hcethatsme

Honorary Members

View Profile See their activity

Posts
28
Joined
February 7, 2009
Last visited
February 18, 2011

Reputation

0 Neutral

Aftermath of Antispyware Soft - still some kind of infection

hcethatsme replied to hcethatsme's topic in Resolved Malware Removal Logs

Hooray, hooray, hooray! Windows Repair worked fine and everything is clean now. Thanks a million, Borislav! Donation on the way. Hilary
- June 24, 2010
- 29 replies
Aftermath of Antispyware Soft - still some kind of infection

hcethatsme replied to hcethatsme's topic in Resolved Malware Removal Logs

Borislav, thanks again for your help, but don't take any more time on this just yet. I need to get this computer back, so I'm going to try a Windows reinstall. I'll let you know how it goes. Hilary
- June 24, 2010
- 29 replies
Aftermath of Antispyware Soft - still some kind of infection

hcethatsme replied to hcethatsme's topic in Resolved Malware Removal Logs

I don't know if this is helpful, but I turned on bootlogging. In the ntbtlog.txt are entries with double exclamation points: SUPERAntiSpyware\SASKUTIL.sys, SASDIFV.SYS, SASENUM.SYS and also PFModNT.sys in root\sys32. As I understand it, that means there are empty start-up entries for those drivers? I wonder if SAS is causing a problem and I should uninstall it?
- June 23, 2010
- 29 replies
Aftermath of Antispyware Soft - still some kind of infection

hcethatsme replied to hcethatsme's topic in Resolved Malware Removal Logs

GMER log is below. It seems awfully short! I would try the complete TCP/IP uninstall/reinstall, but the fact that the print spooler is still broken too, and that the Windows Firewall turns on sometimes, then off (or could it show turned on w/o the service running?), is confusing. Whole thing is bizarre. Thanks so much for your time, Borislav. Any next steps you can think of? GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-06-23 10:14:30 Windows 5.1.2600 Service Pack 3 Running: roekffjq.exe; Driver: C:\DOCUME~1\SUSQUE~1\LOCALS~1\Temp\kwtdypow.sys ---- System - GMER 1.0.15 ---- SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB6D910B0] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe[1824] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 00510D8D C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe (Icon in the taskbar notification area (F-PROT Antivirus)/FRISK Software International) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs FStopW.sys (FPAV - RealTime Protector/FRISK Software International) AttachedDevice \FileSystem\Fastfat \Fat FStopW.sys (FPAV - RealTime Protector/FRISK Software International) ---- EOF - GMER 1.0.15 ----
- June 23, 2010
- 29 replies
Aftermath of Antispyware Soft - still some kind of infection

hcethatsme replied to hcethatsme's topic in Resolved Malware Removal Logs

Hi Borislav, Just wanted to let you know that GMER is still running, so I'll be posting the log tomorrow. Thanks so much! Hilary
- June 22, 2010
- 29 replies
Aftermath of Antispyware Soft - still some kind of infection

hcethatsme replied to hcethatsme's topic in Resolved Malware Removal Logs

OK, ran SFC, but no joy... This computer: http://www.techsupportforum.com/security-c...-now-clean.html seems to have had a similar problem which was resolved, but I don't know if any of it is relevant to this situation.
- June 21, 2010
- 29 replies
Aftermath of Antispyware Soft - still some kind of infection

hcethatsme replied to hcethatsme's topic in Resolved Malware Removal Logs

I ran it, but got some errors (see log file below at the top, then starting with iesetup.dll). Are they issues with IE8? I think there is still an active infection though--unless something is making it unstable??? After running Dial-a-Fix I rebooted. The Windows Firewall turned on. I went into Security Center to double-check, and yes, it was showing green ON. About 1 minute later, it turned off. Now service can't be started, and Spooler SubSystem App error comes back after starting the print spooler. BTW, I don't know if I made this clear: this computer hasn't been connected to anything this whole time. Ethernet unplugged and I transfer the files needed with a flash drive. Thanks again so much for your time, Borislav! 2:08:20 PM | Dial-a-fix was unable to determine your version of Internet Explorer Notes about this log: 1) "->" denotes an external command being executed, and "-> (number)" indicates the return code from the previous command 2) Not all external command return codes are accurate, or useful 3) Sometimes commands return 0 (no error) even when they fail or crash 4) If an error occurs while registering an object, please send an email to: dial-a-fix@DjLizard.net and include a copy of this log DAF version: v0.60.0.24 --- System info --- OS: Microsoft Windows XP Service Pack 3 IE version: 8.0.6001.18702 MPC: 55274-OEM CPU: Intel® Pentium® 4 CPU 2.66GHz (~2660MHz) BIOS: 1/27/2003 Memory (approx): 2047MB Uptime: 1 hour(s) Current directory: C:\Documents and Settings\Susquehanna Branch\Desktop\Dial-a-fix-v0.60.0.24 --- 6/21/2010 2:08:20 PM -- Dial-a-fix : [v0.60.0.24] -- started 2:08:20 PM | Policy scan started 2:08:20 PM | Policy scan ended - no restrictive policies were found --- MSI --- 2:08:52 PM | Registered: C:\WINDOWS\system32\msi.dll --- Windows Update --- --- Registration: Windows Update/Automatic Update DLLs --- 2:09:00 PM | Unregistered: C:\WINDOWS\system32\msxml.dll 2:09:00 PM | Registered: C:\WINDOWS\system32\msxml.dll 2:09:00 PM | Unregistered: C:\WINDOWS\system32\msxml2.dll 2:09:01 PM | Registered: C:\WINDOWS\system32\msxml2.dll 2:09:05 PM | Unregistered: C:\WINDOWS\system32\msxml3.dll 2:09:06 PM | Registered: C:\WINDOWS\system32\msxml3.dll 2:09:06 PM | Unregistered: C:\WINDOWS\system32\msxml4.dll 2:09:06 PM | Registered: C:\WINDOWS\system32\msxml4.dll 2:09:06 PM | Unregistered: C:\WINDOWS\system32\qmgr.dll 2:09:06 PM | Registered: C:\WINDOWS\system32\qmgr.dll 2:09:06 PM | Unregistered: C:\WINDOWS\system32\qmgrprxy.dll 2:09:06 PM | Registered: C:\WINDOWS\system32\qmgrprxy.dll 2:09:06 PM | Unregistered: C:\WINDOWS\system32\muweb.dll 2:09:06 PM | Registered: C:\WINDOWS\system32\muweb.dll 2:09:06 PM | Unregistered: C:\WINDOWS\system32\winhttp.dll 2:09:06 PM | Registered: C:\WINDOWS\system32\winhttp.dll 2:09:07 PM | Registered: C:\WINDOWS\system32\wuapi.dll 2:09:07 PM | Unregistered: C:\WINDOWS\system32\wuaueng.dll 2:09:08 PM | Registered: C:\WINDOWS\system32\wuaueng.dll 2:09:08 PM | Unregistered: C:\WINDOWS\system32\wuaueng1.dll 2:09:08 PM | Registered: C:\WINDOWS\system32\wuaueng1.dll 2:09:08 PM | Unregistered: C:\WINDOWS\system32\wucltui.dll 2:09:08 PM | Registered: C:\WINDOWS\system32\wucltui.dll 2:09:08 PM | Unregistered: C:\WINDOWS\system32\wups.dll 2:09:08 PM | Registered: C:\WINDOWS\system32\wups.dll 2:09:08 PM | Unregistered: C:\WINDOWS\system32\wups2.dll 2:09:08 PM | Registered: C:\WINDOWS\system32\wups2.dll 2:09:08 PM | Unregistered: C:\WINDOWS\system32\wuweb.dll 2:09:08 PM | Registered: C:\WINDOWS\system32\wuweb.dll 2:09:08 PM | Registered: C:\WINDOWS\system32\ole32.dll --- SSL/HTTPS/Cryptography --- 2:09:20 PM | Executed 'cmd.exe /c rmdir /q /s C:\WINDOWS\system32\Catroot2' --- Registration: SSL/HTTPS/Cryptography --- 2:09:24 PM | Unregistered: C:\WINDOWS\system32\cryptdlg.dll 2:09:24 PM | Registered: C:\WINDOWS\system32\cryptdlg.dll 2:09:25 PM | Unregistered: C:\WINDOWS\system32\cryptui.dll 2:09:25 PM | Registered: C:\WINDOWS\system32\cryptui.dll 2:09:25 PM | Unregistered: C:\WINDOWS\system32\cryptext.dll 2:09:25 PM | Registered: C:\WINDOWS\system32\cryptext.dll 2:09:25 PM | Unregistered: C:\WINDOWS\system32\dssenh.dll 2:09:25 PM | Registered: C:\WINDOWS\system32\dssenh.dll 2:09:25 PM | Unregistered: C:\WINDOWS\system32\gpkcsp.dll 2:09:25 PM | Registered: C:\WINDOWS\system32\gpkcsp.dll 2:09:25 PM | Unregistered: C:\WINDOWS\system32\initpki.dll 2:10:18 PM | Registered: C:\WINDOWS\system32\initpki.dll 2:10:18 PM | Unregistered: C:\WINDOWS\system32\licdll.dll 2:10:18 PM | Registered: C:\WINDOWS\system32\licdll.dll 2:10:18 PM | Unregistered: C:\WINDOWS\system32\mssign32.dll 2:10:18 PM | Registered: C:\WINDOWS\system32\mssign32.dll 2:10:18 PM | Unregistered: C:\WINDOWS\system32\mssip32.dll 2:10:19 PM | Registered: C:\WINDOWS\system32\mssip32.dll 2:10:19 PM | Unregistered: C:\WINDOWS\system32\scardssp.dll 2:10:19 PM | Registered: C:\WINDOWS\system32\scardssp.dll 2:10:20 PM | Unregistered: C:\WINDOWS\system32\sccbase.dll 2:10:20 PM | Registered: C:\WINDOWS\system32\sccbase.dll 2:10:20 PM | Unregistered: C:\WINDOWS\system32\scecli.dll 2:10:20 PM | Registered: C:\WINDOWS\system32\scecli.dll 2:10:20 PM | Unregistered: C:\WINDOWS\system32\softpub.dll 2:10:20 PM | Registered: C:\WINDOWS\system32\softpub.dll 2:10:20 PM | Unregistered: C:\WINDOWS\system32\slbcsp.dll 2:10:20 PM | Registered: C:\WINDOWS\system32\slbcsp.dll 2:10:21 PM | Unregistered: C:\WINDOWS\system32\regwizc.dll 2:10:21 PM | Registered: C:\WINDOWS\system32\regwizc.dll 2:10:21 PM | Unregistered: C:\WINDOWS\system32\rsaenh.dll 2:10:21 PM | Registered: C:\WINDOWS\system32\rsaenh.dll 2:10:21 PM | Unregistered: C:\WINDOWS\system32\winhttp.dll 2:10:21 PM | Registered: C:\WINDOWS\system32\winhttp.dll 2:10:21 PM | Unregistered: C:\WINDOWS\system32\wintrust.dll 2:10:21 PM | Registered: C:\WINDOWS\system32\wintrust.dll --- Registration: ActiveX controls/codecs --- 2:10:22 PM | Registered: C:\WINDOWS\system32\acelpdec.ax 2:10:22 PM | Registered: C:\WINDOWS\system32\actxprxy.dll 2:10:22 PM | Registered: C:\WINDOWS\system32\asctrls.ocx 2:10:22 PM | Registered: C:\WINDOWS\system32\daxctle.ocx 2:10:22 PM | Registered: C:\WINDOWS\system32\hhctrl.ocx 2:10:22 PM | Registered: C:\WINDOWS\system32\l3codecx.ax 2:10:22 PM | Registered: C:\WINDOWS\system32\licmgr10.dll 2:10:22 PM | Registered: C:\WINDOWS\system32\mpg4ds32.ax 2:10:26 PM | Registered: C:\WINDOWS\system32\msdxm.ocx 2:10:26 PM | Registered: C:\WINDOWS\system32\proctexe.ocx 2:10:26 PM | Registered: C:\WINDOWS\system32\tdc.ocx 2:10:26 PM | Registered: C:\WINDOWS\system32\wshom.ocx --- Registration: Control Panel applets --- 2:10:26 PM | DllInstalled: C:\WINDOWS\system32\inetcpl.cpl 2:10:27 PM | DllInstalled: C:\WINDOWS\system32\appwiz.cpl 2:10:27 PM | Registered: C:\WINDOWS\system32\appwiz.cpl 2:10:27 PM | DllInstalled: C:\WINDOWS\system32\nusrmgr.cpl 2:10:27 PM | Registered: C:\WINDOWS\system32\nusrmgr.cpl --- Registration: Direct[X|Draw|Show|Media] --- 2:10:27 PM | Registered: C:\WINDOWS\system32\quartz.dll 2:10:28 PM | Registered: C:\WINDOWS\system32\danim.dll 2:10:28 PM | Registered: C:\WINDOWS\system32\dmscript.dll 2:10:29 PM | Registered: C:\WINDOWS\system32\dmstyle.dll 2:10:29 PM | Registered: C:\WINDOWS\system32\dxmasf.dll 2:10:29 PM | Registered: C:\WINDOWS\system32\dxtmsft.dll 2:10:29 PM | Registered: C:\WINDOWS\system32\dxtrans.dll 2:10:29 PM | Registered: C:\WINDOWS\system32\sbe.dll --- Registration: Programming cores/runtimes --- 2:10:29 PM | Registered: C:\WINDOWS\system32\atl.dll 2:10:29 PM | Registered: C:\WINDOWS\system32\corpol.dll 2:10:29 PM | Registered: C:\WINDOWS\system32\jscript.dll 2:10:29 PM | Registered: C:\WINDOWS\system32\dispex.dll 2:10:29 PM | Registered: C:\WINDOWS\system32\scrrun.dll 2:10:29 PM | Registered: C:\WINDOWS\system32\scrobj.dll 2:10:29 PM | Registered: C:\WINDOWS\system32\vbscript.dll 2:10:30 PM | Registered: C:\WINDOWS\system32\wshext.dll --- Registration: Explorer/IE/OE/shell/WMP --- 2:10:30 PM | Registered: C:\WINDOWS\system32\activeds.dll 2:10:30 PM | Registered: C:\WINDOWS\system32\audiodev.dll 2:10:31 PM | DllInstalled: C:\WINDOWS\system32\browseui.dll 2:10:31 PM | Registered: C:\WINDOWS\system32\browseui.dll 2:10:31 PM | Registered: C:\WINDOWS\system32\browsewm.dll 2:10:31 PM | Registered: C:\WINDOWS\system32\cabview.dll 2:10:31 PM | Registered: C:\WINDOWS\system32\cdfview.dll 2:10:32 PM | Registered: C:\WINDOWS\system32\clbcatex.dll 2:10:32 PM | Registered: C:\WINDOWS\system32\clbcatq.dll 2:10:32 PM | Registered: C:\WINDOWS\system32\comcat.dll 2:10:32 PM | Registered: C:\WINDOWS\system32\cscui.dll 2:10:32 PM | Registered: C:\WINDOWS\system32\credui.dll 2:10:32 PM | Registered: C:\WINDOWS\system32\datime.dll 2:10:32 PM | Registered: C:\WINDOWS\system32\devmgr.dll 2:10:32 PM | Registered: C:\WINDOWS\system32\dfsshlex.dll 2:10:32 PM | Registered: C:\WINDOWS\system32\dmdlgs.dll 2:10:32 PM | Registered: C:\WINDOWS\system32\dmdskmgr.dll 2:10:32 PM | Registered: C:\WINDOWS\system32\dmloader.dll 2:10:33 PM | Registered: C:\WINDOWS\system32\dmocx.dll 2:10:33 PM | Registered: C:\WINDOWS\system32\dmview.ocx 2:10:33 PM | DllInstalled: C:\WINDOWS\system32\dsuiext.dll 2:10:33 PM | Registered: C:\WINDOWS\system32\dsuiext.dll 2:10:33 PM | DllInstalled: C:\WINDOWS\system32\dsquery.dll 2:10:33 PM | Registered: C:\WINDOWS\system32\dsquery.dll 2:10:33 PM | Registered: C:\WINDOWS\system32\dskquoui.dll 2:10:33 PM | Registered: C:\WINDOWS\system32\els.dll 2:10:33 PM | Registered: C:\WINDOWS\system32\es.dll 2:10:34 PM | Registered: C:\WINDOWS\system32\fontext.dll 2:10:34 PM | Registered: C:\WINDOWS\system32\hlink.dll 2:10:34 PM | Registered: C:\WINDOWS\system32\hnetcfg.dll 2:10:34 PM | Registered: C:\WINDOWS\system32\iedkcs32.dll 2:10:34 PM | Registered: C:\WINDOWS\system32\iepeers.dll 2:10:34 PM | Error 127: C:\WINDOWS\system32\iesetup.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702 3:25:53 PM | Error 127: C:\WINDOWS\system32\iesetup.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702 3:25:58 PM | Registered: C:\WINDOWS\system32\ils.dll 3:25:58 PM | Error 127: C:\WINDOWS\system32\imgutil.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702 3:26:23 PM | Registered: C:\WINDOWS\system32\inetcfg.dll 3:26:23 PM | Registered: C:\WINDOWS\system32\inetcomm.dll 3:26:23 PM | Error 127: C:\WINDOWS\system32\inseng.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702 3:26:43 PM | Error 127: C:\WINDOWS\system32\inseng.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702 3:26:53 PM | Registered: C:\WINDOWS\system32\laprxy.dll 3:26:54 PM | Registered: C:\WINDOWS\system32\lmrt.dll 3:26:54 PM | Registered: C:\WINDOWS\system32\mlang.dll 3:26:54 PM | Registered: C:\WINDOWS\system32\mmcndmgr.dll 3:26:55 PM | Registered: C:\WINDOWS\system32\mmcshext.dll 3:26:55 PM | Error 127: C:\WINDOWS\system32\mshtml.dll is not registerable or the file is corrupted. Version: 8.00.6001.18904 3:27:17 PM | Error 127: C:\WINDOWS\system32\mshtml.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18904 3:27:27 PM | Registered: C:\WINDOWS\system32\mshtmled.dll 3:27:27 PM | Registered: C:\WINDOWS\system32\msieftp.dll 3:27:27 PM | Registered: C:\WINDOWS\system32\msoeacct.dll 3:27:27 PM | Registered: C:\WINDOWS\system32\msr2c.dll 3:27:27 PM | Error 127: C:\WINDOWS\system32\msrating.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702 3:28:03 PM | DllInstalled: C:\WINDOWS\system32\mydocs.dll 3:28:03 PM | Registered: C:\WINDOWS\system32\mydocs.dll 3:28:03 PM | Registered: C:\WINDOWS\system32\mstime.dll 3:28:03 PM | Registered: C:\WINDOWS\system32\netcfgx.dll 3:28:03 PM | DllInstalled: C:\WINDOWS\system32\netplwiz.dll 3:28:03 PM | Registered: C:\WINDOWS\system32\netplwiz.dll 3:28:03 PM | Registered: C:\WINDOWS\system32\netman.dll 3:28:04 PM | Registered: C:\WINDOWS\system32\netshell.dll 3:28:04 PM | Registered: C:\WINDOWS\system32\ntmsevt.dll 3:28:04 PM | Registered: C:\WINDOWS\system32\ntmsmgr.dll 3:28:04 PM | DllInstalled: C:\WINDOWS\system32\ntmssvc.dll 3:28:04 PM | Registered: C:\WINDOWS\system32\ntmssvc.dll 3:28:04 PM | Error 127: C:\WINDOWS\system32\occache.dll is not registerable or the file is corrupted. Version: 8.00.6001.18904 3:28:30 PM | Error 127: C:\WINDOWS\system32\occache.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18904 3:28:32 PM | Registered: C:\WINDOWS\system32\ole32.dll 3:28:32 PM | Registered: C:\WINDOWS\system32\oleaut32.dll 3:28:32 PM | Registered: C:\WINDOWS\system32\oleacc.dll 3:28:32 PM | Registered: C:\WINDOWS\system32\olepro32.dll 3:28:32 PM | DllInstalled: C:\WINDOWS\system32\photowiz.dll 3:28:32 PM | Registered: C:\WINDOWS\system32\photowiz.dll 3:28:32 PM | Error 127: C:\WINDOWS\system32\pngfilt.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702 3:28:54 PM | Registered: C:\WINDOWS\system32\remotepg.dll 3:28:54 PM | Registered: C:\WINDOWS\system32\rpcrt4.dll 3:28:54 PM | Registered: C:\WINDOWS\system32\rshx32.dll 3:28:54 PM | Registered: C:\WINDOWS\system32\sendmail.dll 3:28:54 PM | Registered: C:\WINDOWS\system32\slayerxp.dll 3:28:56 PM | DllInstalled: C:\WINDOWS\system32\shdocvw.dll 3:28:56 PM | Registered: C:\WINDOWS\system32\shdocvw.dll 3:28:56 PM | Registered: C:\WINDOWS\system32\shell32.dll 3:28:59 PM | DllInstalled: C:\WINDOWS\system32\shell32.dll 3:28:59 PM | Registered: C:\WINDOWS\system32\shmedia.dll 3:28:59 PM | DllInstalled: C:\WINDOWS\system32\shimgvw.dll 3:28:59 PM | Registered: C:\WINDOWS\system32\shimgvw.dll 3:28:59 PM | DllInstalled: C:\WINDOWS\system32\shsvcs.dll 3:29:00 PM | Registered: C:\WINDOWS\system32\shsvcs.dll 3:29:00 PM | Registered: C:\WINDOWS\system32\srclient.dll 3:29:00 PM | Unregistered: C:\WINDOWS\system32\stobject.dll 3:29:00 PM | Registered: C:\WINDOWS\system32\stobject.dll 3:29:00 PM | DllInstalled: C:\WINDOWS\system32\themeui.dll 3:29:00 PM | Registered: C:\WINDOWS\system32\themeui.dll 3:29:00 PM | Registered: C:\WINDOWS\system32\twext.dll 3:29:01 PM | DllInstalled: C:\WINDOWS\system32\urlmon.dll 3:29:01 PM | Registered: C:\WINDOWS\system32\urlmon.dll 3:29:02 PM | Registered: C:\WINDOWS\system32\userenv.dll 3:29:02 PM | Error 127: C:\WINDOWS\system32\webcheck.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702 3:29:14 PM | Error 127: C:\WINDOWS\system32\webcheck.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702 3:29:16 PM | Registered: C:\WINDOWS\system32\webvw.dll 3:29:16 PM | Registered: C:\WINDOWS\system32\winhttp.dll 3:29:16 PM | DllInstalled: C:\WINDOWS\system32\wininet.dll 3:29:17 PM | Registered: C:\WINDOWS\system32\zipfldr.dll 3:29:17 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdadc.dll 3:29:17 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaenum.dll 3:29:17 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaer.dll 3:29:17 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaipp.dll 3:29:17 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaora.dll 3:29:17 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaosp.dll 3:29:17 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaps.dll 3:29:17 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdasc.dll 3:29:18 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdasql.dll 3:29:18 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdatt.dll 3:29:18 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaurl.dll 3:29:18 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdmeng.dll 3:29:19 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdmine.dll 3:29:19 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msmdcb80.dll 3:29:19 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msmdgd80.dll 3:29:19 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msolap80.dll 3:29:19 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msolui80.dll 3:29:19 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msxactps.dll 3:29:20 PM | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32.dll 3:29:20 PM | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32r.dll 3:29:20 PM | Registered: C:\Program Files\Common Files\system\Ole DB\sqloledb.dll 3:29:20 PM | Registered: C:\Program Files\Common Files\system\Ole DB\sqlxmlx.dll
- June 21, 2010
- 29 replies
Aftermath of Antispyware Soft - still some kind of infection

hcethatsme replied to hcethatsme's topic in Resolved Malware Removal Logs

Same I'm afraid. Can't start W-Firewall/ICS service, print spooler is stopped & when started gives Spooler SubSystem App error. Let me know if it's time to reinstall Windows... not that I want to do that... thanks, Hilary
- June 21, 2010
- 29 replies
Aftermath of Antispyware Soft - still some kind of infection

hcethatsme replied to hcethatsme's topic in Resolved Malware Removal Logs

Oops--I forgot to disable the anti-virus. I'm sorry. Let me know if I should re-run it. Here is the new log: ComboFix 10-06-20.06 - Susquehanna Branch 06/21/2010 12:50:37.6.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1652 [GMT -4:00] Running from: c:\documents and settings\Susquehanna Branch\Desktop\Combo-Fix.exe Command switches used :: F:\CFScript.txt AV: F-PROT Antivirus for Windows *On-access scanning disabled* (Outdated) {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9} FILE :: "c:\windows\system32\drivers\ifkwfvog.dat" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Susquehanna Branch\Local Settings\Application Data\gykhaqjxy . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_GLUATQJK -------\Legacy_WMRTLAYG -------\Service_gluatqjk ((((((((((((((((((((((((( Files Created from 2010-05-21 to 2010-06-21 ))))))))))))))))))))))))))))))) . 2010-06-21 14:16 . 2010-06-21 14:16 -------- d--h--w- c:\windows\system32\GroupPolicy 2010-06-17 23:40 . 2010-06-17 23:50 -------- d-----w- C:\Combo-Fix 2010-06-17 14:21 . 2010-06-17 14:21 -------- d-----w- C:\ERDNT 2010-06-15 17:42 . 2010-06-15 17:42 -------- d-----w- c:\documents and settings\Susquehanna Branch\Application Data\FRISK Software 2010-06-15 17:22 . 2008-04-13 18:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2010-06-15 17:22 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2010-06-07 19:29 . 2010-06-07 19:29 -------- d-----w- C:\spoolerlogs 2010-06-07 18:48 . 2010-06-07 18:48 -------- d-----w- c:\documents and settings\Susquehanna Branch\Application Data\Malwarebytes 2010-06-07 18:41 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-07 18:41 . 2010-06-07 18:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-07 18:41 . 2010-06-07 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-06-07 18:41 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-21 13:03 . 2007-03-09 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-06-16 21:12 . 2002-08-29 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys 2010-06-08 15:20 . 2007-01-29 18:26 -------- d-----w- c:\program files\AIM 2010-06-08 15:02 . 2008-08-26 17:43 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-06-03 18:59 . 2006-11-20 17:46 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-26 16:28 . 2008-08-26 17:43 -------- d-----w- c:\documents and settings\Susquehanna Branch\Application Data\Thunderbird 2010-05-06 13:10 . 2009-05-06 15:02 117760 ----a-w- c:\documents and settings\Susquehanna Branch\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-04-13 13:44 . 2010-04-13 13:43 4938120 ----a-w- c:\program files\Silverlight.exe 2010-03-10 15:20 . 2010-03-10 15:19 8558600 ----a-w- c:\program files\yahoo_firefox_3.6_setup_us.exe 2010-02-16 17:36 . 2010-02-16 17:36 38808920 ----a-w- c:\program files\FileFormatConverters.exe 2010-01-29 17:17 . 2010-01-29 17:15 4384320 ----a-w- c:\program files\Shockwave_Installer_Slim.exe 2010-01-28 16:26 . 2010-01-28 16:26 209624 ----a-w- c:\program files\uninstall_flash_player.exe 2010-01-28 15:12 . 2010-01-28 15:12 1924200 ----a-w- c:\program files\install_flash_player.exe 2007-12-11 16:05 . 2007-12-11 16:04 372520 ----a-w- c:\program files\ymjsetup_29.exe 2006-10-12 20:58 . 2006-10-12 20:58 782898 ----a-w- c:\program files\defs.ref 2005-11-16 14:41 . 2005-11-16 14:41 203061 ----a-w- c:\program files\AIM+Setup.exe 2005-11-16 14:38 . 2004-09-17 15:26 8715352 ----a-w- c:\program files\Install_AIM.exe 2005-03-04 19:29 . 2005-03-04 19:29 533904 ----a-w- c:\program files\psa2011se_DLM_us_full.exe 2003-11-12 20:47 . 2003-08-26 14:40 267472 ----a-w- c:\program files\NSSetup.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-05 68856] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-26 2002160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 53248] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304] "F-PROT Antivirus Tray application"="c:\program files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe" [2008-04-21 1597832] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-12 202256] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-27 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2010-01-26 21:30 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Millennium\\iiirunner.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AIM\\AIM95_c2\\aim.exe"= "c:\\WINDOWS\\SYSTEM32\\spoolsv.exe"= "c:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"= R0 FPAV_RTP;FPAV_RTP;c:\windows\SYSTEM32\DRIVERS\FStopW.sys [2/6/2008 12:30 PM 682840] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 2:53 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 1:39 PM 74480] R2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [8/27/2009 4:26 PM 75424] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/12/2007 12:25 PM 24652] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 4096] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 10:25 AM 135664] S3 brfilt;Brother MFC Filter Driver;c:\windows\SYSTEM32\DRIVERS\BrFilt.sys [3/26/2003 4:52 PM 2944] S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\SYSTEM32\DRIVERS\BrFiltLo.sys [3/26/2003 4:52 PM 12160] S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\SYSTEM32\DRIVERS\BrFiltUp.sys [3/26/2003 4:52 PM 3968] S3 BrSerWDM;Brother WDM Serial driver;c:\windows\SYSTEM32\DRIVERS\BrSerWdm.sys [3/26/2003 4:52 PM 60416] S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\SYSTEM32\DRIVERS\BrUsbMdm.sys [3/26/2003 4:52 PM 11008] S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\SYSTEM32\DRIVERS\BrUsbScn.sys [3/26/2003 4:52 PM 10368] . Contents of the 'Scheduled Tasks' folder 2010-06-21 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 14:15] 2010-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 14:25] 2010-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 14:25] 2010-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-723013921-2880170018-1470282893-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09] 2010-06-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-723013921-2880170018-1470282893-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09] . . ------- Supplementary Scan ------- . uStart Page = hxxp://susqcolibrary.org/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:5555 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm Trusted Zone: microsoftofficeonline.com DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Susquehanna Branch\Application Data\Mozilla\Firefox\Profiles\dx2sbl1f.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.susqcolibrary.org/|http://www.susqcolibrary.org/|http://www.susqcolibrary.org/ FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-21 13:02 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-723013921-2880170018-1470282893-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(384) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(3316) c:\windows\system32\WININET.dll c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\CTsvcCDA.exe c:\program files\Flip Video\FlipShare\FlipShareService.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2010-06-21 13:07:19 - machine was rebooted ComboFix-quarantined-files.txt 2010-06-21 17:07 ComboFix2.txt 2010-06-21 14:59 ComboFix3.txt 2010-06-17 23:50 ComboFix4.txt 2008-03-28 19:21 ComboFix5.txt 2010-06-21 16:49 Pre-Run: 41,803,362,304 bytes free Post-Run: 41,705,832,448 bytes free - - End Of File - - AA79AB8FFABBB1DA29A941BB98CD08B0
- June 21, 2010
- 29 replies
Aftermath of Antispyware Soft - still some kind of infection

hcethatsme replied to hcethatsme's topic in Resolved Malware Removal Logs

Sorry, the file is still not there! And this time the firewall did not turn on and the service can't be started. Here is the fresh ComboFix log: ComboFix 10-06-20.06 - Susquehanna Branch 06/21/2010 10:53:51.5.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1527 [GMT -4:00] Running from: c:\documents and settings\Susquehanna Branch\Desktop\Combo-Fix.exe AV: F-PROT Antivirus for Windows *On-access scanning disabled* (Outdated) {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9} . ((((((((((((((((((((((((( Files Created from 2010-05-21 to 2010-06-21 ))))))))))))))))))))))))))))))) . 2010-06-21 14:16 . 2010-06-21 14:16 -------- d--h--w- c:\windows\system32\GroupPolicy 2010-06-17 23:40 . 2010-06-17 23:50 -------- d-----w- C:\Combo-Fix 2010-06-17 14:21 . 2010-06-17 14:21 -------- d-----w- C:\ERDNT 2010-06-15 17:42 . 2010-06-15 17:42 -------- d-----w- c:\documents and settings\Susquehanna Branch\Application Data\FRISK Software 2010-06-15 17:22 . 2008-04-13 18:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2010-06-15 17:22 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2010-06-07 19:29 . 2010-06-07 19:29 -------- d-----w- C:\spoolerlogs 2010-06-07 18:48 . 2010-06-07 18:48 -------- d-----w- c:\documents and settings\Susquehanna Branch\Application Data\Malwarebytes 2010-06-07 18:41 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-07 18:41 . 2010-06-07 18:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-07 18:41 . 2010-06-07 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-06-07 18:41 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-03 18:20 . 2010-06-07 18:58 -------- d-----w- c:\documents and settings\Susquehanna Branch\Local Settings\Application Data\gykhaqjxy . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-21 13:03 . 2007-03-09 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-06-16 21:12 . 2002-08-29 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys 2010-06-08 15:20 . 2007-01-29 18:26 -------- d-----w- c:\program files\AIM 2010-06-08 15:02 . 2008-08-26 17:43 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-06-03 18:59 . 2006-11-20 17:46 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-26 16:28 . 2008-08-26 17:43 -------- d-----w- c:\documents and settings\Susquehanna Branch\Application Data\Thunderbird 2010-05-06 13:10 . 2009-05-06 15:02 117760 ----a-w- c:\documents and settings\Susquehanna Branch\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-04-13 13:44 . 2010-04-13 13:43 4938120 ----a-w- c:\program files\Silverlight.exe 2010-03-10 15:20 . 2010-03-10 15:19 8558600 ----a-w- c:\program files\yahoo_firefox_3.6_setup_us.exe 2010-02-16 17:36 . 2010-02-16 17:36 38808920 ----a-w- c:\program files\FileFormatConverters.exe 2010-01-29 17:17 . 2010-01-29 17:15 4384320 ----a-w- c:\program files\Shockwave_Installer_Slim.exe 2010-01-28 16:26 . 2010-01-28 16:26 209624 ----a-w- c:\program files\uninstall_flash_player.exe 2010-01-28 15:12 . 2010-01-28 15:12 1924200 ----a-w- c:\program files\install_flash_player.exe 2007-12-11 16:05 . 2007-12-11 16:04 372520 ----a-w- c:\program files\ymjsetup_29.exe 2006-10-12 20:58 . 2006-10-12 20:58 782898 ----a-w- c:\program files\defs.ref 2005-11-16 14:41 . 2005-11-16 14:41 203061 ----a-w- c:\program files\AIM+Setup.exe 2005-11-16 14:38 . 2004-09-17 15:26 8715352 ----a-w- c:\program files\Install_AIM.exe 2005-03-04 19:29 . 2005-03-04 19:29 533904 ----a-w- c:\program files\psa2011se_DLM_us_full.exe 2003-11-12 20:47 . 2003-08-26 14:40 267472 ----a-w- c:\program files\NSSetup.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-05 68856] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-26 2002160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 53248] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304] "F-PROT Antivirus Tray application"="c:\program files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe" [2008-04-21 1597832] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-12 202256] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-27 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2010-01-26 21:30 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Millennium\\iiirunner.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AIM\\AIM95_c2\\aim.exe"= "c:\\WINDOWS\\SYSTEM32\\spoolsv.exe"= "c:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"= R0 FPAV_RTP;FPAV_RTP;c:\windows\SYSTEM32\DRIVERS\FStopW.sys [2/6/2008 12:30 PM 682840] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 2:53 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 1:39 PM 74480] R2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [8/27/2009 4:26 PM 75424] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/12/2007 12:25 PM 24652] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [6/7/2010 2:41 PM 38224] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 4096] S0 wmrtlayg;wmrtlayg;c:\windows\system32\drivers\ifkwfvog.dat --> c:\windows\system32\drivers\ifkwfvog.dat [?] S2 gluatqjk;Brother USB Mass-Storage Upper Filter Controller;c:\windows\System32\svchost.exe -k netsvcs [8/29/2002 8:00 AM 14336] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 10:25 AM 135664] S3 brfilt;Brother MFC Filter Driver;c:\windows\SYSTEM32\DRIVERS\BrFilt.sys [3/26/2003 4:52 PM 2944] S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\SYSTEM32\DRIVERS\BrFiltLo.sys [3/26/2003 4:52 PM 12160] S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\SYSTEM32\DRIVERS\BrFiltUp.sys [3/26/2003 4:52 PM 3968] S3 BrSerWDM;Brother WDM Serial driver;c:\windows\SYSTEM32\DRIVERS\BrSerWdm.sys [3/26/2003 4:52 PM 60416] S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\SYSTEM32\DRIVERS\BrUsbMdm.sys [3/26/2003 4:52 PM 11008] S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\SYSTEM32\DRIVERS\BrUsbScn.sys [3/26/2003 4:52 PM 10368] --- Other Services/Drivers In Memory --- *NewlyCreated* - MBAMSWISSARMY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs gluatqjk . Contents of the 'Scheduled Tasks' folder 2010-06-21 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 14:15] 2010-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 14:25] 2010-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 14:25] 2010-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-723013921-2880170018-1470282893-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09] 2010-06-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-723013921-2880170018-1470282893-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09] . . ------- Supplementary Scan ------- . uStart Page = hxxp://susqcolibrary.org/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:5555 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm Trusted Zone: microsoftofficeonline.com DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Susquehanna Branch\Application Data\Mozilla\Firefox\Profiles\dx2sbl1f.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.susqcolibrary.org/|http://www.susqcolibrary.org/|http://www.susqcolibrary.org/ FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-21 10:57 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wmrtlayg] "ImagePath"="system32\drivers\ifkwfvog.dat" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-723013921-2880170018-1470282893-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(384) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(2352) c:\windows\system32\WININET.dll c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-06-21 10:59:33 ComboFix-quarantined-files.txt 2010-06-21 14:59 ComboFix2.txt 2010-06-17 23:50 ComboFix3.txt 2008-03-28 19:21 ComboFix4.txt 2008-03-28 18:44 ComboFix5.txt 2010-06-21 14:52 Pre-Run: 41,698,025,472 bytes free Post-Run: 41,677,340,672 bytes free - - End Of File - - FC9A07E81D35AE4D306CFA601998FAB7
- June 21, 2010
- 29 replies
Aftermath of Antispyware Soft - still some kind of infection

hcethatsme replied to hcethatsme's topic in Resolved Malware Removal Logs

Hi Borislav, I can't find that file, either in system32 or by doing a disk search. Here's a weird thing--after running ComboFix on Thursday, the Windows Firewall turned itself back on. This morning, it's off again and the service can't start. My instinct is to run ComboFix again & see if comp3216.dll shows up right afterward--maybe it re-infected itself and hid/renamed it?--but I won't do that until I hear from you. The printer window was empty Thursday but I didn't have time to investigate further. This morning I tried to add a printer, get service not running, start it successfully, but immediately get a Spooler SubSystem App error. I ran updated mbam this morning too, but it still comes up clear. Thank you for your patience with this nasty infection! Hilary
- June 21, 2010
- 29 replies
Aftermath of Antispyware Soft - still some kind of infection

hcethatsme replied to hcethatsme's topic in Resolved Malware Removal Logs

I definitely will, but it won't be until Monday morning. Thank you so very much for your help, Borislav, and have a great weekend! Hilary
- June 18, 2010
- 29 replies
Aftermath of Antispyware Soft - still some kind of infection

hcethatsme replied to hcethatsme's topic in Resolved Malware Removal Logs

Thanks again! Here is the CF log: ComboFix 10-06-17.02 - Susquehanna Branch 06/17/2010 19:43:04.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1658 [GMT -4:00] Running from: c:\documents and settings\Susquehanna Branch\Desktop\Combo-Fix.exe AV: F-PROT Antivirus for Windows *On-access scanning disabled* (Outdated) {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\INSTALL.LOG c:\windows\system32\Data c:\windows\system32\Temp c:\windows\system32\win.com c:\windows\xpsp1hfm.log . ((((((((((((((((((((((((( Files Created from 2010-05-17 to 2010-06-17 ))))))))))))))))))))))))))))))) . 2010-06-17 14:21 . 2010-06-17 14:21 -------- d-----w- C:\ERDNT 2010-06-15 17:42 . 2010-06-15 17:42 -------- d-----w- c:\documents and settings\Susquehanna Branch\Application Data\FRISK Software 2010-06-15 17:22 . 2008-04-13 18:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2010-06-15 17:22 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2010-06-07 19:29 . 2010-06-07 19:29 -------- d-----w- C:\spoolerlogs 2010-06-07 18:48 . 2010-06-07 18:48 -------- d-----w- c:\documents and settings\Susquehanna Branch\Application Data\Malwarebytes 2010-06-07 18:41 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-07 18:41 . 2010-06-07 18:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-07 18:41 . 2010-06-07 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-06-07 18:41 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-03 18:20 . 2010-06-07 18:58 -------- d-----w- c:\documents and settings\Susquehanna Branch\Local Settings\Application Data\gykhaqjxy . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-17 23:35 . 2007-03-09 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-06-16 21:12 . 2002-08-29 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys 2010-06-08 15:20 . 2007-01-29 18:26 -------- d-----w- c:\program files\AIM 2010-06-08 15:02 . 2008-08-26 17:43 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-06-03 18:59 . 2006-11-20 17:46 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-06-01 14:38 . 2010-06-01 14:38 12 ----a-w- c:\windows\system32\config\systemprofile\Application Data\czyiwa.dat 2010-05-26 16:28 . 2008-08-26 17:43 -------- d-----w- c:\documents and settings\Susquehanna Branch\Application Data\Thunderbird 2010-05-06 13:10 . 2009-05-06 15:02 117760 ----a-w- c:\documents and settings\Susquehanna Branch\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-04-21 19:16 . 2010-04-21 19:16 -------- d-----w- c:\program files\3ivx 2010-04-21 19:16 . 2010-04-21 19:16 -------- d-----w- c:\program files\Flip Video 2010-04-21 19:16 . 2010-04-21 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Flip Video 2010-04-13 13:44 . 2010-04-13 13:43 4938120 ----a-w- c:\program files\Silverlight.exe 2010-03-10 15:20 . 2010-03-10 15:19 8558600 ----a-w- c:\program files\yahoo_firefox_3.6_setup_us.exe 2010-02-16 17:36 . 2010-02-16 17:36 38808920 ----a-w- c:\program files\FileFormatConverters.exe 2010-01-29 17:17 . 2010-01-29 17:15 4384320 ----a-w- c:\program files\Shockwave_Installer_Slim.exe 2010-01-28 16:26 . 2010-01-28 16:26 209624 ----a-w- c:\program files\uninstall_flash_player.exe 2010-01-28 15:12 . 2010-01-28 15:12 1924200 ----a-w- c:\program files\install_flash_player.exe 2007-12-11 16:05 . 2007-12-11 16:04 372520 ----a-w- c:\program files\ymjsetup_29.exe 2006-10-12 20:58 . 2006-10-12 20:58 782898 ----a-w- c:\program files\defs.ref 2005-11-16 14:41 . 2005-11-16 14:41 203061 ----a-w- c:\program files\AIM+Setup.exe 2005-11-16 14:38 . 2004-09-17 15:26 8715352 ----a-w- c:\program files\Install_AIM.exe 2005-03-04 19:29 . 2005-03-04 19:29 533904 ----a-w- c:\program files\psa2011se_DLM_us_full.exe 2003-11-12 20:47 . 2003-08-26 14:40 267472 ----a-w- c:\program files\NSSetup.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-05 68856] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-26 2002160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 53248] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304] "F-PROT Antivirus Tray application"="c:\program files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe" [2008-04-21 1597832] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-12 202256] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-27 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2010-01-26 21:30 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls] autontsd REG_SZ c:\windows\system32\comp3216.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Millennium\\iiirunner.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AIM\\AIM95_c2\\aim.exe"= "c:\\WINDOWS\\SYSTEM32\\spoolsv.exe"= "c:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"= R0 FPAV_RTP;FPAV_RTP;c:\windows\SYSTEM32\DRIVERS\FStopW.sys [2/6/2008 12:30 PM 682840] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 2:53 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 1:39 PM 74480] R2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [8/27/2009 4:26 PM 75424] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/12/2007 12:25 PM 24652] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 4096] S0 wmrtlayg;wmrtlayg;c:\windows\system32\drivers\ifkwfvog.dat --> c:\windows\system32\drivers\ifkwfvog.dat [?] S2 gluatqjk;Brother USB Mass-Storage Upper Filter Controller;c:\windows\System32\svchost.exe -k netsvcs [8/29/2002 8:00 AM 14336] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 10:25 AM 135664] S3 brfilt;Brother MFC Filter Driver;c:\windows\SYSTEM32\DRIVERS\BrFilt.sys [3/26/2003 4:52 PM 2944] S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\SYSTEM32\DRIVERS\BrFiltLo.sys [3/26/2003 4:52 PM 12160] S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\SYSTEM32\DRIVERS\BrFiltUp.sys [3/26/2003 4:52 PM 3968] S3 BrSerWDM;Brother WDM Serial driver;c:\windows\SYSTEM32\DRIVERS\BrSerWdm.sys [3/26/2003 4:52 PM 60416] S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\SYSTEM32\DRIVERS\BrUsbMdm.sys [3/26/2003 4:52 PM 11008] S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\SYSTEM32\DRIVERS\BrUsbScn.sys [3/26/2003 4:52 PM 10368] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs gluatqjk . Contents of the 'Scheduled Tasks' folder 2010-06-17 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 14:15] 2010-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 14:25] 2010-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 14:25] 2010-06-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-723013921-2880170018-1470282893-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09] 2010-06-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-723013921-2880170018-1470282893-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09] . . ------- Supplementary Scan ------- . uStart Page = hxxp://susqcolibrary.org/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:5555 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm Trusted Zone: microsoftofficeonline.com DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Susquehanna Branch\Application Data\Mozilla\Firefox\Profiles\dx2sbl1f.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.susqcolibrary.org/|http://www.susqcolibrary.org/|http://www.susqcolibrary.org/ FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\documents and settings\Susquehanna Branch\Application Data\Move Networks\plugins\npqmp071505000010.dll FF - plugin: c:\documents and settings\Susquehanna Branch\Application Data\Mozilla\Firefox\Profiles\dx2sbl1f.default\extensions\support@ancestry.com\plugins\npImgCtl.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHANS REMOVED - - - - Toolbar-ID - (no file) HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe SafeBoot-klmdb.sys MSConfigStartUp-kq08s7rxxt - c:\windows\system32\kq08s7rxxt.exe AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Susquehanna Branch\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-17 19:48 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wmrtlayg] "ImagePath"="system32\drivers\ifkwfvog.dat" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-723013921-2880170018-1470282893-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(388) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . Completion time: 2010-06-17 19:50:07 ComboFix-quarantined-files.txt 2010-06-17 23:49 ComboFix2.txt 2008-03-28 19:21 ComboFix3.txt 2008-03-28 18:44 ComboFix4.txt 2008-03-28 17:16 Pre-Run: 41,757,196,288 bytes free Post-Run: 41,721,335,808 bytes free - - End Of File - - 211BA065A39BBBF120B9D610B824B9DC
- June 17, 2010
- 29 replies
Aftermath of Antispyware Soft - still some kind of infection

hcethatsme replied to hcethatsme's topic in Resolved Malware Removal Logs

Hi Borislav, Well, I'm not sure if the virus hosed the system or if there is still something going on. There's no Internet access. Ipconfig gives unable to query host name; Windows Firewall/ICS service can't be started w/ Error 2, cannot find file; etc. I had run a TCP/IP repair tool before coming here and it did nothing; tried various other fixes but haven't yet completely uninstalled & reinstalled TCP/IP, which I also saw recommended. (ipnat.sys & ipnathlp.dll are present; system WAS at SP3 (I think) but I have to double-check when I'm back in front of it (on the road right now). Network connections look normal, there is no proxy server. The other issue is printing: Spooler Subsytem App errors, no printers, can't add any. I haven't run sfc; should I do that? (I hadn't moved to those steps in case there was still infection...) thanks SO MUCH! Hilary
- June 17, 2010
- 29 replies
Aftermath of Antispyware Soft - still some kind of infection

hcethatsme replied to hcethatsme's topic in Resolved Malware Removal Logs

Thanks again, Borislav. Here is the log: 17:04:49:984 2260 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48 17:04:49:984 2260 ================================================================================ 17:04:49:984 2260 SystemInfo: 17:04:49:984 2260 OS Version: 5.1.2600 ServicePack: 3.0 17:04:49:984 2260 Product type: Workstation 17:04:49:984 2260 ComputerName: MUFASA 17:04:49:984 2260 UserName: Susquehanna Branch 17:04:49:984 2260 Windows directory: C:\WINDOWS 17:04:49:984 2260 Processor architecture: Intel x86 17:04:49:984 2260 Number of processors: 1 17:04:49:984 2260 Page size: 0x1000 17:04:49:984 2260 Boot type: Normal boot 17:04:49:984 2260 ================================================================================ 17:04:50:250 2260 Initialize success 17:04:50:265 2260 17:04:50:265 2260 Scanning Services ... 17:04:50:671 2260 Raw services enum returned 350 services 17:04:50:671 2260 17:04:50:671 2260 Scanning Drivers ... 17:04:51:390 2260 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS 17:04:51:531 2260 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 17:04:51:703 2260 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 17:04:51:906 2260 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys 17:04:52:062 2260 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 17:04:52:234 2260 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 17:04:52:406 2260 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 17:04:52:578 2260 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys 17:04:52:734 2260 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys 17:04:52:890 2260 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys 17:04:53:031 2260 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys 17:04:53:203 2260 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys 17:04:53:312 2260 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys 17:04:53:468 2260 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys 17:04:53:609 2260 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys 17:04:53:765 2260 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys 17:04:53:937 2260 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys 17:04:54:062 2260 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys 17:04:54:218 2260 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 17:04:54:343 2260 atapi (75fefb18207dd203140e991b4d2b86ff) C:\WINDOWS\system32\DRIVERS\atapi.sys 17:04:54:343 2260 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\atapi.sys. Real md5: 75fefb18207dd203140e991b4d2b86ff, Fake md5: 9f3a2f5aa6875c72bf062c712cfa2674 17:04:54:343 2260 File "C:\WINDOWS\system32\DRIVERS\atapi.sys" infected by TDSS rootkit ... 17:04:56:421 2260 Backup copy found, using it.. 17:04:56:437 2260 will be cured on next reboot 17:04:56:718 2260 ati2mtaa (075e091eebb450eedae9da74f5b46494) C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys 17:04:56:890 2260 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 17:04:57:031 2260 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 17:04:57:156 2260 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 17:04:57:281 2260 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys 17:04:57:453 2260 BrFiltLo (50cd33fcc147ae70dfa398f6a3bc7075) C:\WINDOWS\system32\DRIVERS\BrFiltLo.sys 17:04:57:609 2260 BrFiltUp (d6738653286d51bb9286cb579814046b) C:\WINDOWS\system32\DRIVERS\BrFiltUp.sys 17:04:57:765 2260 BrSerWDM (8e06cd96e00472c03770a697d04031c0) C:\WINDOWS\system32\Drivers\BrSerWdm.sys 17:04:57:906 2260 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys 17:04:58:062 2260 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys 17:04:58:359 2260 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys 17:04:58:500 2260 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 17:04:58:625 2260 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys 17:04:58:796 2260 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 17:04:58:968 2260 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 17:04:59:140 2260 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys 17:04:59:312 2260 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys 17:04:59:468 2260 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 17:04:59:609 2260 cdudf_xp (072070a498d5fad70c3a99a5f0b1331b) C:\WINDOWS\system32\drivers\cdudf_xp.sys 17:04:59:890 2260 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys 17:05:00:046 2260 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys 17:05:00:187 2260 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys 17:05:00:343 2260 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys 17:05:00:500 2260 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys 17:05:00:687 2260 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 17:05:00:859 2260 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 17:05:01:031 2260 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys 17:05:01:171 2260 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 17:05:01:343 2260 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 17:05:01:515 2260 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys 17:05:01:750 2260 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 17:05:02:078 2260 dvd_2K (a3997baab606caa92f27e07bc4f070f0) C:\WINDOWS\system32\drivers\dvd_2K.sys 17:05:02:390 2260 E100B (98ed0bea10477b0f252cca35eb50f838) C:\WINDOWS\system32\DRIVERS\e100b325.sys 17:05:02:609 2260 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 17:05:02:750 2260 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 17:05:02:875 2260 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 17:05:03:015 2260 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 17:05:03:156 2260 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 17:05:03:359 2260 FPAV_RTP (ba50532419b00de2e99b8913a5abf3f6) C:\WINDOWS\system32\DRIVERS\FStopW.sys 17:05:03:531 2260 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 17:05:03:578 2260 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 17:05:03:718 2260 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 17:05:03:843 2260 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 17:05:04:015 2260 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 17:05:04:187 2260 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys 17:05:04:359 2260 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 17:05:04:546 2260 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 17:05:04:671 2260 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys 17:05:04:796 2260 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 17:05:04:937 2260 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys 17:05:05:078 2260 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys 17:05:05:218 2260 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys 17:05:05:343 2260 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys 17:05:05:484 2260 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys 17:05:05:625 2260 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys 17:05:05:781 2260 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys 17:05:05:921 2260 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys 17:05:06:093 2260 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys 17:05:06:265 2260 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys 17:05:06:421 2260 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 17:05:06:593 2260 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys 17:05:06:750 2260 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys 17:05:06:921 2260 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 17:05:07:093 2260 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 17:05:07:250 2260 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 17:05:07:453 2260 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 17:05:07:656 2260 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 17:05:07:875 2260 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 17:05:08:031 2260 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 17:05:08:156 2260 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 17:05:08:296 2260 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 17:05:08:421 2260 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys 17:05:08:515 2260 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 17:05:08:656 2260 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 17:05:08:812 2260 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys 17:05:08:906 2260 mmc_2K (e97e3fe03b6f271336cb2fbb24734989) C:\WINDOWS\system32\drivers\mmc_2K.sys 17:05:09:000 2260 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 17:05:09:078 2260 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 17:05:09:203 2260 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 17:05:09:328 2260 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 17:05:09:453 2260 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 17:05:09:578 2260 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys 17:05:09:687 2260 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 17:05:09:875 2260 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 17:05:10:078 2260 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 17:05:10:203 2260 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 17:05:10:359 2260 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 17:05:10:515 2260 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 17:05:10:687 2260 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 17:05:10:875 2260 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 17:05:11:078 2260 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 17:05:11:250 2260 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 17:05:11:437 2260 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 17:05:11:593 2260 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 17:05:11:781 2260 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 17:05:11:953 2260 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 17:05:12:078 2260 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 17:05:12:265 2260 NMSCFG (1d3bb79a0035077297779c8c52ca3c01) C:\WINDOWS\System32\drivers\NMSCFG.SYS 17:05:12:406 2260 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 17:05:12:593 2260 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 17:05:12:796 2260 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 17:05:13:062 2260 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 17:05:13:328 2260 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 17:05:13:453 2260 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 17:05:13:593 2260 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 17:05:13:781 2260 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 17:05:13:968 2260 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 17:05:14:109 2260 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys 17:05:14:281 2260 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys 17:05:14:500 2260 P16X (e433c553d00d76fbc616294b60a7a530) C:\WINDOWS\system32\drivers\P16X.sys 17:05:14:734 2260 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys 17:05:14:906 2260 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 17:05:15:031 2260 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 17:05:15:203 2260 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 17:05:15:343 2260 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 17:05:15:578 2260 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 17:05:15:718 2260 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 17:05:16:109 2260 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys 17:05:16:234 2260 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys 17:05:16:328 2260 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys 17:05:16:484 2260 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 17:05:16:656 2260 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 17:05:16:828 2260 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 17:05:17:000 2260 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 17:05:17:187 2260 pwd_2k (070eddd0e4a5be55dd590d8b30dbff22) C:\WINDOWS\system32\drivers\pwd_2k.sys 17:05:17:312 2260 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys 17:05:17:453 2260 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys 17:05:17:593 2260 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys 17:05:17:750 2260 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys 17:05:17:859 2260 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys 17:05:17:968 2260 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys 17:05:18:125 2260 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 17:05:18:234 2260 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 17:05:18:406 2260 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 17:05:18:546 2260 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 17:05:18:671 2260 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 17:05:18:843 2260 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 17:05:18:953 2260 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 17:05:19:125 2260 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 17:05:19:296 2260 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 17:05:19:406 2260 SASDIFSV (bfbc4be8d6ac6d33ad93f3f5f2e11499) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 17:05:19:453 2260 SASENUM (7f1085895e499907f68df7731924122b) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS 17:05:19:546 2260 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 17:05:19:734 2260 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 17:05:19:859 2260 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 17:05:20:031 2260 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 17:05:20:187 2260 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 17:05:20:375 2260 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys 17:05:20:515 2260 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys 17:05:20:625 2260 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 17:05:20:765 2260 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 17:05:20:921 2260 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys 17:05:21:062 2260 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 17:05:21:203 2260 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 17:05:21:468 2260 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys 17:05:21:593 2260 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys 17:05:21:734 2260 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys 17:05:21:843 2260 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys 17:05:21:984 2260 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 17:05:22:156 2260 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 17:05:22:296 2260 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 17:05:22:453 2260 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 17:05:22:609 2260 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 17:05:22:765 2260 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys 17:05:22:906 2260 UdfReadr_xp (27e66e79fd742c107fdb23280e17d869) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys 17:05:23:046 2260 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 17:05:23:187 2260 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys 17:05:23:328 2260 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 17:05:23:500 2260 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 17:05:23:625 2260 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 17:05:23:750 2260 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 17:05:23:906 2260 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 17:05:24:046 2260 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 17:05:24:171 2260 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 17:05:24:296 2260 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 17:05:24:453 2260 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 17:05:24:640 2260 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys 17:05:24:765 2260 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys 17:05:24:906 2260 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 17:05:25:000 2260 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 17:05:25:125 2260 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys 17:05:25:296 2260 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 17:05:25:484 2260 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 17:05:25:609 2260 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 17:05:25:750 2260 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 17:05:25:765 2260 Reboot required for cure complete.. 17:05:26:203 2260 Cure on reboot scheduled successfully 17:05:26:203 2260 17:05:26:203 2260 Completed 17:05:26:203 2260 17:05:26:203 2260 Results: 17:05:26:203 2260 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 17:05:26:203 2260 File objects infected / cured / cured on reboot: 1 / 0 / 1 17:05:26:203 2260 17:05:26:218 2260 KLMD(ARK) unloaded successfully
- June 16, 2010
- 29 replies

Sign In

hcethatsme

Posts

Joined

Last visited

Reputation

Aftermath of Antispyware Soft - still some kind of infection

Aftermath of Antispyware Soft - still some kind of infection

Aftermath of Antispyware Soft - still some kind of infection

Aftermath of Antispyware Soft - still some kind of infection

Aftermath of Antispyware Soft - still some kind of infection

Aftermath of Antispyware Soft - still some kind of infection

Aftermath of Antispyware Soft - still some kind of infection

Aftermath of Antispyware Soft - still some kind of infection

Aftermath of Antispyware Soft - still some kind of infection

Aftermath of Antispyware Soft - still some kind of infection

Aftermath of Antispyware Soft - still some kind of infection

Aftermath of Antispyware Soft - still some kind of infection

Aftermath of Antispyware Soft - still some kind of infection

Aftermath of Antispyware Soft - still some kind of infection

Aftermath of Antispyware Soft - still some kind of infection

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information