Jump to content

Recommended Posts

Apparently the infected PC won't allow me to post a topic

I just tried to post this and got a "cannot display the web page" message

for the website?? This happened in both IE and Chrome

On the 23rd I caught a trojan that ran SP Antispyware, presumably to

persuade me to enter credit card information. In the multi-step removal

process since then I've run Microsoft Essentials, Msert.exe, and

Malwarebytes. Each one found more things to remove. In all I've removed

dynamar!dtc, Trojan.FakeAlert, Adware.Minibug, Rogue.Multiple, Trojan.Agent,

and PUM.Disabled.SecurityCenter.

What I am left with is Malwarebytes displaying frequent messages that it has

blocked outgoing attempts to contact potentially malicious websites.

I don't trust the PC at all yet so I'm trying the forum for assurance that I

have fixed the PC. Following is the scrape of DDS.txt and attached is the

file, attach.txt

Please give me a hand. Thanks.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25

Run by Daniel Arndt at 13:39:27 on 2011-12-26

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1968

[GMT -5:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated*

{A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: Microsoft Security Essentials *Enabled/Updated*

{EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated*

{BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device

Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\lxdwcoms.exe

C:\Program Files\Maxtor\Sync\SyncServices.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\mqsvc.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe

C:\Program Files\Lexmark 7600 Series\lxdwmon.exe

C:\Program Files\Lexmark 7600 Series\lxdwMsdMon.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = localhost;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: AIM Toolbar Search Class:

{03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim

toolbar\aimtb.dll

mURLSearchHooks: AIM Toolbar Search Class:

{03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim

toolbar\aimtb.dll

BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program

files\lexmark toolbar\toolband.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} -

c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} -

c:\windows\system32\dla\tfswshx.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} -

c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype add-on for Internet Explorer:

{ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program

files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} -

c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll

BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program

files\aim toolbar\aimtb.dll

BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} -

c:\program files\lexmark printable web\bho.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} -

c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} -

c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program

files\aim toolbar\aimtb.dll

TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program

files\lexmark toolbar\toolband.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program

files\google\google toolbar\GoogleToolbar_32.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} -

c:\windows\system32\Shdocvw.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program

files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [PhotoShow Deluxe Media Manager]

c:\progra~1\ahead\neroph~1\data\xtras\mssysmgr.exe

uRun: [Google Update] "c:\documents and settings\daniel arndt\local

settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [iAAnotif] c:\program files\intel\intel application

accelerator\iaanotif.exe

mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [MsmqIntCert] regsvr32 /s mqrt.dll

mRun: [ViewMgr] c:\program files\viewpoint\viewpoint manager\ViewMgr.exe

mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"

mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"

mRun: [lxdwmon.exe] "c:\program files\lexmark 7600 series\lxdwmon.exe"

mRun: [lxdwamon] "c:\program files\lexmark 7600 series\lxdwamon.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device

support\AppleSyncNotifier.exe

mRun: [updateManager] "c:\program files\common files\sonic\update

manager\sgtray.exe" /r

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader

9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [MSC] "c:\program files\microsoft security

client\msseces.exe" -hide -runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java

update\jusched.exe"

mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes'

anti-malware\mbamgui.exe" /starttray

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: &AIM Toolbar Search - c:\documents and settings\all users\application

data\aim toolbar\ietoolbar\resources\en-us\local\search.html

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel -

c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000

IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -

http://wwws.musicmatch.com/mmz/openWebRadio.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program

files\messenger\msmsgs.exe

IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} -

{61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim

toolbar\aimtb.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} -

{48E73304-E1D6-4330-914C-F5F514E3486C} -

c:\progra~1\mi1933~1\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program

files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

LSP: mswsock.dll

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -

hxxp://support.dell.com/systemprofiler/SysPro.CAB

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} -

hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} -

hxxp://www.caminova.net/en/downloads/getmodule.aspx?lang=en

DPF: {17492023-C23A-453E-A040-C7C580BBF700} -

hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab

DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -

hxxps://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} -

hxxps://support.microsoft.com/OAS/ActiveX/odc.cab

DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} -

hxxp://moneycentral.msn.com/cabs/pmupd806.exe

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -

hxxp://office.microsoft.com/officeupdate/content/opuc2.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} -

hxxp://photos.walmart.com/WalmartActivia.cab

DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} -

hxxp://www.sidestep.com/get/k42037/sb02b.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120095005734

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -

hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} -

hxxps://webdl.symantec.com/activex/symdlmgr.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1120095154906

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} -

hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} -

hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {A8683C98-5341-421B-B23C-8514C05354F1} -

hxxp://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab

DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} -

hxxps://ediagnostics.lexmark.com/serval.cab

DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -

hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

hxxps://fluke.webex.com/client/T26L/event/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -

c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\daniel arndt\application

data\mozilla\firefox\profiles\at3hbq0i.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.msn.com/default.armx

FF - component: c:\documents and settings\daniel arndt\application

data\mozilla\firefox\profiles\at3hbq0i.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\daniel arndt\application

data\mozilla\firefox\profiles\at3hbq0i.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google

updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\picasa3\npPicasa2.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience

technology\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program

files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program

files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant:

{20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation

foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program

files\java\jre6\lib\deploy\jqs\ff

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-11-19 64512]

R1 MpFilter;Microsoft Malware Protection

Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]

R1 MpKslb0dc613a;MpKslb0dc613a;c:\documents and settings\all

users\application data\microsoft\microsoft antimalware\definition

updates\{52d6a3d6-a79e-4080-a102-287c348c57d6}\MpKslb0dc613a.sys [2011-12-26

29904]

R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4

14336]

R2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service -->

c:\windows\system32\lxdwcoms.exe -service [?]

R2 MBAMService;MBAMService;c:\program files\malwarebytes'

anti-malware\mbamservice.exe [2011-12-23 366152]

R2 UMVPFSrv;UMVPFSrv;c:\program files\common

files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program

files\viewpoint\common\ViewpointService.exe [2008-2-26 24652]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

[2011-12-23 22216]

S1 Kbdnger;Kbdnger;c:\windows\system32\drivers\ql1c3550.sys [2005-11-16

12288]

S1 MpKsl0e2c1188;MpKsl0e2c1188;\??\c:\documents and settings\all

users\application data\microsoft\microsoft antimalware\definition

updates\{4a432171-3f73-48e7-bc12-22101051446f}\mpksl0e2c1188.sys -->

c:\documents and settings\all users\application data\microsoft\microsoft

antimalware\definition

updates\{4a432171-3f73-48e7-bc12-22101051446f}\MpKsl0e2c1188.sys [?]

S1 MpKsl16a0a83b;MpKsl16a0a83b;\??\c:\documents and settings\all

users\application data\microsoft\microsoft antimalware\definition

updates\{43f696f5-be00-4638-ab65-7daa371a6295}\mpksl16a0a83b.sys -->

c:\documents and settings\all users\application data\microsoft\microsoft

antimalware\definition

updates\{43f696f5-be00-4638-ab65-7daa371a6295}\MpKsl16a0a83b.sys [?]

S1 MpKsl5d912f2e;MpKsl5d912f2e;\??\c:\documents and settings\all

users\application data\microsoft\microsoft antimalware\definition

updates\{96edd51f-349e-40cb-a3b4-859409e0e0c3}\mpksl5d912f2e.sys -->

c:\documents and settings\all users\application data\microsoft\microsoft

antimalware\definition

updates\{96edd51f-349e-40cb-a3b4-859409e0e0c3}\MpKsl5d912f2e.sys [?]

S1 MpKsl8964308c;MpKsl8964308c;\??\c:\documents and settings\all

users\application data\microsoft\microsoft antimalware\definition

updates\{2b4b219a-816e-4bb1-9ae1-dfb2aed718d9}\mpksl8964308c.sys -->

c:\documents and settings\all users\application data\microsoft\microsoft

antimalware\definition

updates\{2b4b219a-816e-4bb1-9ae1-dfb2aed718d9}\MpKsl8964308c.sys [?]

S1 MpKsl93419ccf;MpKsl93419ccf;\??\c:\documents and settings\all

users\application data\microsoft\microsoft antimalware\definition

updates\{f7c03993-80f5-440b-8c77-3fad41756e3b}\mpksl93419ccf.sys -->

c:\documents and settings\all users\application data\microsoft\microsoft

antimalware\definition

updates\{f7c03993-80f5-440b-8c77-3fad41756e3b}\MpKsl93419ccf.sys [?]

S1 MpKslc697ba58;MpKslc697ba58;\??\c:\documents and settings\all

users\application data\microsoft\microsoft antimalware\definition

updates\{ff73c094-934b-4479-b8f2-69510854926c}\mpkslc697ba58.sys -->

c:\documents and settings\all users\application data\microsoft\microsoft

antimalware\definition

updates\{ff73c094-934b-4479-b8f2-69510854926c}\MpKslc697ba58.sys [?]

S1 MpKsle0efe9b9;MpKsle0efe9b9;\??\c:\documents and settings\all

users\application data\microsoft\microsoft antimalware\definition

updates\{3cc37fa1-1a3c-4ce2-98f7-eb8fe7b705ff}\mpksle0efe9b9.sys -->

c:\documents and settings\all users\application data\microsoft\microsoft

antimalware\definition

updates\{3cc37fa1-1a3c-4ce2-98f7-eb8fe7b705ff}\MpKsle0efe9b9.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program

files\google\update\GoogleUpdate.exe [2009-12-22 135664]

S2

lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdwserv.exe

[2009-5-3 98984]

S3 gupdatem;Google Update Service (gupdatem);c:\program

files\google\update\GoogleUpdate.exe [2009-12-22 135664]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program

files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program

files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]

.

=============== Created Last 30 ================

.

2011-12-26 12:56:13 29904 ----a-w- c:\documents and settings\all

users\application data\microsoft\microsoft antimalware\definition

updates\{52d6a3d6-a79e-4080-a102-287c348c57d6}\MpKslb0dc613a.sys

2011-12-26 12:56:09 56200 ----a-w- c:\documents and settings\all

users\application data\microsoft\microsoft antimalware\definition

updates\{52d6a3d6-a79e-4080-a102-287c348c57d6}\offreg.dll

2011-12-25 17:10:05 6823496 ----a-w- c:\documents and settings\all

users\application data\microsoft\microsoft antimalware\definition

updates\{52d6a3d6-a79e-4080-a102-287c348c57d6}\mpengine.dll

2011-12-24 02:22:27 -------- d-----w- c:\documents and settings\daniel

arndt\application data\Malwarebytes

2011-12-24 02:22:13 -------- d-----w- c:\documents and settings\all

users\application data\Malwarebytes

2011-12-24 02:22:10 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-24 02:22:10 -------- d-----w- c:\program files\Malwarebytes'

Anti-Malware

2011-12-23 19:35:03 -------- d-----w- c:\documents and settings\daniel

arndt\local settings\application data\NPE

2011-12-23 18:44:56 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-12-23 18:44:56 -------- d-----w- c:\windows\system32\wbem\Repository

2011-12-23 17:25:28 37888 ----a-w- c:\windows\system32\USB3Nw32(2).dll

2011-12-17 14:33:51 329032 ----a-w- c:\documents and settings\all

users\SPL50.tmp

2011-12-17 01:16:55 -------- d-----w- c:\documents and settings\daniel

arndt\application data\MyPublisher

2011-12-14 19:46:04 2465796 ----a-w- c:\documents and settings\all

users\SPL27A.tmp

2011-12-09 15:53:20 20310087 ----a-w- c:\documents and settings\all

users\SPL54E.tmp

2011-12-09 14:48:34 24468352 ----a-w- c:\documents and settings\all

users\SPL3D6.tmp

2011-11-28 17:37:26 1409 ----a-w- c:\windows\system32\tmpEEA1B.FOT

2011-11-28 17:37:25 1409 ----a-w- c:\windows\system32\tmp1E71B.FOT

2011-11-28 17:37:24 1409 ----a-w- c:\windows\system32\tmp3D41B.FOT

2011-11-28 17:37:23 1409 ----a-w- c:\windows\system32\tmp6C11B.FOT

2011-11-28 17:37:22 1409 ----a-w- c:\windows\system32\tmpF0B0B.FOT

2011-11-28 17:37:22 1409 ----a-w- c:\windows\system32\tmpA8E0B.FOT

.

==================== Find3M ====================

.

2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-19 13:26:07 16432 ----a-w- c:\windows\system32\lsdelete.exe

2011-11-19 12:47:17 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-11-19 12:44:12 414368 ----a-w-

c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec

2011-11-03 17:06:56 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 19:24:09 16469963 ----a-w- c:\documents and settings\all

users\SPL2C3.tmp

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

.

============= FINISH: 13:41:06.00 ===============

I'm watching the other XP Antispyware post with interest. My Network monitor continually says "acquiring network address." but it is apparently selective in blocking certain website pages re: the failure to create the new post at malwarebytes. I created the new top from my laptop. I wonder if this post will work....

Topic Merged

attach.txt

Link to post
Share on other sites

  • 1 month later...

Hello,

Would you advise if you have resolved your issues or if you have sought help elsewhere?

If not resolved and you are not already seeking help elsewhere, I'd like for you to rerun a new (fresh) DDS and Copy & Paste the DDS.txt into a new reply into this Topic.

Anyone other than original-poster who has similar issues, do not reply here. Start your own topic.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.