Jump to content

Asking for Help: Block Access Malicious Website


Baha

Recommended Posts

I am getting many popups about potentially malicious websites being blocked.

I followed the instructions here:

http://forums.malwarebytes.org/index.php?showtopic=9573

I updated MBAM and ran a full scan. 3 infections found and quarantined.

I used DeFogger to disable CD-ROM emulation (and restarted my PC).

I ran DDS (DDS.txt below, Attach.txt is in the attached zip).

I ran GMER (ark.txt is in the attached zip).

=====Anti-Malware Log===========

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4994

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

29.10.2010 15:45:58

mbam-log-2010-10-29 (15-45-58). txt

Scan type: Full Scan (C: \ | D: \ | E: \ |)

Scanned objects: 193525

Time elapsed: 47 minutes, 40 seconds

Infected processes in memory: 0

Memory Modules Infected: 0

Infected registry keys: 0

Infected Registry values: 0

Registry objects infected: 2

Folders Infected: 0

Infected files: 1

Infected processes in memory:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Infected registry keys:

(No malicious items detected)

Infected settings in the registry:

(No malicious items detected)

Registry objects infected:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infected folders:

(No malicious items detected)

Infected files:

C: \ System Volume Information \ _restore {EB64011F-253D-4BFD-8EC9-3A66327E41D3} \ RP16 \ A0003442.exe (TrojanProxy.Horst) -> Quarantined and deleted successfully.

==== DDS Log ==========

DDS (Ver_10-10-21.02) - NTFSx86

Run by Administrator at 23:24:32,73 on 30.10.2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional [GMT -7:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\idt\gatewayxpv_12\wdm\STacSV.exe

svchost.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe

C:\Program Files\Process Killer\prkiller.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\LouderIt\LouderIt.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrator\??????? ????\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

BHO: IE 4.x-6.x BHO for Download Master: {9961627e-4059-41b4-8e0e-a7d6b3854adf} - c:\progra~1\downlo~1\dmiehlp.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: DM Bar: {0e1230f8-ea50-42a9-983c-d22abc2eed3c} - c:\program files\download master\dmbar.dll

TB: QT Breadcrumbs Address Bar: {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll

TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [louderit.exe] c:\program files\louderit\LouderIt.exe

uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [AppVodBurner]

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [Process Killer] c:\program files\process killer\prkiller.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [bitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"

mRun: [bDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

mPolicies-system: EnableLUA = 0 (0x0)

IE: &??????? ? Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: ???????? ??? ??? ?????? Download Master - c:\program files\download master\dmieall.htm

IE: ???????? ??? ?????? Download Master - c:\program files\download master\dmie.htm

IE: ???????? ?? ????????? ??????? DM - c:\program files\download master\remdown.htm

IE: {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - c:\program files\download master\dmaster.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1273836485359

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: prio.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\1ceyvpys.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff2.dll

FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff3.6.dll

FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff3.dll

FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

============= SERVICES / DRIVERS ===============

R0 ahci7xx;SCSI Miniport;c:\windows\system32\drivers\ahci7xx.sys [2010-5-14 176136]

R0 amdbusdr;System Bus Extender;c:\windows\system32\drivers\amdbusdr.sys [2010-5-14 29696]

R0 iaStor55;Intel RAID Controller;c:\windows\system32\drivers\iaStor55.sys [2010-5-14 874240]

R0 iaStor70;Intel AHCI Controller;c:\windows\system32\drivers\iaStor70.sys [2010-5-14 277784]

R0 iaStorw;Intel AHCI Controller;c:\windows\system32\drivers\iaStorw.sys [2010-5-14 308248]

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2010-5-14 26112]

R0 m5228;SCSI Miniport;c:\windows\system32\drivers\m5228.sys [2010-5-14 45069]

R0 m5281;SCSI Miniport;c:\windows\system32\drivers\m5281.sys [2010-5-14 51072]

R0 m5287;SCSI Miniport;c:\windows\system32\drivers\m5287.sys [2010-5-14 103680]

R0 m5288;SCSI Miniport;c:\windows\system32\drivers\m5288.sys [2010-5-14 210304]

R0 m5289;SCSI Miniport;c:\windows\system32\drivers\m5289.sys [2010-5-14 52480]

R0 mv614x;SCSI Miniport;c:\windows\system32\drivers\mv614x.sys [2010-5-14 34432]

R0 mv61xx;SCSI Miniport;c:\windows\system32\drivers\mv61xx.sys [2010-5-14 143360]

R0 nvgt2;SCSI Miniport;c:\windows\system32\drivers\nvgt2.sys [2010-5-14 132096]

R0 nvrd33;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd33.sys [2010-5-14 125440]

R0 raidsrc;SCSI Miniport;c:\windows\system32\drivers\raidsrc.sys [2010-5-14 45392]

R0 SI3124;SiI-3124 SATALink Controller;c:\windows\system32\drivers\SI3124.sys [2010-5-14 81960]

R0 SI3132D;SiI-3132 SATALink Controller;c:\windows\system32\drivers\SI3132D.sys [2010-5-14 80424]

R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2010-5-14 210736]

R0 SiSRaid1;SCSI Miniport;c:\windows\system32\drivers\SiSRaid1.sys [2010-5-14 46464]

R0 sisraid4;SCSI Miniport;c:\windows\system32\drivers\sisraid4.sys [2010-5-14 68864]

R0 sisraidx;SCSI Miniport;c:\windows\system32\drivers\sisraidx.sys [2010-5-14 47616]

R0 viapdsk;VIA ATA/ATAPI Host Controller;c:\windows\system32\drivers\viapdsk.sys [2010-5-14 29184]

R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2010-5-14 17968]

R1 Prio;Prio;c:\windows\system32\drivers\prio.sys [2008-3-31 34576]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-29 304464]

R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-2-3 153448]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-29 20952]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-8-19 162816]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-8-19 335104]

S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]

S3 NtApm;??????? ?????????? NT Apm/Legacy;c:\windows\system32\drivers\NtApm.sys [2010-5-14 9472]

S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]

============== File Associations ===============

inffile="c:\program files\akelpad\AkelPad.exe" "%1"

inifile="c:\program files\akelpad\AkelPad.exe" "%1"

txtfile="c:\program files\akelpad\AkelPad.exe" "%1"

=============== Created Last 30 ================

2010-10-31 00:04:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-10-31 00:04:40 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-10-30 23:38:43 -------- d-----w- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com

2010-10-29 21:26:28 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes

2010-10-29 21:26:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-29 21:26:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-29 21:26:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-29 21:26:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-10-29 17:09:00 -------- d-----w- c:\program files\VodBurner

2010-10-19 18:56:00 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-10-19 18:44:15 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-10-19 18:43:59 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-10-19 18:42:24 66560 -c----w- c:\windows\system32\dllcache\mshtmled.dll

2010-10-19 18:38:32 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll

==================== Find3M ====================

2010-09-18 19:23:40 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:38 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:38 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:38 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-10 05:51:37 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:51:34 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:51:34 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-01 11:52:25 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-09-01 07:57:36 1852928 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:03:36 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:54:10 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-27 01:43:50 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12:37 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 23:26:56,12 ===============

Thanks for your help.

Attach.zip

Link to post
Share on other sites

Hello ,

And :) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

Hi Elise,

Thanks for the reply.

The problem as I said once in awhile Anti-Malware gives popup notification that it blocked access to malicious website. The reason I am worried is my connection always gets jammed, it gets very very slow. If we reset the router and modem, then it goes back to normal. But after some time it again gets jammed. So I installed Anti-Malware and I am getting this messages.

RKU Log

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2

==============================================

>Drivers

==============================================

0xBF2E9000 C:\WINDOWS\System32\igxpdx32.DLL 3837952 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)

0xBF059000 C:\WINDOWS\System32\igxpdv32.DLL 2686976 bytes (Intel Corporation, Component GHAL Driver)

0x80800000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (?????????? ??????????, ????????? ?????? ???? NT)

0x80800000 PnpManager 2260992 bytes

0x80800000 RAW 2260992 bytes

0x80800000 WMIxWDM 2260992 bytes

0xBF800000 Win32k 1855488 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (?????????? ??????????, ????????????????????? ??????? Win32)

0xB906C000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 1732608 bytes (Intel Corporation, Intel Graphics Miniport Driver)

0xA649C000 C:\WINDOWS\system32\drivers\sthda.sys 1236992 bytes (IDT, Inc., IDT PC Audio)

0xA288E000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1204224 bytes (Agere Systems, SoftModem Device Driver)

0xF7B05000 iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)

0xBA72A000 iaStor55.sys 876544 bytes (Intel Corporation, Intel Matrix Storage Manager driver)

0xBA5A4000 iaStorw.sys 819200 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)

0xBA66C000 iaStor70.sys 778240 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)

0xBA190000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xB8F64000 C:\WINDOWS\System32\Drivers\wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)

0xA26DF000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xB8E8B000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xA2802000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xA23B4000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)

0xA268D000 C:\WINDOWS\system32\DRIVERS\RTL8187B.sys 335872 bytes (Realtek Semiconductor Corporation , Realtek RTL8187B NDIS Driver)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xBA234000 bdfsfltr.sys 286720 bytes (BitDefender, BitDefender AntiVirus FS filter driver)

0xBA54B000 ahci7xx.sys 266240 bytes (AMD Technologies Inc., AMD Technology AHCI Compatible Controller Driver for Windows family)

0xA1B1C000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xBA3C7000 mv61xx.sys 258048 bytes (Marvell Semiconductor, Inc., Marvell Thor Windows Driver)

0xB8FD5000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 225280 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)

0xBA2EB000 Si3531.sys 221184 bytes (Silicon Image, Inc, SATA Controller miniport driver)

0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 217088 bytes (Intel Corporation, Intel Graphics 2D Driver)

0xBA406000 m5288.sys 212992 bytes (ULi Electronics Inc., ULi SATA Controller Driver)

0xB8EE9000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)

0xF75A8000 ACPI.sys 188416 bytes (?????????? ??????????, ACPI ??????? ??? NT)

0xA2434000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xBA163000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xA274F000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xA2662000 C:\WINDOWS\System32\Drivers\RtsUStor.sys 176128 bytes (Realtek Semiconductor Corp., Realtek USB Mass Storage Driver for 2K/XP/Vista)

0xB900C000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)

0xA27BE000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xBA50C000 fasttx2k.sys 159744 bytes (Promise Technology, Inc., Promise Driver for Windows XP)

0xF74B2000 dmio.sys 155648 bytes (?????????? Microsoft ? VERITAS Software, ??????? ?????/?????? ?????????? ?????? NT)

0xA2264000 C:\WINDOWS\system32\drivers\bdfm.sys 147456 bytes (BitDefender S.R.L. Bucharest, ROMANIA, BitDefender Active Virus Control Filter Driver)

0xBA3A3000 nvgt2.sys 147456 bytes (NVIDIA Corporation, NVIDIA

Link to post
Share on other sites

Hello again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

This is what I got:

ComboFix 10-10-30.09 - Administrator 31.10.2010 10:23:20.1.2 - x86

Microsoft Windows XP Professional [GMT -7:00]

Running from: c:\documents and settings\Administrator\??????? ????\ComboFix.exe

AV: BitDefender Antivirus *On-access scanning disabled* (Updated)

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-31 )))))))))))))))))))))))))))))))

.

2010-10-31 00:04 . 2010-10-31 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-10-31 00:04 . 2010-10-31 01:15 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-10-30 23:38 . 2010-10-31 00:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

2010-10-29 21:26 . 2010-10-29 21:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-10-29 21:26 . 2010-04-29 19:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-29 21:26 . 2010-10-29 21:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-29 21:26 . 2010-10-29 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-10-29 21:26 . 2010-04-29 19:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-29 17:09 . 2010-10-29 17:09 -------- d-----w- c:\program files\VodBurner

2010-10-19 18:56 . 2008-04-15 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-10-19 18:44 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-10-19 18:43 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-10-19 18:42 . 2010-09-10 05:51 66560 -c----w- c:\windows\system32\dllcache\mshtmled.dll

2010-10-19 18:38 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-18 19:23 . 2008-04-15 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2008-04-15 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2008-04-15 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2008-04-15 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-10 05:51 . 2008-04-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:51 . 2008-04-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:51 . 2008-04-15 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-01 11:52 . 2008-04-15 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-09-01 07:57 . 2008-04-15 12:00 1852928 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:03 . 2008-04-15 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:54 . 2008-04-15 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-27 01:43 . 2008-05-05 03:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-26 13:39 . 2008-04-15 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-23 16:12 . 2008-04-15 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-20 18:07 . 2010-08-20 18:07 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys

2010-08-17 13:17 . 2008-04-15 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45 . 2008-04-15 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

.

------- Sigcheck -------

[-] 2008-04-15 . 230DC834A1EB3F3080763685B93FE686 . 577024 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2008-04-15 . 1BD126937C7C01CD5AB064F62646C501 . 2452480 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2010-05-20 . 822E67596B52EA7B3B2B69B534C61F94 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\SfcFiles.dll

[-] 2008-04-15 . E880528ACB65C5E05EE7CF83B08464EA . 37376 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"louderit.exe"="c:\program files\LouderIt\LouderIt.exe" [2008-02-19 41472]

"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-26 136176]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-31 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Process Killer"="c:\program files\Process Killer\prkiller.exe" [2005-07-30 38400]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-28 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-28 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-28 142360]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-05-07 442433]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-20 71152]

"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-03-18 1123360]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 37376]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^??????? ????^?????????^????????????^Punto Switcher.lnk]

backup=c:\windows\pss\Punto Switcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^??????? ????^?????????^????????????^Total Commander.lnk]

backup=c:\windows\pss\Total Commander.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xStarter

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Download Master]

2010-07-01 18:38 3802944 ----a-w- c:\program files\Download Master\dmaster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 11:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-17 17:53 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-05-14 00:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 07:43 248040 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"odserv"=3 (0x3)

"mnmsrvc"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 ahci7xx;SCSI Miniport;c:\windows\system32\drivers\ahci7xx.sys [14.05.2010 12:17 176136]

R0 amdbusdr;System Bus Extender;c:\windows\system32\drivers\amdbusdr.sys [14.05.2010 12:17 29696]

R0 iaStor55;Intel RAID Controller;c:\windows\system32\drivers\iaStor55.sys [14.05.2010 12:17 874240]

R0 iaStor70;Intel AHCI Controller;c:\windows\system32\drivers\iaStor70.sys [14.05.2010 12:17 277784]

R0 iaStorw;Intel AHCI Controller;c:\windows\system32\drivers\iaStorw.sys [14.05.2010 12:17 308248]

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [14.05.2010 12:17 26112]

R0 m5228;SCSI Miniport;c:\windows\system32\drivers\m5228.sys [14.05.2010 12:17 45069]

R0 m5281;SCSI Miniport;c:\windows\system32\drivers\m5281.sys [14.05.2010 12:17 51072]

R0 m5287;SCSI Miniport;c:\windows\system32\drivers\m5287.sys [14.05.2010 12:17 103680]

R0 m5288;SCSI Miniport;c:\windows\system32\drivers\m5288.sys [14.05.2010 12:17 210304]

R0 m5289;SCSI Miniport;c:\windows\system32\drivers\m5289.sys [14.05.2010 12:17 52480]

R0 mv614x;SCSI Miniport;c:\windows\system32\drivers\mv614x.sys [14.05.2010 12:17 34432]

R0 mv61xx;SCSI Miniport;c:\windows\system32\drivers\mv61xx.sys [14.05.2010 12:17 143360]

R0 nvgt2;SCSI Miniport;c:\windows\system32\drivers\nvgt2.sys [14.05.2010 12:17 132096]

R0 nvrd33;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd33.sys [14.05.2010 12:17 125440]

R0 raidsrc;SCSI Miniport;c:\windows\system32\drivers\raidsrc.sys [14.05.2010 12:17 45392]

R0 SI3124;SiI-3124 SATALink Controller;c:\windows\system32\drivers\SI3124.sys [14.05.2010 12:17 81960]

R0 SI3132D;SiI-3132 SATALink Controller;c:\windows\system32\drivers\SI3132D.sys [14.05.2010 12:17 80424]

R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [14.05.2010 12:17 210736]

R0 SiSRaid1;SCSI Miniport;c:\windows\system32\drivers\SiSRaid1.sys [14.05.2010 12:17 46464]

R0 sisraid4;SCSI Miniport;c:\windows\system32\drivers\sisraid4.sys [14.05.2010 12:17 68864]

R0 sisraidx;SCSI Miniport;c:\windows\system32\drivers\sisraidx.sys [14.05.2010 12:17 47616]

R0 viapdsk;VIA ATA/ATAPI Host Controller;c:\windows\system32\drivers\viapdsk.sys [14.05.2010 12:17 29184]

R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [14.05.2010 12:17 17968]

R1 Prio;Prio;c:\windows\system32\drivers\prio.sys [31.03.2008 3:28 34576]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 11:25 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.05.2010 11:41 67656]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [29.10.2010 14:26 304464]

R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [03.02.2010 13:57 153448]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29.10.2010 14:26 20952]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [19.08.2010 14:49 162816]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [19.08.2010 18:20 335104]

S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [19.10.2009 17:06 183880]

S3 NtApm;??????? ?????????? NT Apm/Legacy;c:\windows\system32\drivers\NtApm.sys [14.05.2010 8:03 9472]

S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan

.

Contents of the 'Scheduled Tasks' folder

2010-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-706699826-839522115-1003Core.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 06:04]

2010-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-706699826-839522115-1003UA.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 06:04]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: &??????? ? Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: ???????? ??? ??? ?????? Download Master - c:\program files\Download Master\dmieall.htm

IE: ???????? ??? ?????? Download Master - c:\program files\Download Master\dmie.htm

IE: ???????? ?? ????????? ??????? DM - c:\program files\Download Master\remdown.htm

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1ceyvpys.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

.

------- File Associations -------

.

inifile="c:\program files\AkelPad\AkelPad.exe" "%1"

txtfile="c:\program files\AkelPad\AkelPad.exe" "%1"

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-AppVodBurner - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-10-31 10:30

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)

c:\windows\system32\SETUPAPI.dll

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

c:\windows\system32\COMRes.dll

c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(708)

c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(3496)

c:\windows\system32\SHDOCVW.dll

c:\windows\system32\WININET.dll

c:\windows\system32\COMRes.dll

c:\windows\System32\cscui.dll

c:\program files\LouderIt\LHook.dll

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

c:\windows\system32\MSVCP60.dll

c:\windows\system32\eappprxy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\idt\gatewayxpv_12\wdm\STacSV.exe

c:\windows\system32\agrsmsvc.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\igfxsrvc.exe

c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE

.

**************************************************************************

.

Completion time: 2010-10-31 10:33:56 - machine was rebooted

ComboFix-quarantined-files.txt 2010-10-31 17:33

Pre-Run: 11

Link to post
Share on other sites

So I ran that command. Some screen appeared and disappeared quickly. I couldn't even read what was there. Is that normal?

Then I ran combofix. Last time I forgot to mention that there was an error in the beginning. At stage 1 or 2, I don't remember. The error was "PEV.cfxxe".

Here's the new log:

ComboFix 10-10-30.09 - Administrator 31.10.2010 11:32:00.2.2 - x86

Microsoft Windows XP Professional [GMT -7:00]

Running from: c:\documents and settings\Administrator\??????? ????\ComboFix.exe

AV: BitDefender Antivirus *On-access scanning disabled* (Updated)

.

((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-31 )))))))))))))))))))))))))))))))

.

2010-10-31 00:04 . 2010-10-31 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-10-31 00:04 . 2010-10-31 01:15 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-10-30 23:38 . 2010-10-31 00:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

2010-10-29 21:26 . 2010-10-29 21:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-10-29 21:26 . 2010-04-29 19:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-29 21:26 . 2010-10-29 21:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-29 21:26 . 2010-10-29 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-10-29 21:26 . 2010-04-29 19:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-29 17:09 . 2010-10-29 17:09 -------- d-----w- c:\program files\VodBurner

2010-10-19 18:56 . 2008-04-15 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-10-19 18:44 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-10-19 18:43 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-10-19 18:42 . 2010-09-10 05:51 66560 -c----w- c:\windows\system32\dllcache\mshtmled.dll

2010-10-19 18:38 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-18 19:23 . 2008-04-15 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2008-04-15 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2008-04-15 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2008-04-15 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-10 05:51 . 2008-04-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:51 . 2008-04-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:51 . 2008-04-15 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-01 11:52 . 2008-04-15 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-09-01 07:57 . 2008-04-15 12:00 1852928 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:03 . 2008-04-15 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:54 . 2008-04-15 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-27 01:43 . 2008-05-05 03:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-26 13:39 . 2008-04-15 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-23 16:12 . 2008-04-15 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-20 18:07 . 2010-08-20 18:07 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys

2010-08-17 13:17 . 2008-04-15 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45 . 2008-04-15 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

.

------- Sigcheck -------

[-] 2008-04-15 . 230DC834A1EB3F3080763685B93FE686 . 577024 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2008-04-15 . 1BD126937C7C01CD5AB064F62646C501 . 2452480 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2010-05-20 . 822E67596B52EA7B3B2B69B534C61F94 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\SfcFiles.dll

[-] 2008-04-15 . E880528ACB65C5E05EE7CF83B08464EA . 37376 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

.

((((((((((((((((((((((((((((( SnapShot@2010-10-31_17.30.18 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-15 12:00 . 2010-10-31 17:28 84482 c:\windows\system32\perfc019.dat

+ 2008-04-15 12:00 . 2010-10-31 17:34 84482 c:\windows\system32\perfc019.dat

- 2008-04-15 12:00 . 2010-10-31 17:28 71394 c:\windows\system32\perfc009.dat

+ 2008-04-15 12:00 . 2010-10-31 17:34 71394 c:\windows\system32\perfc009.dat

+ 2008-04-15 12:00 . 2010-10-31 17:34 484908 c:\windows\system32\perfh019.dat

- 2008-04-15 12:00 . 2010-10-31 17:28 484908 c:\windows\system32\perfh019.dat

+ 2008-04-15 12:00 . 2010-10-31 17:34 441458 c:\windows\system32\perfh009.dat

- 2008-04-15 12:00 . 2010-10-31 17:28 441458 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"louderit.exe"="c:\program files\LouderIt\LouderIt.exe" [2008-02-19 41472]

"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-26 136176]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-31 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Process Killer"="c:\program files\Process Killer\prkiller.exe" [2005-07-30 38400]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-28 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-28 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-28 142360]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-05-07 442433]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-20 71152]

"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-03-18 1123360]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 37376]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^??????? ????^?????????^????????????^Punto Switcher.lnk]

backup=c:\windows\pss\Punto Switcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^??????? ????^?????????^????????????^Total Commander.lnk]

backup=c:\windows\pss\Total Commander.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Download Master]

2010-07-01 18:38 3802944 ----a-w- c:\program files\Download Master\dmaster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 11:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-17 17:53 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-05-14 00:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 07:43 248040 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"odserv"=3 (0x3)

"mnmsrvc"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 ahci7xx;SCSI Miniport;c:\windows\system32\drivers\ahci7xx.sys [14.05.2010 12:17 176136]

R0 amdbusdr;System Bus Extender;c:\windows\system32\drivers\amdbusdr.sys [14.05.2010 12:17 29696]

R0 iaStor55;Intel RAID Controller;c:\windows\system32\drivers\iaStor55.sys [14.05.2010 12:17 874240]

R0 iaStor70;Intel AHCI Controller;c:\windows\system32\drivers\iaStor70.sys [14.05.2010 12:17 277784]

R0 iaStorw;Intel AHCI Controller;c:\windows\system32\drivers\iaStorw.sys [14.05.2010 12:17 308248]

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [14.05.2010 12:17 26112]

R0 m5228;SCSI Miniport;c:\windows\system32\drivers\m5228.sys [14.05.2010 12:17 45069]

R0 m5281;SCSI Miniport;c:\windows\system32\drivers\m5281.sys [14.05.2010 12:17 51072]

R0 m5287;SCSI Miniport;c:\windows\system32\drivers\m5287.sys [14.05.2010 12:17 103680]

R0 m5288;SCSI Miniport;c:\windows\system32\drivers\m5288.sys [14.05.2010 12:17 210304]

R0 m5289;SCSI Miniport;c:\windows\system32\drivers\m5289.sys [14.05.2010 12:17 52480]

R0 mv614x;SCSI Miniport;c:\windows\system32\drivers\mv614x.sys [14.05.2010 12:17 34432]

R0 mv61xx;SCSI Miniport;c:\windows\system32\drivers\mv61xx.sys [14.05.2010 12:17 143360]

R0 nvgt2;SCSI Miniport;c:\windows\system32\drivers\nvgt2.sys [14.05.2010 12:17 132096]

R0 nvrd33;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd33.sys [14.05.2010 12:17 125440]

R0 raidsrc;SCSI Miniport;c:\windows\system32\drivers\raidsrc.sys [14.05.2010 12:17 45392]

R0 SI3124;SiI-3124 SATALink Controller;c:\windows\system32\drivers\SI3124.sys [14.05.2010 12:17 81960]

R0 SI3132D;SiI-3132 SATALink Controller;c:\windows\system32\drivers\SI3132D.sys [14.05.2010 12:17 80424]

R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [14.05.2010 12:17 210736]

R0 SiSRaid1;SCSI Miniport;c:\windows\system32\drivers\SiSRaid1.sys [14.05.2010 12:17 46464]

R0 sisraid4;SCSI Miniport;c:\windows\system32\drivers\sisraid4.sys [14.05.2010 12:17 68864]

R0 sisraidx;SCSI Miniport;c:\windows\system32\drivers\sisraidx.sys [14.05.2010 12:17 47616]

R0 viapdsk;VIA ATA/ATAPI Host Controller;c:\windows\system32\drivers\viapdsk.sys [14.05.2010 12:17 29184]

R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [14.05.2010 12:17 17968]

R1 Prio;Prio;c:\windows\system32\drivers\prio.sys [31.03.2008 3:28 34576]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 11:25 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.05.2010 11:41 67656]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [29.10.2010 14:26 304464]

R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [03.02.2010 13:57 153448]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29.10.2010 14:26 20952]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [19.08.2010 14:49 162816]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [19.08.2010 18:20 335104]

S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [19.10.2009 17:06 183880]

S3 NtApm;??????? ?????????? NT Apm/Legacy;c:\windows\system32\drivers\NtApm.sys [14.05.2010 8:03 9472]

S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan

.

Contents of the 'Scheduled Tasks' folder

2010-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-706699826-839522115-1003Core.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 06:04]

2010-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-706699826-839522115-1003UA.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 06:04]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: &??????? ? Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: ???????? ??? ??? ?????? Download Master - c:\program files\Download Master\dmieall.htm

IE: ???????? ??? ?????? Download Master - c:\program files\Download Master\dmie.htm

IE: ???????? ?? ????????? ??????? DM - c:\program files\Download Master\remdown.htm

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1ceyvpys.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff2.dll

FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.6.dll

FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.dll

FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

.

------- File Associations -------

.

inifile="c:\program files\AkelPad\AkelPad.exe" "%1"

txtfile="c:\program files\AkelPad\AkelPad.exe" "%1"

.

**************************************************************************

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)

c:\windows\system32\SETUPAPI.dll

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

c:\windows\system32\COMRes.dll

c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(708)

c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(432)

c:\windows\system32\SHDOCVW.dll

c:\windows\system32\WININET.dll

c:\windows\system32\COMRes.dll

c:\windows\System32\cscui.dll

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

c:\windows\system32\MSVCP60.dll

c:\windows\system32\eappprxy.dll

.

Completion time: 2010-10-31 11:38:01

ComboFix-quarantined-files.txt 2010-10-31 18:37

ComboFix2.txt 2010-10-31 17:33

Pre-Run: 11

Link to post
Share on other sites

The language might sound strange because I have a russianversion of XP and I am translating it with Google Translate.

This is what I got:

Microsoft Windows XP [Version 5.1.2600]

© Microsoft Corporation 1985-2001.

C: \ Documents and Settings \ Administrator> sfc / scannow

Checking files Windows Microsoft ® Windows XP, version 5.1

© 1999-2000 Microsoft Corp. All rights reserved.

Check all protected system files and replace incorrect versions

the correct version.

SFC [/ SCANNOW] [/ SCANONCE] [/ SCANBOOT] [/ REVERT] [/ PURGECACHE] [/ CACHESIZE = x]

/ SCANNOW an immediate check of all protected system files

/ SCANONCE A single test at the next startup

/ SCANBOOT check all protected system files every time you boot

/ REVERT Sets the initial default settings.

/ ENABLE Enable normal operation of the Windows File Protection

/ PURGECACHE Clear file cache, and an immediate check of files

/ CACHESIZE = x Sets the size of the file cache

Link to post
Share on other sites

Hi, there is one other thing we can try:

Download service pack 3 for XP: http://www.microsoft.com/downloads/en/deta...;displaylang=en

If you have no archive extracter, download and install 7zip from here

Right click on the downloaded service pack 3 file and select 7zip > Extract Files...

Extract the files to a folder on your desktop.

When done, look for the following files in the folder:

user32.dl_

explorer.ex_

SfcFiles.dl_

If they are there, post back here and let me know how the folder is called and where it is located.

Link to post
Share on other sites

Hi, please click Start > Run, type notepad and press enter.

Copy/paste the following text into Notepad and save it as expand.bat to your desktop.

@echo off
expand "C:\Documents and Settings\Administrator\??????? ????\i386\explorer.ex_" c:\windows\system32\dllcache\explorer.exe
expand "C:\Documents and Settings\Administrator\??????? ????\i386\user32.dl_" c:\windows\system32\dllcache\user32.dll
expand "C:\Documents and Settings\Administrator\??????? ????\i386\sfcfiles.dl_" c:\windows\system32\dllcache\sfcfiles.dll

Exit notepad and doubleclick on expand.bat to run it.

When done, rerun Combofix. With a bit of luck it should recognize the files and put them in the right place.

Link to post
Share on other sites

When I ran expand.bat, it shows blank black screen with the heading c:\WINDOWS\system32\cmd.exe

Then I ran combofix and got this:

ComboFix 10-11-07.A2 - Administrator 08.11.2010 9:33.3.2 - x86

Microsoft Windows XP Professional [GMT -8:00]

Running from: c:\documents and settings\Administrator\??????? ????\ComboFix.exe

AV: BitDefender Antivirus *On-access scanning disabled* (Updated)

.

((((((((((((((((((((((((( Files Created from 2010-10-08 to 2010-11-08 )))))))))))))))))))))))))))))))

.

2010-11-06 19:37 . 2003-03-24 23:52 102509 -c--a-w- c:\windows\system32\dllcache\fp4atxt.dll

2010-11-06 19:37 . 2003-03-24 23:52 49210 -c--a-w- c:\windows\system32\dllcache\fp4areg.dll

2010-11-06 19:36 . 2003-03-24 23:52 188480 -c--a-w- c:\windows\system32\dllcache\cfgwiz.exe

2010-11-06 19:36 . 2003-03-24 23:52 16439 -c--a-w- c:\windows\system32\dllcache\author.exe

2010-11-06 19:36 . 2003-03-24 23:52 20540 -c--a-w- c:\windows\system32\dllcache\author.dll

2010-11-06 19:34 . 2003-03-24 23:52 16439 -c--a-w- c:\windows\system32\dllcache\admin.exe

2010-11-06 19:33 . 2003-03-24 23:52 20540 -c--a-w- c:\windows\system32\dllcache\admin.dll

2010-10-31 00:04 . 2010-10-31 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-10-31 00:04 . 2010-10-31 01:15 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-10-30 23:38 . 2010-10-31 00:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

2010-10-29 21:26 . 2010-10-29 21:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-10-29 21:26 . 2010-04-29 19:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-29 21:26 . 2010-10-29 21:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-29 21:26 . 2010-10-29 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-10-29 21:26 . 2010-04-29 19:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-29 17:09 . 2010-10-29 17:09 -------- d-----w- c:\program files\VodBurner

2010-10-19 18:56 . 2008-04-15 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-10-19 18:44 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-10-19 18:43 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-10-19 18:42 . 2010-09-10 05:51 66560 -c----w- c:\windows\system32\dllcache\mshtmled.dll

2010-10-19 18:38 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-18 19:23 . 2008-04-15 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2008-04-15 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2008-04-15 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2008-04-15 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-10 05:51 . 2008-04-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:51 . 2008-04-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:51 . 2008-04-15 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-01 11:52 . 2008-04-15 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-09-01 07:57 . 2008-04-15 12:00 1852928 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:03 . 2008-04-15 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:54 . 2008-04-15 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-27 01:43 . 2008-05-05 03:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-26 13:39 . 2008-04-15 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-23 16:12 . 2008-04-15 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-20 18:07 . 2010-08-20 18:07 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys

2010-08-17 13:17 . 2008-04-15 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45 . 2008-04-15 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

.

------- Sigcheck -------

[-] 2008-04-15 . 230DC834A1EB3F3080763685B93FE686 . 577024 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2008-04-15 . 1BD126937C7C01CD5AB064F62646C501 . 2452480 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2010-05-20 . 822E67596B52EA7B3B2B69B534C61F94 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\SfcFiles.dll

[-] 2008-04-15 . E880528ACB65C5E05EE7CF83B08464EA . 37376 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

.

((((((((((((((((((((((((((((( SnapShot@2010-10-31_17.30.18 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-04-15 12:00 . 2010-11-08 17:07 84482 c:\windows\system32\perfc019.dat

- 2008-04-15 12:00 . 2010-10-31 17:28 84482 c:\windows\system32\perfc019.dat

- 2008-04-15 12:00 . 2010-10-31 17:28 71394 c:\windows\system32\perfc009.dat

+ 2008-04-15 12:00 . 2010-11-08 17:07 71394 c:\windows\system32\perfc009.dat

+ 2008-04-15 12:00 . 2008-04-15 12:00 19456 c:\windows\system32\dllcache\dimsntfy.dll

+ 2008-04-15 12:00 . 2008-04-15 12:00 62464 c:\windows\system32\dllcache\cryptsvc.dll

+ 2008-04-15 12:00 . 2008-04-15 12:00 64512 c:\windows\system32\dllcache\cryptnet.dll

+ 2008-04-15 12:00 . 2008-04-15 12:00 54272 c:\windows\system32\dllcache\cryptext.dll

+ 2008-04-15 12:00 . 2008-04-15 12:00 33280 c:\windows\system32\dllcache\cryptdll.dll

+ 2008-04-15 12:00 . 2008-04-15 12:00 16896 c:\windows\system32\dllcache\cfgmgr32.dll

- 2008-04-15 12:00 . 2010-10-31 17:28 484908 c:\windows\system32\perfh019.dat

+ 2008-04-15 12:00 . 2010-11-08 17:07 484908 c:\windows\system32\perfh019.dat

- 2008-04-15 12:00 . 2010-10-31 17:28 441458 c:\windows\system32\perfh009.dat

+ 2008-04-15 12:00 . 2010-11-08 17:07 441458 c:\windows\system32\perfh009.dat

+ 2008-04-15 12:00 . 2008-04-15 12:00 143744 c:\windows\system32\dllcache\fastfat.sys

+ 2008-04-15 12:00 . 2008-04-15 12:00 138752 c:\windows\system32\dllcache\dssenh.dll

+ 2008-04-15 12:00 . 2008-04-15 12:00 602112 c:\windows\system32\dllcache\crypt32.dll

+ 2008-04-15 12:00 . 2008-04-15 12:00 125952 c:\windows\system32\dllcache\apphelp.dll

+ 2008-04-15 12:00 . 2008-04-15 12:00 116224 c:\windows\system32\dllcache\acxtrnal.dll

+ 2008-04-15 12:00 . 2008-04-15 12:00 245248 c:\windows\system32\dllcache\acspecfc.dll

+ 2008-04-15 12:00 . 2009-11-21 16:03 471552 c:\windows\system32\dllcache\aclayers.dll

+ 2010-05-14 11:10 . 2008-04-15 12:00 136192 c:\windows\system32\dllcache\aaclient.dll

+ 2008-04-15 12:00 . 2008-04-15 12:00 1852928 c:\windows\system32\dllcache\acgenral.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"louderit.exe"="c:\program files\LouderIt\LouderIt.exe" [2008-02-19 41472]

"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-26 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Process Killer"="c:\program files\Process Killer\prkiller.exe" [2005-07-30 38400]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-28 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-28 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-28 142360]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-05-07 442433]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-20 71152]

"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-03-18 1123360]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 37376]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^??????? ????^?????????^????????????^Punto Switcher.lnk]

backup=c:\windows\pss\Punto Switcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^??????? ????^?????????^????????????^Total Commander.lnk]

backup=c:\windows\pss\Total Commander.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Download Master]

2010-07-01 18:38 3802944 ----a-w- c:\program files\Download Master\dmaster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 11:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-17 17:53 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-05-14 00:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 07:43 248040 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"odserv"=3 (0x3)

"mnmsrvc"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 ahci7xx;SCSI Miniport;c:\windows\system32\drivers\ahci7xx.sys [14.05.2010 11:17 176136]

R0 amdbusdr;System Bus Extender;c:\windows\system32\drivers\amdbusdr.sys [14.05.2010 11:17 29696]

R0 iaStor55;Intel RAID Controller;c:\windows\system32\drivers\iaStor55.sys [14.05.2010 11:17 874240]

R0 iaStor70;Intel AHCI Controller;c:\windows\system32\drivers\iaStor70.sys [14.05.2010 11:17 277784]

R0 iaStorw;Intel AHCI Controller;c:\windows\system32\drivers\iaStorw.sys [14.05.2010 11:17 308248]

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [14.05.2010 11:17 26112]

R0 m5228;SCSI Miniport;c:\windows\system32\drivers\m5228.sys [14.05.2010 11:17 45069]

R0 m5281;SCSI Miniport;c:\windows\system32\drivers\m5281.sys [14.05.2010 11:17 51072]

R0 m5287;SCSI Miniport;c:\windows\system32\drivers\m5287.sys [14.05.2010 11:17 103680]

R0 m5288;SCSI Miniport;c:\windows\system32\drivers\m5288.sys [14.05.2010 11:17 210304]

R0 m5289;SCSI Miniport;c:\windows\system32\drivers\m5289.sys [14.05.2010 11:17 52480]

R0 mv614x;SCSI Miniport;c:\windows\system32\drivers\mv614x.sys [14.05.2010 11:17 34432]

R0 mv61xx;SCSI Miniport;c:\windows\system32\drivers\mv61xx.sys [14.05.2010 11:17 143360]

R0 nvgt2;SCSI Miniport;c:\windows\system32\drivers\nvgt2.sys [14.05.2010 11:17 132096]

R0 nvrd33;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd33.sys [14.05.2010 11:17 125440]

R0 raidsrc;SCSI Miniport;c:\windows\system32\drivers\raidsrc.sys [14.05.2010 11:17 45392]

R0 SI3124;SiI-3124 SATALink Controller;c:\windows\system32\drivers\SI3124.sys [14.05.2010 11:17 81960]

R0 SI3132D;SiI-3132 SATALink Controller;c:\windows\system32\drivers\SI3132D.sys [14.05.2010 11:17 80424]

R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [14.05.2010 11:17 210736]

R0 SiSRaid1;SCSI Miniport;c:\windows\system32\drivers\SiSRaid1.sys [14.05.2010 11:17 46464]

R0 sisraid4;SCSI Miniport;c:\windows\system32\drivers\sisraid4.sys [14.05.2010 11:17 68864]

R0 sisraidx;SCSI Miniport;c:\windows\system32\drivers\sisraidx.sys [14.05.2010 11:17 47616]

R0 viapdsk;VIA ATA/ATAPI Host Controller;c:\windows\system32\drivers\viapdsk.sys [14.05.2010 11:17 29184]

R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [14.05.2010 11:17 17968]

R1 Prio;Prio;c:\windows\system32\drivers\prio.sys [31.03.2008 2:28 34576]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 10:25 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.05.2010 10:41 67656]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [29.10.2010 13:26 304464]

R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [03.02.2010 12:57 153448]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29.10.2010 13:26 20952]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [19.08.2010 13:49 162816]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [19.08.2010 17:20 335104]

S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [19.10.2009 16:06 183880]

S3 NtApm;??????? ?????????? NT Apm/Legacy;c:\windows\system32\drivers\NtApm.sys [14.05.2010 7:03 9472]

S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan

.

Contents of the 'Scheduled Tasks' folder

2010-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-706699826-839522115-1003Core.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 06:04]

2010-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-706699826-839522115-1003UA.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 06:04]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: &??????? ? Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: ???????? ??? ??? ?????? Download Master - c:\program files\Download Master\dmieall.htm

IE: ???????? ??? ?????? Download Master - c:\program files\Download Master\dmie.htm

IE: ???????? ?? ????????? ??????? DM - c:\program files\Download Master\remdown.htm

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1ceyvpys.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff2.dll

FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.6.dll

FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.dll

FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

.

------- File Associations -------

.

inifile="c:\program files\AkelPad\AkelPad.exe" "%1"

txtfile="c:\program files\AkelPad\AkelPad.exe" "%1"

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-08 09:39

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)

c:\windows\system32\SETUPAPI.dll

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

c:\windows\system32\COMRes.dll

c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(708)

c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(3560)

c:\windows\system32\SHDOCVW.dll

c:\windows\system32\WININET.dll

c:\windows\system32\COMRes.dll

c:\windows\System32\cscui.dll

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

c:\windows\system32\MSVCP60.dll

c:\windows\system32\eappprxy.dll

.

Completion time: 2010-11-08 09:41:38

ComboFix-quarantined-files.txt 2010-11-08 17:41

ComboFix2.txt 2010-10-31 18:38

ComboFix3.txt 2010-10-31 17:33

Pre-Run: 10

Link to post
Share on other sites

Please do the following:

Click Start > Run, type cmd and press enter.

Copy/paste each of the following lines at the command prompt and press enter (you can paste at the command prompt by right clicking > Paste).

copy "C:\Documents and Settings\Administrator\??????? ????\i386\explorer.ex_" c:\windows\system32\dllcache\explorer.exe

copy "C:\Documents and Settings\Administrator\??????? ????\i386\user32.dl_" c:\windows\system32\dllcache\user32.dll

copy "C:\Documents and Settings\Administrator\??????? ????\i386\sfcfiles.dl_" c:\windows\system32\dllcache\sfcfiles.dll

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.