD5: abeedd547e939ad827b2e29dec754206 C:\WINDOWS\system32\schannel.dll MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll MD5: 734d39a18c13eb6530a295dfd15a3128 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\KMUC50f9.DLL MD5: 624e74e911d8e741f540a71baa8a743a C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\KMUU50f9.DLL MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll MD5: e27992b5be536ede2d50a253a880c852 C:\WINDOWS\system32\ssflwbox.scr MD5: f31ec45a991f386501ebf0399db9fc7e C:\WINDOWS\system32\SYMREDIR.DLL MD5: d0049860b63dd87a73a5d165c829c65f C:\WINDOWS\system32\T2EMBED.DLL MD5: 8357809e111e09393633039769d96281 C:\WINDOWS\system32\tcpmib.dll MD5: 78bb1e601edab917094b0260a5a57c85 C:\WINDOWS\system32\urlmon.dll MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll MD5: cc951c2212a200475a587a440e0aa804 C:\WINDOWS\system32\WININET.dll MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll MD5: 42b5427fac23bf6f1f31e466b7feb084 C:\WINDOWS\system32\winsrv.dll MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll MD5: 277f3e3333f1d10ca428568197fcce70 C:\WINDOWS\system32\wsnmp32.dll MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll MD5: d5e459bed3db9cf7fc6cc1455f177d2d C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.DLL MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCP80.dll MD5: c9564cf4976e7e96b4052737aa2492b4 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll No file uploaded. Scan finished - communication took 2 sec Total traffic - 0.01 MB sent, 0.76 KB recvd Scanned 621 files and modules - 11 seconds ============================================================================== Everything still appears to be running properly.
-
Here is the Combo Fix Log ComboFix 11-06-30.05 - User 07/01/2011 11:39:33.7.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1129 [GMT -4:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . FILE :: "c:\windows\system32\atmlib32.exe" "c:\windows\system32\drivers\EventSystem32" "c:\windows\system32\msgina32.dll" "c:\windows\system32\odbcbcp32.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\msgina32.dll . . ((((((((((((((((((((((((( Files Created from 2011-06-01 to 2011-07-01 ))))))))))))))))))))))))))))))) . . 2011-06-30 19:43 . 2011-01-17 14:50 333176 ----a-w- c:\windows\Listdlls.exe 2011-06-30 19:43 . 2011-05-17 16:48 423288 ----a-w- c:\windows\handle.exe 2011-06-24 14:55 . 2011-06-24 14:55 -------- d-----w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com 2011-06-24 14:55 . 2011-06-24 14:55 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-06-17 07:02 . 2011-06-17 07:02 -------- d-----w- c:\windows\SxsCaPendDel 2011-06-16 23:24 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2011-06-06 16:55 . 2011-06-06 16:55 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 13:11 . 2010-01-11 05:41 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11 . 2010-01-11 05:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-02 15:31 . 2010-01-11 04:10 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2004-08-04 12:00 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys . . ((((((((((((((((((((((((((((( SnapShot@2011-06-30_16.25.01 ))))))))))))))))))))))))))))))))))))))))) . + 2011-07-01 15:44 . 2011-07-01 15:44 16384 c:\windows\temp\Perflib_Perfdata_b8.dat + 2004-08-04 12:00 . 2011-07-01 12:38 72306 c:\windows\system32\perfc009.dat - 2004-08-04 12:00 . 2011-06-30 15:52 72306 c:\windows\system32\perfc009.dat + 2004-08-04 12:00 . 2011-07-01 12:38 444556 c:\windows\system32\perfh009.dat - 2004-08-04 12:00 . 2011-06-30 15:52 444556 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-10 2424192] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-14 125632] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2009-11-18 00:26 64032 ----a-w- c:\windows\ALCMTR.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-06-01 15:21 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2009-10-26 20:17 173592 ----a-r- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2009-10-26 20:17 141848 ----a-r- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2007-07-18 22:55 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 20:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2009-10-26 20:17 144920 ----a-r- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2009-11-18 00:27 18789408 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-01-12 16:47 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= . R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656] R2 psqlCE;Pervasive PSQL Client Engine;c:\program files\Pervasive\bin\w3dbsmgr.exe [8/18/2008 6:00 PM 455968] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/16/2011 8:58 AM 105592] R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [7/16/2010 2:09 PM 627072] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/21/2011 12:44 PM 136176] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/16/2010 3:31 PM 1684736] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/11/2010 1:41 AM 39984] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/14/2007 7:48 PM 116416] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-07-18 22:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2011-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-21 16:44] . 2011-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-21 16:44] . 2011-07-01 c:\windows\Tasks\User_Feed_Synchronization-{EE69DEDA-D3FA-412D-8B11-E6167C7575C4}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = <local> IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html TCP: DhcpNameServer = 24.25.5.60 24.25.5.61 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-01 11:45 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(880) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(4040) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Symantec AntiVirus\Rtvscan.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe . ************************************************************************** . Completion time: 2011-07-01 11:49:37 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-01 15:49 ComboFix2.txt 2011-06-30 20:34 ComboFix3.txt 2011-06-30 16:26 ComboFix4.txt 2011-06-30 16:09 . Pre-Run: 302,180,958,208 bytes free Post-Run: 302,243,246,080 bytes free . - - End Of File - - ADE9CA8F0E289D633B1B7D05FE245408 All seems to be running well yet. Let me know what to do next. Thanks.
-
I tried again after last post and when I typed it this time it worked. Sorry for the confusion Here is the scan. Jotti's malware scan Filename: msgina32.dll Status: Scan finished. 10 out of 20 scanners reported malware. Scan taken on: Fri 1 Jul 2011 15:15:00 (CET) Permalink -------------------------------------------------------------------------------- Additional info File size: 172032 bytes Filetype: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit MD5: cd7b1057c4b095ecab3cce53391492a1 SHA1: fd74049e883ec2d91df2c7ca14816b204e736f46 Scanners 2011-07-01 Found nothing 2011-07-01 Gen:Variant.Kazy.27226 2011-07-01 Found nothing 2011-07-01 Gen:Variant.Kazy.27226 2011-07-01 Found nothing 2011-07-01 Gen.Variant.Kazy 2011-07-01 TR/Kazy.27226.7 2011-07-01 Found nothing 2011-07-01 Gen:Variant.Kazy.27226 2011-07-01 Win32/TrojanDownloader.Agent.PDY 2011-07-01 Found nothing 2011-07-01 Found nothing 2011-07-01 Troj.W32.Powp.gen 2011-07-01 Found nothing 2011-07-01 Found nothing 2011-07-01 Mal/Tracur-B 2011-07-01 Gen.Variant.Kazy!IK 2011-06-30 Found nothing 2011-06-30 Found nothing 2011-06-30 Trojan.Kazy!NNAxvS6o6o0
-
Results of scan. When I browsed for msgina32.dll all I could find was msgina.dll. Then I tried typing it in and got a message about file not found. Jotti's malware scan Filename: msgina.dll Status: Scan finished. 0 out of 20 scanners reported malware. Scan taken on: Fri 1 Jul 2011 14:42:16 (CET) Permalink -------------------------------------------------------------------------------- Additional info File size: 997376 bytes Filetype: PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit MD5: d7b7a57c0e57c836f18cf12a4c62a1ca SHA1: 4c0dcc93f51f2a30bb304e7f6219d523057fd4db Scanners 2011-07-01 Found nothing 2011-07-01 Found nothing 2011-07-01 Found nothing 2011-07-01 Found nothing 2011-07-01 Found nothing 2011-07-01 Found nothing 2011-07-01 Found nothing 2011-07-01 Found nothing 2011-07-01 Found nothing 2011-07-01 Found nothing 2011-07-01 Found nothing 2011-06-30 Found nothing 2011-07-01 Found nothing 2011-07-01 Found nothing 2011-07-01 Found nothing 2011-07-01 Found nothing 2011-07-01 Found nothing 2011-06-30 Found nothing 2011-06-30 Found nothing 2011-06-30 Found nothing --------------------------------------------------------------------------------
-
My internet seems to running ok for now. I just tried several random searches and all have worked. I will let you know if something changes. Should I run another malware scan or just let it be? Thank you so much for all your help!
-
Here is the ComboFix Log. ComboFix 11-06-30.03 - User 06/30/2011 16:26:57.6.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1158 [GMT -4:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . FILE :: "c:\documents and settings\User\qdnzpzncqn.tmp" "c:\windows\system32\atmlib32.exe" "c:\windows\system32\odbcbcp32.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\User\qdnzpzncqn.tmp c:\windows\system32\atmlib32.exe c:\windows\system32\odbcbcp32.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_EventSystem32 -------\Service_EventSystem32 . . ((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-30 ))))))))))))))))))))))))))))))) . . 2011-06-30 19:43 . 2011-01-17 14:50 333176 ----a-w- c:\windows\Listdlls.exe 2011-06-30 19:43 . 2011-05-17 16:48 423288 ----a-w- c:\windows\handle.exe 2011-06-24 14:55 . 2011-06-24 14:55 -------- d-----w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com 2011-06-24 14:55 . 2011-06-24 14:55 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-06-22 16:25 . 2011-06-22 16:25 172032 --sha-w- c:\windows\system32\msgina32.dll 2011-06-17 07:02 . 2011-06-17 07:02 -------- d-----w- c:\windows\SxsCaPendDel 2011-06-16 23:24 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2011-06-06 16:55 . 2011-06-06 16:55 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 13:11 . 2010-01-11 05:41 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11 . 2010-01-11 05:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-02 15:31 . 2010-01-11 04:10 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2004-08-04 12:00 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys . . ((((((((((((((((((((((((((((( SnapShot@2011-06-30_16.25.01 ))))))))))))))))))))))))))))))))))))))))) . + 2011-06-30 20:30 . 2011-06-30 20:30 16384 c:\windows\temp\Perflib_Perfdata_b8.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-10 2424192] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-14 125632] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Taskman"="" . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\msgina32.dll . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2009-11-18 00:26 64032 ----a-w- c:\windows\ALCMTR.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-06-01 15:21 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2009-10-26 20:17 173592 ----a-r- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2009-10-26 20:17 141848 ----a-r- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2007-07-18 22:55 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 20:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2009-10-26 20:17 144920 ----a-r- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2009-11-18 00:27 18789408 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-01-12 16:47 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= . R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656] R2 psqlCE;Pervasive PSQL Client Engine;c:\program files\Pervasive\bin\w3dbsmgr.exe [8/18/2008 6:00 PM 455968] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/16/2011 8:58 AM 105592] R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [7/16/2010 2:09 PM 627072] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/21/2011 12:44 PM 136176] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/16/2010 3:31 PM 1684736] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/11/2010 1:41 AM 39984] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/14/2007 7:48 PM 116416] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-07-18 22:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2011-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-21 16:44] . 2011-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-21 16:44] . 2011-06-30 c:\windows\Tasks\User_Feed_Synchronization-{EE69DEDA-D3FA-412D-8B11-E6167C7575C4}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = <local> IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html TCP: DhcpNameServer = 24.25.5.60 24.25.5.61 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-30 16:31 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(888) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(1220) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Symantec AntiVirus\Rtvscan.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe . ************************************************************************** . Completion time: 2011-06-30 16:34:01 - machine was rebooted ComboFix-quarantined-files.txt 2011-06-30 20:33 ComboFix2.txt 2011-06-30 16:26 ComboFix3.txt 2011-06-30 16:09 . Pre-Run: 302,310,928,384 bytes free Post-Run: 302,220,656,640 bytes free . - - End Of File - - F8CF9A56F64600D5AE99231DD6C7AAFC
-
I forgot to mention Maxhandle - found nothing so no report. Thanks again.
-
Here is the Rootkit Unhooker Log. RkU Version: 3.8.389.593, Type LE (SR2) ============================================== OS Name: Windows XP Version 5.1.2600 (Service Pack 3) Number of processors #2 ============================================== >Drivers ============================================== 0xB977D000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 6459392 bytes (Intel Corporation, Intel Graphics Miniport Driver) 0xA8C6C000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 6144000 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver) 0xBF36D000 C:\WINDOWS\System32\igxpdx32.DLL 3862528 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology) 0xBF05A000 C:\WINDOWS\System32\igxpdv32.DLL 3223552 bytes (Intel Corporation, Component GHAL Driver) 0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System) 0x804D7000 PnpManager 2154496 bytes 0x804D7000 RAW 2154496 bytes 0x804D7000 WMIxWDM 2154496 bytes 0xBF800000 Win32k 1859584 bytes 0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver) 0xA7199000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110627.004\navex15.sys 1536000 bytes (Symantec Corporation, AV Engine) 0xA896D000 C:\WINDOWS\system32\DRIVERS\WUSB54GCv3.sys 630784 bytes (Ralink Technology, Corp., Ralink 802.11 USB Wireless Adapter Driver) 0xB9E35000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver) 0xA86EF000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr) 0xA87AC000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 401408 bytes (Symantec Corporation, SPBBC Driver) 0xA8691000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver) 0xB95D2000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver) 0xA88B9000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver) 0xA8BC8000 C:\Program Files\Symantec AntiVirus\savrt.sys 360448 bytes (Symantec Corporation, AutoProtect) 0xA7B3D000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver) 0xBF71C000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver) 0xA7542000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack) 0xA887E000 C:\WINDOWS\System32\Drivers\SYMTDI.SYS 241664 bytes (Symantec Corporation, Network Dispatch Driver) 0xB970B000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 221184 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.) 0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 221184 bytes (Intel Corporation, Intel Graphics 2D Driver) 0xB9630000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector) 0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT) 0xA7DFD000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr) 0xB9E08000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver) 0xA5227000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer) 0xA875F000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver) 0xB9741000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a) 0xA8830000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver) 0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver) 0xA8858000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator) 0xA8627000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver) 0xA8C48000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0xB96E7000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver) 0xB96B0000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library) 0xA880E000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0xA878A000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS) 0xA8BA6000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 139264 bytes (Symantec Corporation, Symantec Event Library) 0x806E5000 ACPI_HAL 134400 bytes 0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0xB9EEB000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager) 0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver) 0xA8673000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 122880 bytes (Symantec Corporation, Symantec Eraser Utility Driver) 0xB9DEE000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver) 0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver) 0xA860F000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes 0xB9EC2000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface) 0xB9699000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption)) 0xA8032000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper) 0xA7185000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110627.004\naveng.sys 81920 bytes (Symantec Corporation, AV Engine) 0xB96D3000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver) 0xA8B92000 C:\Program Files\Symantec AntiVirus\Savrtpel.sys 81920 bytes (Symantec Corporation, SAVRTPEL) 0xB9769000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver) 0xA8912000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver) 0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver) 0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver) 0xB9ED9000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver) 0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator) 0xB9660000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler) 0xBA198000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver) 0xBA208000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver) 0xBA1D8000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver) 0xBA2B8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter) 0xBA218000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver) 0xA818F000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter) 0xBA128000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB) 0xBA0A8000 dvvfckb.sys 57344 bytes 0xBA0F8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll) 0xBA138000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver) 0xBA228000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver) 0xBA0D8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver) 0xBA248000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol) 0xBA178000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver) 0xBA1F8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver) 0xBA0C8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager) 0xBA238000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver) 0xBA0B8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver) 0xBA278000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy) 0xA78FB000 C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 40960 bytes (Symantec Corporation, Redirector Filter Driver) 0xBA268000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver) 0xA661A000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver) 0xBA0E8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver) 0xBA158000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library) 0xBA1C8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver) 0xBA258000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier) 0xBA168000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver) 0xBA148000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver) 0xBA468000 C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys 32768 bytes 0xBA408000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver) 0xBA410000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver) 0xBA3A0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver) 0xBA3E8000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library) 0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension) 0xBA3E0000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver) 0xBA3A8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver) 0xBA3B0000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver) 0xBA428000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS) 0xBA398000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver) 0xBA3F0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver) 0xBA400000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver) 0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager) 0xBA430000 C:\WINDOWS\system32\Drivers\PROCEXP141.SYS 20480 bytes 0xBA3C0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library) 0xBA3C8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver) 0xBA3B8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper) 0xBA440000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver) 0xB956C000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver) 0xBA570000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver) 0xA84F7000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver) 0xBA548000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator) 0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver) 0xA8C20000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver) 0xB9570000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices) 0xB9568000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver) 0xBA554000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver) 0xB9584000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver) 0xBA550000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI) 0xBA5D0000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver) 0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver) 0xBA5F4000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes 0xBA5CA000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver) 0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL) 0xBA5D2000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator) 0xBA646000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver) 0xBA5DC000 C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 8192 bytes 0xBA5D4000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport) 0xBA5B6000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator) 0xBA5C2000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver) 0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll) 0xBA7AF000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver) 0xBA705000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk) 0xBA6FA000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver) 0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver) ============================================== >Stealth ============================================== ============================================== >Files ============================================== !-->[Hidden] C:\Qoobox\BackEnv\AppData.folder.dat !-->[Hidden] C:\Qoobox\BackEnv\Cache.folder.dat !-->[Hidden] C:\Qoobox\BackEnv\Cookies.folder.dat !-->[Hidden] C:\Qoobox\BackEnv\Desktop.folder.dat !-->[Hidden] C:\Qoobox\BackEnv\Favorites.folder.dat !-->[Hidden] C:\Qoobox\BackEnv\History.folder.dat !-->[Hidden] C:\Qoobox\BackEnv\LocalAppData.folder.dat !-->[Hidden] C:\Qoobox\BackEnv\LocalSettings.folder.dat !-->[Hidden] C:\Qoobox\BackEnv\Music.folder.dat !-->[Hidden] C:\Qoobox\BackEnv\NetHood.folder.dat !-->[Hidden] C:\Qoobox\BackEnv\Personal.folder.dat !-->[Hidden] C:\Qoobox\BackEnv\Pictures.folder.dat !-->[Hidden] C:\Qoobox\BackEnv\PrintHood.folder.dat !-->[Hidden] C:\Qoobox\BackEnv\Profiles.Folder.dat !-->[Hidden] C:\Qoobox\BackEnv\Profiles.Folder.folder.dat !-->[Hidden] C:\Qoobox\BackEnv\Programs.folder.dat !-->[Hidden] C:\Qoobox\BackEnv\Recent.folder.dat !-->[Hidden] C:\Qoobox\BackEnv\SendTo.folder.dat !-->[Hidden] C:\Qoobox\BackEnv\SetPath.bat !-->[Hidden] C:\Qoobox\BackEnv\StartMenu.folder.dat !-->[Hidden] C:\Qoobox\BackEnv\StartUp.folder.dat !-->[Hidden] C:\Qoobox\BackEnv\SysPath.dat !-->[Hidden] C:\Qoobox\BackEnv\Templates.folder.dat !-->[Hidden] C:\Qoobox\BackEnv\VikPev00 ============================================== >Hooks ============================================== ntkrnlpa.exe+0x0002D5EC, Type: Inline - RelativeJump 0x805045EC-->805045C4 [ntkrnlpa.exe] ntkrnlpa.exe+0x0002D648, Type: Inline - RelativeJump 0x80504648-->805045DA [ntkrnlpa.exe] ntkrnlpa.exe+0x0002D684, Type: Inline - RelativeJump 0x80504684-->80504615 [ntkrnlpa.exe] ntkrnlpa.exe+0x0002D8AE, Type: Inline - RelativeJump 0x805048AE-->8050483E [ntkrnlpa.exe] ntkrnlpa.exe+0x0006ECEE, Type: Inline - RelativeJump 0x80545CEE-->80545CF5 [ntkrnlpa.exe] ntkrnlpa.exe-->IofCallDriver, Type: Address change 0x80555780-->BA46AF84 [catchme.sys] [3872]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->5CB77774 [shimeng.dll] [3872]explorer.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A81188-->5CB77774 [shimeng.dll] [3872]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->5CB77774 [shimeng.dll] [3872]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->5CB77774 [shimeng.dll] [3872]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->5CB77774 [shimeng.dll] [3872]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->5CB77774 [shimeng.dll] [3872]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->5CB77774 [shimeng.dll] [3872]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->5CB77774 [shimeng.dll]
-
Here is odbcbcp32.exe Jotti's malware scan Filename: odbcbcp32.exe Status: Scan finished. 11 out of 20 scanners reported malware. Scan taken on: Thu 30 Jun 2011 21:40:20 (CET) Permalink -------------------------------------------------------------------------------- Additional info File size: 561664 bytes Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit MD5: 828be8200fe04e1591dc3a47ecb0c726 SHA1: cb6b0158a935a2280490605027f31438ed3d8b5a Scanners 2011-06-30 Found nothing 2011-06-30 Trojan.Generic.KDV.269070 2011-06-30 Win32:Downloader-IDG 2011-06-30 Trojan.Generic.KDV.269070 2011-06-30 SHeur3.CGBE 2011-06-30 Trojan.Win32.SuspectCRC 2011-06-30 TR/Dldr.Tracur.X.12 2011-06-30 Trojan.Win32.Menti.gymg 2011-06-30 Trojan.Generic.KDV.269070 2011-06-30 Found nothing 2011-06-30 Found nothing 2011-06-30 Generic 2011-06-30 Found nothing 2011-06-30 Found nothing 2011-06-30 Found nothing 2011-06-30 Mal/Tracur-B 2011-06-30 Trojan.Win32.SuspectCRC!IK 2011-06-29 Found nothing 2011-06-30 Found nothing 2011-06-30 Found nothing
-
Here is the atmlib32.exe scan. First it said this file has been scanned before and gave a 06/22 date with nothing found. I choose to scan again and this is what came up. Not sure how it was scanned before as I've never been to this website. atmlib32.exe Status: Scan finished. 10 out of 20 scanners reported malware. Scan taken on: Thu 30 Jun 2011 21:35:22 (CET) Permalink -------------------------------------------------------------------------------- Additional info File size: 561664 bytes Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit MD5: 828be8200fe04e1591dc3a47ecb0c726 SHA1: cb6b0158a935a2280490605027f31438ed3d8b5a Scanners 2011-06-30 Found nothing 2011-06-30 Trojan.Generic.KDV.269070 2011-06-30 Win32:Downloader-IDG 2011-06-30 Trojan.Generic.KDV.269070 2011-06-30 SHeur3.CGBE 2011-06-30 Trojan.Win32.SuspectCRC 2011-06-30 TR/Dldr.Tracur.X.12 2011-06-30 Trojan.Win32.Menti.gymg 2011-06-30 Trojan.Generic.KDV.269070 2011-06-30 Found nothing 2011-06-30 Found nothing 2011-06-30 Found nothing 2011-06-30 Found nothing 2011-06-30 Found nothing 2011-06-30 Found nothing 2011-06-30 Mal/Tracur-B 2011-06-30 Trojan.Win32.SuspectCRC!IK 2011-06-29 Found nothing 2011-06-30 Found nothing 2011-06-30 Found nothing --------------------------------------------------------------------------------
-
How do I get a report for you from the scan I did. This is highlighting the screen, selecting it, copying it, etc. Let know if should do something different. Filename: msvcr80.dll Status: Scan finished. 0 out of 20 scanners reported malware. Scan taken on: Thu 30 Jun 2011 21:29:38 (CET) Permalink -------------------------------------------------------------------------------- Additional info File size: 632656 bytes Filetype: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit MD5: c9564cf4976e7e96b4052737aa2492b4 SHA1: 43851fe4644c0a1eb31fe80f427777f1f0015efa Scanners 2011-06-30 Found nothing 2011-06-30 Found nothing 2011-06-30 Found nothing 2011-06-30 Found nothing 2011-06-30 Found nothing 2011-06-30 Found nothing 2011-06-30 Found nothing 2011-06-30 Found nothing 2011-06-30 Found nothing 2011-06-30 Found nothing 2011-06-30 Found nothing 2011-06-30 Found nothing 2011-06-30 Found nothing 2011-06-30 Found nothing 2011-06-30 Found nothing 2011-06-30 Found nothing 2011-06-30 Found nothing 2011-06-29 Found nothing 2011-06-30 Found nothing 2011-06-30 Found nothing
-
Still not fixed. I tried to get on the internet and do some random searches. The first time it worked and after that it started taking me to random pages again. I did get a message when I started internet explorer that said something about internet explorer not being the default. Not sure if that is important or not. Let me know what you would like me to do next. Thanks again.
-
Here is the ComboFix.txt ComboFix 11-06-30.02 - User 06/30/2011 12:22:59.5.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1313 [GMT -4:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . . ((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-30 ))))))))))))))))))))))))))))))) . . 2011-06-24 14:55 . 2011-06-24 14:55 -------- d-----w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com 2011-06-24 14:55 . 2011-06-24 14:55 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-06-23 17:23 . 2011-06-23 17:23 0 ---ha-w- c:\documents and settings\User\qdnzpzncqn.tmp 2011-06-22 16:25 . 2011-06-22 16:25 172032 --sha-w- c:\windows\system32\msgina32.dll 2011-06-22 15:52 . 2011-06-22 15:52 561664 ----a-w- c:\windows\system32\atmlib32.exe 2011-06-22 15:52 . 2011-06-22 15:52 561664 ----a-w- c:\windows\system32\odbcbcp32.exe 2011-06-17 07:02 . 2011-06-17 07:02 -------- d-----w- c:\windows\SxsCaPendDel 2011-06-16 23:24 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2011-06-06 16:55 . 2011-06-06 16:55 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 13:11 . 2010-01-11 05:41 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11 . 2010-01-11 05:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-02 15:31 . 2010-01-11 04:10 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2004-08-04 12:00 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-10 2424192] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-14 125632] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\msgina32.dll . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2009-11-18 00:26 64032 ----a-w- c:\windows\ALCMTR.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-06-01 15:21 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2009-10-26 20:17 173592 ----a-r- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2009-10-26 20:17 141848 ----a-r- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2007-07-18 22:55 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 20:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2009-10-26 20:17 144920 ----a-r- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2009-11-18 00:27 18789408 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-01-12 16:47 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\WINDOWS\\system32\\odbcbcp32.exe"= . R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656] R2 EventSystem32;COM+ Event System ;c:\windows\system32\odbcbcp32.exe [6/22/2011 11:52 AM 561664] R2 psqlCE;Pervasive PSQL Client Engine;c:\program files\Pervasive\bin\w3dbsmgr.exe [8/18/2008 6:00 PM 455968] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/16/2011 8:58 AM 105592] R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [7/16/2010 2:09 PM 627072] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/21/2011 12:44 PM 136176] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/16/2010 3:31 PM 1684736] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/11/2010 1:41 AM 39984] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/14/2007 7:48 PM 116416] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-07-18 22:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2011-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-21 16:44] . 2011-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-21 16:44] . 2011-06-30 c:\windows\Tasks\User_Feed_Synchronization-{EE69DEDA-D3FA-412D-8B11-E6167C7575C4}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = <local> IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html TCP: DhcpNameServer = 24.25.5.60 24.25.5.61 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-30 12:24 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Pervasive Software\PSQL] @Denied: ) (Everyone) @="" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(880) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(3872) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-06-30 12:26:06 ComboFix-quarantined-files.txt 2011-06-30 16:26 ComboFix2.txt 2011-06-30 16:09 . Pre-Run: 302,355,841,024 bytes free Post-Run: 302,348,832,768 bytes free . - - End Of File - - 28FFEDDDDE16628B8A674FC30C60C22F I will let you know shortly if it fixed the problem.
-
I thought maybe everything was fine. Unfortunately after about 15 minutes online my internet started acting up. When I try to search for something it directs me to unrelated. I've run another Malware scan. Here are the results. Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6985 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/30/2011 10:11:25 AM mbam-log-2011-06-30 (10-11-25).txt Scan type: Quick scan Objects scanned: 162446 Time elapsed: 4 minute(s), 39 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\localservice\application data\02000000f8d8920f1349c.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\documents and settings\localservice\application data\02000000f8d8920f1349o.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\documents and settings\localservice\application data\02000000f8d8920f1349p.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\documents and settings\localservice\application data\02000000f8d8920f1349s.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\02000000f8d8920f1349c.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\02000000f8d8920f1349o.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\02000000f8d8920f1349p.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\02000000f8d8920f1349s.manifest (Malware.Trace) -> Quarantined and deleted successfully. Once I restart my computer and do the scan again the top four disappear, however the bottom four are still present. It also seems that my internet works properly for awhile again too. I really appreciate you looking into this for me. I will wait to hear from you. THANKS MUCH!!
-
Here is the DDS log DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by User at 8:59:40 on 2011-06-30 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1205 [GMT -4:00] . AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\odbcbcp32.exe C:\WINDOWS\system32\atmlib32.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Pervasive\bin\w3dbsmgr.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = <local> BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [vptray] c:\progra~1\symant~1\VPTray.exe mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263184171312 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 24.25.5.60 24.25.5.61 TCP: Interfaces\{C3164BF2-C668-4605-AE1F-8540F2425687} : DhcpNameServer = 24.25.5.60 24.25.5.61 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll AppInit_DLLs: c:\windows\system32\msgina32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ============= SERVICES / DRIVERS =============== . R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592] R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-11-21 192104] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-11-21 169576] R2 EventSystem32;COM+ Event System ;c:\windows\system32\odbcbcp32.exe [2011-6-22 561664] R2 psqlCE;Pervasive PSQL Client Engine;c:\program files\pervasive\bin\w3dbsmgr.exe [2008-8-18 455968] R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-3-14 1816768] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-16 105592] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110627.004\naveng.sys [2011-6-28 86008] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110627.004\navex15.sys [2011-6-28 1542392] R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [2010-7-16 627072] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-21 136176] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-7-16 1684736] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-1-11 39984] S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-3-14 116416] . =============== Created Last 30 ================ . 2011-06-27 15:31:15 -------- d-sha-r- C:\cmdcons 2011-06-27 15:29:38 98816 ----a-w- c:\windows\sed.exe 2011-06-27 15:29:38 518144 ----a-w- c:\windows\SWREG.exe 2011-06-27 15:29:38 256512 ----a-w- c:\windows\PEV.exe 2011-06-27 15:29:38 208896 ----a-w- c:\windows\MBR.exe 2011-06-24 14:55:22 -------- d-----w- c:\documents and settings\user\application data\SUPERAntiSpyware.com 2011-06-24 14:55:16 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-06-23 17:23:10 0 ---ha-w- c:\documents and settings\user\qdnzpzncqn.tmp 2011-06-22 16:25:36 172032 --sha-w- c:\windows\system32\msgina32.dll 2011-06-22 15:52:47 561664 ----a-w- c:\windows\system32\atmlib32.exe 2011-06-22 15:52:45 561664 ----a-w- c:\windows\system32\odbcbcp32.exe 2011-06-17 07:02:15 -------- d-----w- c:\windows\SxsCaPendDel 2011-06-16 23:24:11 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2011-06-06 16:55:30 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll . ==================== Find3M ==================== . 2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys . ============= FINISH: 9:00:33.23 =============== Here is the TDSSKiller Log 2011/06/30 09:36:36.0593 3272 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16 2011/06/30 09:36:37.0015 3272 ================================================================================ 2011/06/30 09:36:37.0015 3272 SystemInfo: 2011/06/30 09:36:37.0015 3272 2011/06/30 09:36:37.0015 3272 OS Version: 5.1.2600 ServicePack: 3.0 2011/06/30 09:36:37.0015 3272 Product type: Workstation 2011/06/30 09:36:37.0015 3272 ComputerName: QUALITYROOF3 2011/06/30 09:36:37.0015 3272 UserName: User 2011/06/30 09:36:37.0015 3272 Windows directory: C:\WINDOWS 2011/06/30 09:36:37.0015 3272 System windows directory: C:\WINDOWS 2011/06/30 09:36:37.0015 3272 Processor architecture: Intel x86 2011/06/30 09:36:37.0015 3272 Number of processors: 2 2011/06/30 09:36:37.0015 3272 Page size: 0x1000 2011/06/30 09:36:37.0015 3272 Boot type: Normal boot 2011/06/30 09:36:37.0015 3272 ================================================================================ 2011/06/30 09:36:38.0125 3272 Initialize success 2011/06/30 09:36:52.0468 2844 ================================================================================ 2011/06/30 09:36:52.0468 2844 Scan started 2011/06/30 09:36:52.0468 2844 Mode: Manual; 2011/06/30 09:36:52.0468 2844 ================================================================================ 2011/06/30 09:36:52.0953 2844 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/06/30 09:36:52.0984 2844 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/06/30 09:36:53.0031 2844 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/06/30 09:36:53.0078 2844 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 2011/06/30 09:36:53.0203 2844 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys 2011/06/30 09:36:53.0296 2844 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/06/30 09:36:53.0312 2844 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/06/30 09:36:53.0375 2844 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/06/30 09:36:53.0421 2844 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/06/30 09:36:53.0437 2844 b57w2k (c0ded802ac884cdd13dc626d70c72d98) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 2011/06/30 09:36:53.0500 2844 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/06/30 09:36:53.0656 2844 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/06/30 09:36:53.0687 2844 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/06/30 09:36:53.0750 2844 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/06/30 09:36:53.0781 2844 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/06/30 09:36:53.0859 2844 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/06/30 09:36:53.0906 2844 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/06/30 09:36:53.0921 2844 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/06/30 09:36:53.0937 2844 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/06/30 09:36:53.0968 2844 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/06/30 09:36:54.0000 2844 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/06/30 09:36:54.0062 2844 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/06/30 09:36:54.0187 2844 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 2011/06/30 09:36:54.0218 2844 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 2011/06/30 09:36:54.0234 2844 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/06/30 09:36:54.0265 2844 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/06/30 09:36:54.0281 2844 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/06/30 09:36:54.0312 2844 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/06/30 09:36:54.0359 2844 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/06/30 09:36:54.0421 2844 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/06/30 09:36:54.0453 2844 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/06/30 09:36:54.0500 2844 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/06/30 09:36:54.0515 2844 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/06/30 09:36:54.0531 2844 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/06/30 09:36:54.0593 2844 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/06/30 09:36:54.0625 2844 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/06/30 09:36:54.0781 2844 ialm (96f0e87376bc8cca259eaa7f3259f244) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 2011/06/30 09:36:54.0828 2844 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/06/30 09:36:54.0968 2844 IntcAzAudAddService (20946e2db7709120b961bcefd4737c53) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/06/30 09:36:55.0046 2844 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/06/30 09:36:55.0078 2844 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/06/30 09:36:55.0125 2844 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/06/30 09:36:55.0171 2844 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/06/30 09:36:55.0187 2844 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/06/30 09:36:55.0218 2844 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/06/30 09:36:55.0234 2844 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/06/30 09:36:55.0281 2844 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/06/30 09:36:55.0312 2844 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/06/30 09:36:55.0312 2844 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/06/30 09:36:55.0343 2844 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/06/30 09:36:55.0375 2844 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/06/30 09:36:55.0453 2844 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2011/06/30 09:36:55.0468 2844 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/06/30 09:36:55.0515 2844 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/06/30 09:36:55.0562 2844 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys 2011/06/30 09:36:55.0593 2844 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/06/30 09:36:55.0609 2844 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/06/30 09:36:55.0640 2844 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/06/30 09:36:55.0656 2844 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/06/30 09:36:55.0718 2844 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/06/30 09:36:55.0734 2844 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/06/30 09:36:55.0765 2844 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/06/30 09:36:55.0781 2844 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/06/30 09:36:55.0796 2844 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/06/30 09:36:55.0828 2844 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/06/30 09:36:55.0875 2844 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2011/06/30 09:36:55.0906 2844 NAL (cbbbbcace1abda7336410df4ab3c74d7) C:\WINDOWS\system32\Drivers\iqvw32.sys 2011/06/30 09:36:56.0046 2844 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110627.004\naveng.sys 2011/06/30 09:36:56.0093 2844 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110627.004\navex15.sys 2011/06/30 09:36:56.0156 2844 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/06/30 09:36:56.0171 2844 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/06/30 09:36:56.0218 2844 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/06/30 09:36:56.0234 2844 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/06/30 09:36:56.0281 2844 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/06/30 09:36:56.0296 2844 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/06/30 09:36:56.0359 2844 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/06/30 09:36:56.0390 2844 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/06/30 09:36:56.0437 2844 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/06/30 09:36:56.0515 2844 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/06/30 09:36:56.0546 2844 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/06/30 09:36:56.0578 2844 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/06/30 09:36:56.0609 2844 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/06/30 09:36:56.0640 2844 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/06/30 09:36:56.0671 2844 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/06/30 09:36:56.0687 2844 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/06/30 09:36:56.0718 2844 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/06/30 09:36:56.0750 2844 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/06/30 09:36:56.0859 2844 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/06/30 09:36:56.0875 2844 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/06/30 09:36:56.0906 2844 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/06/30 09:36:56.0984 2844 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/06/30 09:36:57.0000 2844 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/06/30 09:36:57.0031 2844 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/06/30 09:36:57.0046 2844 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/06/30 09:36:57.0062 2844 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/06/30 09:36:57.0093 2844 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/06/30 09:36:57.0109 2844 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/06/30 09:36:57.0156 2844 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/06/30 09:36:57.0171 2844 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/06/30 09:36:57.0265 2844 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 2011/06/30 09:36:57.0296 2844 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 2011/06/30 09:36:57.0343 2844 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys 2011/06/30 09:36:57.0375 2844 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys 2011/06/30 09:36:57.0421 2844 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/06/30 09:36:57.0484 2844 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/06/30 09:36:57.0515 2844 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/06/30 09:36:57.0562 2844 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/06/30 09:36:57.0687 2844 SPBBCDrv (ef9760a364d836a0ce6149ebdf71524d) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 2011/06/30 09:36:57.0734 2844 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/06/30 09:36:57.0781 2844 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/06/30 09:36:57.0812 2844 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/06/30 09:36:57.0843 2844 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/06/30 09:36:57.0859 2844 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/06/30 09:36:57.0906 2844 SymEvent (49b20b430a4f219173f823536944474a) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 2011/06/30 09:36:57.0968 2844 SYMREDRV (626f733be7f951116c5c0804b068666c) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 2011/06/30 09:36:58.0015 2844 SYMTDI (cb7cc4ddbe09e224d4cd876760ba982c) C:\WINDOWS\System32\Drivers\SYMTDI.SYS 2011/06/30 09:36:58.0078 2844 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/06/30 09:36:58.0125 2844 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/06/30 09:36:58.0171 2844 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/06/30 09:36:58.0218 2844 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/06/30 09:36:58.0234 2844 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/06/30 09:36:58.0281 2844 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/06/30 09:36:58.0328 2844 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/06/30 09:36:58.0359 2844 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/06/30 09:36:58.0390 2844 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/06/30 09:36:58.0406 2844 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/06/30 09:36:58.0421 2844 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/06/30 09:36:58.0437 2844 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/06/30 09:36:58.0468 2844 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/06/30 09:36:58.0531 2844 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/06/30 09:36:58.0562 2844 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/06/30 09:36:58.0625 2844 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/06/30 09:36:58.0687 2844 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2011/06/30 09:36:58.0734 2844 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/06/30 09:36:58.0765 2844 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/06/30 09:36:58.0828 2844 WUSB54GCv3 (326c012c7fe573829871fe9c9e41cf9b) C:\WINDOWS\system32\DRIVERS\WUSB54GCv3.sys 2011/06/30 09:36:58.0875 2844 WUSB54GPV4SRV (70aeec67e87a2002e6b2cc353d56e222) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys 2011/06/30 09:36:58.0921 2844 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 2011/06/30 09:36:59.0046 2844 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2 2011/06/30 09:36:59.0046 2844 Boot (0x1200) (076105164e0e5848ba056b37652ef7d2) \Device\Harddisk0\DR0\Partition0 2011/06/30 09:36:59.0046 2844 Boot (0x1200) (eb225ab87455ad5b7d6d17ab2ef5d6cf) \Device\Harddisk1\DR2\Partition0 2011/06/30 09:36:59.0062 2844 ================================================================================ 2011/06/30 09:36:59.0062 2844 Scan finished 2011/06/30 09:36:59.0062 2844 ================================================================================ 2011/06/30 09:36:59.0062 0700 Detected object count: 0 2011/06/30 09:36:59.0062 0700 Actual detected object count: 0 Here is the Security Check Checkup Results of screen317's Security Check version 0.99.17 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Symantec AntiVirus Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 12 Out of date Java installed! Adobe Flash Player Adobe Reader X (10.1.0) ```````````````````````````````` Process Check: objlist.exe by Laurent Symantec AntiVirus DefWatch.exe Symantec AntiVirus Rtvscan.exe ``````````End of Log```````````` Please let me know if you want me to attach any of these files.
-
Hi, I've been running Malwarebytes for the past day or two but it doesn't seem to remove the malware trace even though it says it does. My internet sometimes work properly when searching for the correct page. However most of the time it pulls up random unrelated pages. I've included the latest quick scan log. Any suggestions would be appreciated. Thanks. Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6967 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/28/2011 9:24:07 AM mbam-log-2011-06-28 (09-24-07).txt Scan type: Quick scan Objects scanned: 159576 Time elapsed: 1 minute(s), 35 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\system32\02000000f8d8920f1349c.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\02000000f8d8920f1349o.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\02000000f8d8920f1349p.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\02000000f8d8920f1349s.manifest (Malware.Trace) -> Quarantined and deleted successfully.