vflores Posted January 29, 2011 ID:381181 Share Posted January 29, 2011 I have on my computer Superantispyware and Malwarebytes running. I uploaded Malwarebytes because was unable to remove infection. After a few attempts I was able to successfully uploaded Malwarebytes and run it. The software did an awesome job and eliminated almost everything that was plaguing my computer. Now what I have left are balloon notifications: Malwarebytes anti malware Successfully blocked accesses to a potentially malicious website(then one of following websites would pop up: 194.60.205.22; 89.187.53.53; 91.212.226.5; 94.228.209.216; 94.228.209.213; 91.193.194.138; 91.193.194.137; 91.193.194.136; 91.193.194.9; 212.117.177.13; 91.212.226.5 or 91.212.226.179. then saying type: out going. Today I ran DeFogger, DDS, and Gemer See attachments. I would like eliminate the rest of these viruses. Link to post Share on other sites More sharing options...
Staff screen317 Posted January 30, 2011 Staff ID:381403 Share Posted January 30, 2011 Hi and welcome to Malwarebytes.Please post all logs directly into your reply instead of attaching them.Update MBAM, run a Quick Scan, and post its log.Next, download DDS by sUBs and save it to your Desktop.Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post DDS.txt directly into your reply. Link to post Share on other sites More sharing options...
vflores Posted January 30, 2011 Author ID:381480 Share Posted January 30, 2011 ok here is the art.txt: GMER 1.0.15.15530 - http://www.gmer.netRootkit scan 2011-01-29 12:32:31Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 Maxtor_4A250J0 rev.RAMB1TU0Running: xjs7dhix.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uxtdrpob.sys---- System - GMER 1.0.15 ----SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEB975620]---- Kernel code sections - GMER 1.0.15 ----? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !---- User code sections - GMER 1.0.15 ----.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A9000A .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00AA000A .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A8000C .text C:\WINDOWS\System32\svchost.exe[1124] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 01AE000A .text C:\WINDOWS\System32\svchost.exe[1124] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00F5000A .text C:\WINDOWS\Explorer.EXE[3536] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E2000A .text C:\WINDOWS\Explorer.EXE[3536] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E3000A .text C:\WINDOWS\Explorer.EXE[3536] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E1000C ---- Devices - GMER 1.0.15 ----Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T1L0-17 8772439BDevice \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8772439BDevice \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8772439BDevice \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-f 8772439BAttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskMaxtor_4A250J0__________________________RAMB1TU0#38413830585a4539202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found---- Registry - GMER 1.0.15 ----Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Photosmart C4700 series@ChangeID 4069484---- Disk sectors - GMER 1.0.15 ----Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; ---- EOF - GMER 1.0.15 ----And here is the Attach.txtUNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_10-12-12.02)Microsoft Windows XP Home EditionBoot Device: \Device\HarddiskVolume1Install Date: 7/11/2005 12:21:00 PMSystem Uptime: 1/29/2011 11:14:08 AM (0 hours ago)Motherboard: ASUSTeK Computer INC. | | P4S533VLProcessor: Intel® Pentium® 4 CPU 3.06GHz | PGA 478 | 3059/133mhz==== Disk Partitions =========================A: is RemovableC: is FIXED (NTFS) - 234 GiB total, 185.955 GiB free.D: is RemovableE: is CDROM ()F: is CDROM ()==== Disabled Device Manager Items =============Class GUID: Description: Device ID: ROOT\LEGACY_WINIO\0000Manufacturer: Name: PNP Device ID: ROOT\LEGACY_WINIO\0000Service: Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}Description: Photosmart C4700 seriesDevice ID: ROOT\MULTIFUNCTION\0000Manufacturer: HPName: Photosmart C4700 seriesPNP Device ID: ROOT\MULTIFUNCTION\0000Service: ==== System Restore Points ======================= Installed Programs ======================32 Bit HP CIO Components InstallerAcrobat.comAd-AwareAdobe Acrobat 4.0Adobe Acrobat 5.0Adobe AIRAdobe Download ManagerAdobe Flash Player 10 ActiveXAdobe Flash Player 10 PluginAdobe Photoshop ElementsAdobe Reader 9.4.1Adobe Shockwave Player 11.5Adobe SVG ViewerAgere Systems AC'97 ModemApple Software UpdateBatch UpdateBible Data Type System FilesBufferChmC4700Canon Camera Access LibraryCanon Camera Support Core LibraryCanon Camera Window DC_DV 5 for ZoomBrowser EXCanon Camera Window DC_DV 6 for ZoomBrowser EXCanon Camera Window MC 6 for ZoomBrowser EXCanon G.726 WMP-DecoderCanon MovieEdit Task for ZoomBrowser EXCanon PhotoRecordCanon RAW Image Task for ZoomBrowser EXCanon RemoteCapture Task for ZoomBrowser EXCanon Utilities EOS UtilityCanon Utilities PhotoStitchCanon Utilities ZoomBrowser EXClause VisualizerClick to DVD 1.1Common System FilesCompact Wireless-G USB AdapterCreative DriverCritical Update for Windows Media Player 11 (KB959772)DestinationsDeviceDiscoveryDVD CreationDVgateExperience VAIOGoogle Toolbar for Internet ExplorerGPBaseService2Graphical Query EditorHelp and SupportHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Internet Explorer 7 (KB947864)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)HP Customer Participation Program 13.0hp deskjet 940c seriesHP Imaging Device Functions 13.0HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6HP Print Projects 1.0HP Smart Web Printing 4.60HP Solution Center 13.0HP UpdatehpPrintProjectsHPProductAssistantHPSSupplyhpWLPGInstallerImageStation TourInterActual PlayerISScriptJava 6 Update 17JumpStart Advanced PreschoolJumpStart Advanced School TimeJumpStart Art for FunJumpStart LanguagesJumpStart PhonicsJumpStart SpellingLearn Excel 2007 Essential Skills with The Smart Method Vsn 1.0Libronix Digital Library SystemLibronix DLS ApplicationLibronix DLS ShortcutsLibronixUpdateLLS Resource DriverMacromedia Shockwave PlayerMalwarebytes' Anti-MalwareMarketResearchMastering Middle School 2009Math Blaster Ages 4-6MediaMonkey 3.2Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2416447)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft AntimalwareMicrosoft Application Error ReportingMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Internationalized Domain Names Mitigation APIsMicrosoft Kernel-Mode Driver Framework Feature Pack 1.7Microsoft Learning and Research Plus Support FilesMicrosoft National Language Support Downlevel APIsMicrosoft Office Professional Edition 2003Microsoft Picture It! Express 7.0Microsoft Security EssentialsMicrosoft User-Mode Driver Framework Feature Pack 1.7Microsoft Visual C RuntimeMicrosoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft WinUsb 1.0Minute Menu KidsMoodLogicMovieShaker 3.3Mozilla Firefox (3.6.13)MSN Internet SoftwareMSN Messenger 5.0MSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Music Visualizer Library 1.4.00NetworkNetwork Smart CaptureNovacomdNVIDIA Windows 2000/XP Display DriversOEB Resource DriverOpenMG Limited Patch 3.1-02-10-22-01OpenMG Limited Patch 3.1-02-10-23-01OpenMG Secure Module 3.1PDF Resource DriverPdf995PdfEdit995PerSonoCallPicoPlayerPicoPlayer DemoPicoPlayerSplashScreenPictureGear Studio 1.0PowerDVDPrint Server DriverPS_AIO_06_C4700_SW_MinQuicken 2005QuickTimeRealPlayerRealProducer Basic 8.5Rhapsody Player EngineRosetta Stone 2.1.3.0ASBC Yahoo! DSL Home Networking InstallerScanScreenblast ACID 2.0aScreenblast Sound Forge 1.0bSecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)Security Update for Microsoft .NET Framework 4 Extended (KB2416472)Security Update for Step By Step Interactive Training (KB898458)Security Update for Step By Step Interactive Training (KB923723)Security Update for Windows Internet Explorer 7 (KB2183461)Security Update for Windows Internet Explorer 7 (KB2360131)Security Update for Windows Internet Explorer 7 (KB2416400)Security Update for Windows Internet Explorer 7 (KB928090)Security Update for Windows Internet Explorer 7 (KB929969)Security Update for Windows Internet Explorer 7 (KB931768)Security Update for Windows Internet Explorer 7 (KB933566)Security Update for Windows Internet Explorer 7 (KB937143)Security Update for Windows Internet Explorer 7 (KB938127)Security Update for Windows Internet Explorer 7 (KB939653)Security Update for Windows Internet Explorer 7 (KB942615)Security Update for Windows Internet Explorer 7 (KB944533)Security Update for Windows Internet Explorer 7 (KB950759)Security Update for Windows Internet Explorer 7 (KB953838)Security Update for Windows Internet Explorer 7 (KB956390)Security Update for Windows Internet Explorer 7 (KB958215)Security Update for Windows Internet Explorer 7 (KB960714)Security Update for Windows Internet Explorer 7 (KB961260)Security Update for Windows Internet Explorer 7 (KB963027)Security Update for Windows Internet Explorer 7 (KB969897)Security Update for Windows Internet Explorer 7 (KB972260)Security Update for Windows Internet Explorer 7 (KB974455)Security Update for Windows Internet Explorer 7 (KB976325)Security Update for Windows Internet Explorer 7 (KB978207)Security Update for Windows Internet Explorer 7 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 10 (KB911565)Security Update for Windows Media Player 10 (KB917734)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows Media Player 6.4 (KB925398)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB938464-v2)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951376)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB953839)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956391)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957095)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958690)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960715)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961373)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969898)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB971961)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977165)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981349)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)Sentence DiagrammingShockwaveShop for HP SuppliesSignature995SiS Compatible VGA V2.09sSmartWebPrintingSolutionCenterSonicStage 1.5.05Sony Certificate PCHSony DV Shared LibrarySony on Yahoo! EssentialsSpelling Dictionaries Support For Adobe Reader 9StatusSUPERAntiSpyware ProfessionalSupport Actions WinXPSupportComPatchTestSim BiEdSupplementalthe sample files needed for the courseTimeBridge Connector for Outlook v1.19.236.14405ToolboxTrayAppUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Windows Internet Explorer 7 (KB976749)Update for Windows Internet Explorer 7 (KB980182)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB951072-v2)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB955839)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)URGEVAIO Action SetupVAIO Media 2.0VAIO Media Installer 2.0VAIO Media Music Server 2.0VAIO Media Photo Server 2.0VAIO Media Platform 2.0VAIO RegistrationVAIO Serenus WallpaperVAIO SupportVAIO Survey StandaloneVAIO System InformationVERITAS RecordNowVERITAS RecordNow Update ManagerVideo Resource DriverWebFldrs XPWebRegWindows Driver Package - Palm (WinUSB) Palm Devices (11/30/2008 1.0.0)Windows Genuine Advantage Notifications (KB905474)Windows Genuine Advantage Validation Tool (KB892130)Windows Internet Explorer 7Windows Media Format 11 runtimeWindows Media Player 11Windows XP Service Pack 3WordPerfect Office 2002Yahoo! Install ManagerZ 39.50 Library==== End Of File ===========================and here is the DDS.txtDDS (Ver_10-12-12.02) - NTFSx86 Run by Owner at 11:27:18.28 on Sat 01/29/2011Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.407 [GMT -6:00]AV: Microsoft Security Essentials *Enabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\WINDOWS\system32\svchost.exe -k HPServiceC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\Program Files\Palm, Inc\novacom\x86\novacomd.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\System32\svchost.exe -k imgsvcC:\Program Files\Sony\VAIO Media Music Server\SSSvr.exeC:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exeC:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exeC:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exeC:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exeC:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exeC:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Documents and Settings\Owner\Application Data\TimeBridge\TimeBridge Connector for Outlook\TimeBridgeConnectorForOutlook.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exeC:\Documents and Settings\Owner\Desktop\Defogger.exeC:\Documents and Settings\Owner\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.foxnews.comuInternet Settings,ProxyOverride = <local>BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dllBHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No FileTB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No FileTB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No FileuRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgrounduRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [TimeBridge Connector for Outlook] "c:\documents and settings\owner\application data\timebridge\timebridge connector for outlook\TimeBridgeConnectorForOutlook.exe"uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exemRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [CTHelper] CTHELPER.EXEmRun: [QuickFinder Scheduler] "c:\program files\corel\wordperfect office 2002\programs\QFSCHD100.EXE"mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exemRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exemRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [<NO NAME>] mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kmRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraydRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tdRunOnce: [setDefaultMidi] MIDIDEF.EXEdRunOnce: [RunNarrator] Narrator.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLLIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllDPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cabDPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cabDPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cabDPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dllDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121112359438DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121112210891DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cabDPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cabDPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: {7232894C-42A4-46E4-AD01-065D229B1951} = 4.2.2.1TCP: {CA0154F2-AAEC-4920-AAEF-074E988571A0} = 4.2.2.1 209.18.47.61 209.18.47.62Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dllHandler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dllNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dllAppInit_DLLs: c:\windows\system32\kbdsock.dll pinofivu.dll c:\windows\system32\zilolilo.dll robenala.dll c:\windows\system32\yijazowi.dll c:\windows\system32\yawiziga.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLLLSA: Notification Packages = scecli vuseyiju.dll vagazodi.dll================= FIREFOX ===================FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z1zp1glf.default\FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.comFF - prefs.js: network.proxy.type - 4FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dllFF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dllFF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dllFF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ffFF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtensionFF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}============= SERVICES / DRIVERS ===============R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]R1 MpKsl40b013de;MpKsl40b013de;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bc470090-3f26-466a-968f-7ae61cba369f}\MpKsl40b013de.sys [2011-1-29 28752]R1 MpKsl95b7b5e2;MpKsl95b7b5e2;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bc470090-3f26-466a-968f-7ae61cba369f}\MpKsl95b7b5e2.sys [2011-1-29 28752]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 67656]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-28 20952]S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]S1 MpKsl0ee91ba2;MpKsl0ee91ba2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{61c3958e-3650-4372-bf45-b27dff0d303b}\mpksl0ee91ba2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{61c3958e-3650-4372-bf45-b27dff0d303b}\MpKsl0ee91ba2.sys [?]S1 MpKsl3177900d;MpKsl3177900d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{61c3958e-3650-4372-bf45-b27dff0d303b}\mpksl3177900d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{61c3958e-3650-4372-bf45-b27dff0d303b}\MpKsl3177900d.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [2006-12-29 247808]S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]=============== Created Last 30 ================2011-01-29 17:15:11 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{bc470090-3f26-466a-968f-7ae61cba369f}\MpKsl95b7b5e2.sys2011-01-29 16:30:07 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{bc470090-3f26-466a-968f-7ae61cba369f}\MpKsl40b013de.sys2011-01-29 06:07:14 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{bc470090-3f26-466a-968f-7ae61cba369f}\MpKsld7c1a929.sys2011-01-29 04:16:23 5890896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{bc470090-3f26-466a-968f-7ae61cba369f}\mpengine.dll2011-01-28 23:53:15 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes2011-01-28 23:52:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-01-28 23:52:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes2011-01-28 23:52:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2011-01-28 23:52:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-01-27 22:40:10 1409 ----a-w- c:\windows\QTFont.for2011-01-24 05:39:49 0 ----a-w- c:\windows\Rfusi.bin2011-01-24 05:39:48 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\{CAE38E14-5CD8-4698-9978-9420F7C3CDF5}2011-01-24 05:37:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\gBkJmDg00000==================== Find3M ====================2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll2010-11-09 14:28:41 49 ----a-w- c:\windows\wpd99.drv2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll2010-11-06 00:34:11 78336 ----a-w- c:\windows\system32\ieencode.dll2010-11-06 00:34:11 1830912 ----a-w- c:\windows\system32\inetcpl.cpl2010-11-06 00:34:11 17408 ----a-w- c:\windows\system32\corpol.dll2010-11-03 12:25:53 389120 ----a-w- c:\windows\system32\html.iec=================== ROOTKIT ====================Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.netWindows 5.1.2600 Disk: Maxtor_4A250J0 rev.RAMB1TU0 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3device: opened successfullyuser: MBR read successfullyDisk trace:called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x87724555]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8772a7b0]; MOV EAX, [0x8772a82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8776EAB8]3 CLASSPNP[0xF778EFD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000074[0x877739E8]5 ACPI[0xF76E5620] -> nt!IofCallDriver[0x804E13B9] -> [0x87759940]\Driver\atapi[0x877A61D8] -> IRP_MJ_CREATE -> 0x87724555kernel: MBR read successfully_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }detected disk devices:\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskMaxtor_4A250J0__________________________RAMB1TU0#38413830585a4539202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not founddetected hooks:\Driver\atapi DriverStartIo -> 0x8772439Buser & kernel MBR OK Warning: possible TDL3 rootkit infection !============= FINISH: 11:41:39.48 =============== Link to post Share on other sites More sharing options...
vflores Posted January 31, 2011 Author ID:382039 Share Posted January 31, 2011 so is there no way to remove malicious hijacks? Link to post Share on other sites More sharing options...
Staff screen317 Posted February 1, 2011 Staff ID:382449 Share Posted February 1, 2011 Hi,My apologies for the delay.Download the file TDSSKiller.zip and extract it into a folder on the infected PC.Execute the file TDSSKiller.exe by double-clicking on it.Wait for the scan and disinfection process to be over.When its work is over, the utility prompts for a reboot to complete the disinfection.By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).The log is like UtilityName.Version_Date_Time_log.txt.for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.Please post that log here. Link to post Share on other sites More sharing options...
vflores Posted February 1, 2011 Author ID:382659 Share Posted February 1, 2011 Hi,My apologies for the delay.Download the file TDSSKiller.zip and extract it into a folder on the infected PC.Execute the file TDSSKiller.exe by double-clicking on it.Wait for the scan and disinfection process to be over.When its work is over, the utility prompts for a reboot to complete the disinfection.By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).The log is like UtilityName.Version_Date_Time_log.txt.for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.Please post that log here.2011/02/01 10:44:01.0406 2240 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:032011/02/01 10:44:01.0906 2240 ================================================================================2011/02/01 10:44:01.0906 2240 SystemInfo:2011/02/01 10:44:01.0906 2240 2011/02/01 10:44:01.0906 2240 OS Version: 5.1.2600 ServicePack: 3.02011/02/01 10:44:01.0906 2240 Product type: Workstation2011/02/01 10:44:01.0906 2240 ComputerName: AMADA2011/02/01 10:44:01.0906 2240 UserName: Owner2011/02/01 10:44:01.0906 2240 Windows directory: C:\WINDOWS2011/02/01 10:44:01.0906 2240 System windows directory: C:\WINDOWS2011/02/01 10:44:01.0906 2240 Processor architecture: Intel x862011/02/01 10:44:01.0906 2240 Number of processors: 22011/02/01 10:44:01.0906 2240 Page size: 0x10002011/02/01 10:44:01.0906 2240 Boot type: Normal boot2011/02/01 10:44:01.0906 2240 ================================================================================2011/02/01 10:44:03.0015 2240 Initialize success2011/02/01 10:44:08.0484 3964 ================================================================================2011/02/01 10:44:08.0484 3964 Scan started2011/02/01 10:44:08.0484 3964 Mode: Manual; 2011/02/01 10:44:08.0484 3964 ================================================================================2011/02/01 10:44:09.0859 3964 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys2011/02/01 10:44:09.0984 3964 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys2011/02/01 10:44:10.0203 3964 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys2011/02/01 10:44:10.0359 3964 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys2011/02/01 10:44:10.0578 3964 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys2011/02/01 10:44:10.0828 3964 AgereSoftModem (ed5c8b22de2021339a7c7fccfe5c5d7e) C:\WINDOWS\system32\DRIVERS\AGRSM.sys2011/02/01 10:44:11.0375 3964 AIRPLUS (8b9ccded592a52e9c27e862f11a29c4d) C:\WINDOWS\system32\DRIVERS\airplus.sys2011/02/01 10:44:11.0718 3964 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys2011/02/01 10:44:12.0250 3964 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys2011/02/01 10:44:12.0328 3964 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys2011/02/01 10:44:12.0531 3964 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys2011/02/01 10:44:12.0750 3964 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys2011/02/01 10:44:12.0890 3964 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS2011/02/01 10:44:13.0062 3964 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys2011/02/01 10:44:13.0234 3964 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys2011/02/01 10:44:13.0375 3964 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys2011/02/01 10:44:13.0562 3964 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys2011/02/01 10:44:13.0671 3964 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys2011/02/01 10:44:13.0875 3964 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys2011/02/01 10:44:14.0390 3964 ctac32k (c2eae43e39fd5b0908819bfb81f19d85) C:\WINDOWS\system32\drivers\ctac32k.sys2011/02/01 10:44:14.0531 3964 ctaud2k (19a6ca6f8f5fee718996bd0d756d0582) C:\WINDOWS\system32\drivers\ctaud2k.sys2011/02/01 10:44:14.0734 3964 ctprxy2k (76f7f27e2df96daa0c9b91942ab43893) C:\WINDOWS\system32\drivers\ctprxy2k.sys2011/02/01 10:44:14.0890 3964 ctsfm2k (96ab6fd19e28e74b89a55c98d5d22291) C:\WINDOWS\system32\drivers\ctsfm2k.sys2011/02/01 10:44:15.0218 3964 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys2011/02/01 10:44:15.0406 3964 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys2011/02/01 10:44:15.0609 3964 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys2011/02/01 10:44:15.0781 3964 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys2011/02/01 10:44:16.0125 3964 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys2011/02/01 10:44:16.0296 3964 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys2011/02/01 10:44:16.0562 3964 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys2011/02/01 10:44:16.0718 3964 emupia (8955251ce7cc14913693165fb25a155f) C:\WINDOWS\system32\drivers\emupia2k.sys2011/02/01 10:44:16.0921 3964 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys2011/02/01 10:44:17.0031 3964 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys2011/02/01 10:44:17.0203 3964 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys2011/02/01 10:44:17.0312 3964 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys2011/02/01 10:44:17.0546 3964 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys2011/02/01 10:44:17.0703 3964 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys2011/02/01 10:44:17.0812 3964 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys2011/02/01 10:44:17.0968 3964 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys2011/02/01 10:44:18.0078 3964 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys2011/02/01 10:44:18.0234 3964 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS2011/02/01 10:44:18.0453 3964 ha10kx2k (5295ee59854289800320eab6c6464147) C:\WINDOWS\system32\drivers\ha10kx2k.sys2011/02/01 10:44:18.0671 3964 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys2011/02/01 10:44:18.0937 3964 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys2011/02/01 10:44:19.0078 3964 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys2011/02/01 10:44:19.0203 3964 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys2011/02/01 10:44:19.0421 3964 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys2011/02/01 10:44:19.0796 3964 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys2011/02/01 10:44:19.0890 3964 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys2011/02/01 10:44:20.0218 3964 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys2011/02/01 10:44:20.0343 3964 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys2011/02/01 10:44:20.0468 3964 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys2011/02/01 10:44:20.0593 3964 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys2011/02/01 10:44:20.0718 3964 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys2011/02/01 10:44:20.0843 3964 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys2011/02/01 10:44:20.0921 3964 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys2011/02/01 10:44:21.0015 3964 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys2011/02/01 10:44:21.0140 3964 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys2011/02/01 10:44:21.0296 3964 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys2011/02/01 10:44:21.0468 3964 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys2011/02/01 10:44:21.0781 3964 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys2011/02/01 10:44:21.0937 3964 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys2011/02/01 10:44:22.0078 3964 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys2011/02/01 10:44:22.0250 3964 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys2011/02/01 10:44:22.0437 3964 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys2011/02/01 10:44:22.0578 3964 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys2011/02/01 10:44:22.0781 3964 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys2011/02/01 10:44:22.0937 3964 MpFilter (eb950bfe2432d4fdcd2dda9ca7665055) C:\WINDOWS\system32\DRIVERS\MpFilter.sys2011/02/01 10:44:23.0265 3964 MpKsl5931137d (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{41ABE071-5119-4A68-A112-B73071F39A4D}\MpKsl5931137d.sys2011/02/01 10:44:23.0546 3964 MpKslc2e9c136 (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{41ABE071-5119-4A68-A112-B73071F39A4D}\MpKslc2e9c136.sys2011/02/01 10:44:23.0796 3964 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS2011/02/01 10:44:24.0015 3964 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS2011/02/01 10:44:24.0296 3964 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys2011/02/01 10:44:24.0515 3964 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys2011/02/01 10:44:24.0750 3964 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys2011/02/01 10:44:24.0859 3964 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys2011/02/01 10:44:24.0937 3964 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys2011/02/01 10:44:25.0015 3964 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys2011/02/01 10:44:25.0187 3964 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys2011/02/01 10:44:25.0343 3964 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys2011/02/01 10:44:25.0546 3964 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys2011/02/01 10:44:25.0625 3964 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys2011/02/01 10:44:25.0765 3964 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys2011/02/01 10:44:25.0937 3964 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys2011/02/01 10:44:26.0046 3964 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys2011/02/01 10:44:26.0296 3964 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys2011/02/01 10:44:26.0406 3964 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys2011/02/01 10:44:26.0562 3964 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys2011/02/01 10:44:26.0718 3964 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys2011/02/01 10:44:26.0906 3964 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys2011/02/01 10:44:27.0062 3964 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys2011/02/01 10:44:27.0218 3964 netr73 (2dd6bb85c8bdae6116565ab5beca4f7c) C:\WINDOWS\system32\DRIVERS\netr73.sys2011/02/01 10:44:27.0453 3964 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys2011/02/01 10:44:27.0687 3964 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys2011/02/01 10:44:27.0875 3964 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys2011/02/01 10:44:28.0109 3964 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys2011/02/01 10:44:28.0312 3964 nv (16e3095560cb731edd9966b9294fce18) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys2011/02/01 10:44:28.0546 3964 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys2011/02/01 10:44:28.0750 3964 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys2011/02/01 10:44:28.0937 3964 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys2011/02/01 10:44:29.0140 3964 ossrv (efa821d3e0bd123dc7d78714179c43f5) C:\WINDOWS\system32\drivers\ctoss2k.sys2011/02/01 10:44:29.0296 3964 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys2011/02/01 10:44:29.0453 3964 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys2011/02/01 10:44:29.0625 3964 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys2011/02/01 10:44:29.0812 3964 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys2011/02/01 10:44:30.0078 3964 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys2011/02/01 10:44:30.0218 3964 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys2011/02/01 10:44:30.0906 3964 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys2011/02/01 10:44:31.0062 3964 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys2011/02/01 10:44:31.0218 3964 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys2011/02/01 10:44:31.0359 3964 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys2011/02/01 10:44:31.0515 3964 PxHelp20 (951d4769ba5b8a3c58404b5cef4a65ca) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys2011/02/01 10:44:32.0062 3964 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys2011/02/01 10:44:32.0218 3964 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys2011/02/01 10:44:32.0312 3964 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys2011/02/01 10:44:32.0453 3964 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys2011/02/01 10:44:32.0578 3964 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys2011/02/01 10:44:32.0812 3964 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys2011/02/01 10:44:32.0968 3964 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys2011/02/01 10:44:33.0109 3964 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys2011/02/01 10:44:33.0281 3964 RT73 (cb20f16afdba63707fb971e0922edec1) C:\WINDOWS\system32\DRIVERS\rt73.sys2011/02/01 10:44:33.0437 3964 rtl8139 (d0ac0b0355a3ffb85eb77b083cd0627c) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS2011/02/01 10:44:33.0671 3964 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS2011/02/01 10:44:33.0765 3964 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS2011/02/01 10:44:33.0859 3964 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS2011/02/01 10:44:34.0031 3964 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys2011/02/01 10:44:34.0203 3964 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys2011/02/01 10:44:34.0359 3964 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys2011/02/01 10:44:34.0593 3964 SiS315 (80ca473eebd2bbaeab7e62b1b03cbe03) C:\WINDOWS\system32\DRIVERS\sisgrp.sys2011/02/01 10:44:34.0796 3964 sisagp (1630fbdbcb0cf3a60c02b6f140bab98b) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys2011/02/01 10:44:34.0968 3964 SiSkp (0ba1bc20204db877236eb5f674879ed5) C:\WINDOWS\system32\drivers\srvkp.sys2011/02/01 10:44:35.0093 3964 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys2011/02/01 10:44:35.0265 3964 soma (9ba63b0798e0e5f75d148dcef4098e8a) C:\WINDOWS\system32\DRIVERS\soma.sys2011/02/01 10:44:35.0453 3964 SONYWBMS (e6320f02dc53402bbff34f0d0a5fee51) C:\WINDOWS\system32\DRIVERS\SonyWBMS.SYS2011/02/01 10:44:35.0640 3964 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys2011/02/01 10:44:35.0828 3964 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys2011/02/01 10:44:36.0000 3964 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys2011/02/01 10:44:36.0296 3964 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys2011/02/01 10:44:36.0453 3964 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys2011/02/01 10:44:36.0640 3964 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys2011/02/01 10:44:36.0843 3964 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys2011/02/01 10:44:37.0390 3964 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys2011/02/01 10:44:37.0578 3964 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys2011/02/01 10:44:37.0781 3964 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys2011/02/01 10:44:37.0937 3964 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys2011/02/01 10:44:38.0078 3964 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys2011/02/01 10:44:38.0656 3964 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys2011/02/01 10:44:38.0968 3964 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys2011/02/01 10:44:39.0218 3964 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys2011/02/01 10:44:39.0343 3964 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys2011/02/01 10:44:39.0484 3964 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys2011/02/01 10:44:39.0625 3964 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys2011/02/01 10:44:39.0796 3964 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys2011/02/01 10:44:39.0984 3964 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys2011/02/01 10:44:40.0109 3964 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys2011/02/01 10:44:40.0250 3964 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS2011/02/01 10:44:40.0406 3964 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys2011/02/01 10:44:40.0640 3964 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys2011/02/01 10:44:40.0859 3964 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys2011/02/01 10:44:41.0031 3964 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys2011/02/01 10:44:41.0296 3964 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys2011/02/01 10:44:41.0484 3964 WDM_YAMAHAAC97 (ca4d9ade72b8e5a1802a452c4c0a5170) C:\WINDOWS\system32\drivers\yacxgc.sys2011/02/01 10:44:41.0703 3964 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys2011/02/01 10:44:41.0875 3964 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys2011/02/01 10:44:42.0062 3964 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS2011/02/01 10:44:42.0218 3964 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys2011/02/01 10:44:42.0343 3964 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys2011/02/01 10:44:42.0484 3964 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)2011/02/01 10:44:42.0484 3964 ================================================================================2011/02/01 10:44:42.0484 3964 Scan finished2011/02/01 10:44:42.0484 3964 ================================================================================2011/02/01 10:44:42.0515 1412 Detected object count: 12011/02/01 10:45:57.0609 1412 \HardDisk0 - will be cured after reboot2011/02/01 10:45:57.0609 1412 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/02/01 10:46:04.0265 3760 Deinitialize success Link to post Share on other sites More sharing options...
vflores Posted February 2, 2011 Author ID:383130 Share Posted February 2, 2011 Chris, thanks for your help. I no longer see the balloon notifications: Malwarebytes anti malware Successfully blocked accesses to a potentially malicious website does that mean my computer is clean? one last thing do I need to keep superantispyware on my computer since I have and im using malwarebytes? thanks again for all your help Link to post Share on other sites More sharing options...
Staff screen317 Posted February 3, 2011 Staff ID:383456 Share Posted February 3, 2011 Hi,Let's see if any part of the infection is still around.Please update MBAM, run a Quick Scan, and post its log.Next, please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
vflores Posted February 6, 2011 Author ID:384837 Share Posted February 6, 2011 Chris am unable to run combofix because I can't disable Microsoft Essentials Scanner.. What should I do? Link to post Share on other sites More sharing options...
Staff screen317 Posted February 7, 2011 Staff ID:385673 Share Posted February 7, 2011 First, grab a fresh copy, and save it to your Desktop.Run it as follows:Navigate to Start --> Run, and Enter this command exactly as shown:"%userprofile%\Desktop\ComboFix.exe" /killallIt should run unimpaired now. Ignore any messages about MSE and allow it to proceed. Link to post Share on other sites More sharing options...
vflores Posted February 12, 2011 Author ID:388009 Share Posted February 12, 2011 here you go Chris--not sure how to access the ComboFix.txt, but here is the logComboFix 11-02-11.01 - Owner 02/11/2011 17:49:14.1.2 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.456 [GMT -6:00]Running from: c:\documents and settings\Owner\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Enabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.datc:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.datc:\documents and settings\Owner\Application Data\Adobe\AdobeUpdate .exec:\documents and settings\Owner\Application Data\Adobe\plugsc:\documents and settings\Owner\Recent\Thumbs.dbc:\documents and settings\Owner\Start Menu\Programs\Windows ScanC:\sc:\windows\desktopc:\windows\system32\11478.exec:\windows\system32\15724.exec:\windows\system32\18467.exec:\windows\system32\19169.exec:\windows\system32\26500.exec:\windows\system32\6334.exec:\windows\Tasks\kghchqgz.job----- BITS: Possible infected sites -----hxxp://app.timebridge.com.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_6TO4((((((((((((((((((((((((( Files Created from 2011-01-12 to 2011-02-12 ))))))))))))))))))))))))))))))).2011-02-12 00:25 . 2011-02-12 00:25 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{53D05EF8-D038-4033-AB9F-DF5D681506E2}\MpKsl6591a0a1.sys2011-02-11 23:28 . 2011-02-11 23:28 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS2011-02-11 13:52 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{53D05EF8-D038-4033-AB9F-DF5D681506E2}\mpengine.dll2011-01-28 23:53 . 2011-01-28 23:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes2011-01-28 23:52 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-01-28 23:52 . 2011-01-28 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2011-01-28 23:52 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2011-01-28 23:52 . 2011-01-28 23:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-01-28 15:25 . 2011-01-28 15:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe2011-01-27 22:40 . 2011-01-27 22:40 1409 ----a-w- c:\windows\QTFont.for2011-01-24 05:39 . 2011-01-24 05:39 0 ----a-w- c:\windows\Rfusi.bin2011-01-24 05:39 . 2011-01-24 05:39 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{CAE38E14-5CD8-4698-9978-9420F7C3CDF5}2011-01-24 05:37 . 2011-01-24 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\gBkJmDg000002011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-01-21 14:44 . 2002-12-05 01:15 439296 ----a-w- c:\windows\system32\shimgvw.dll2011-01-13 09:41 . 2010-01-13 18:07 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2011-01-07 14:09 . 2002-12-05 01:14 290048 ----a-w- c:\windows\system32\atmfd.dll2010-12-31 13:10 . 2002-12-05 01:15 1854976 ----a-w- c:\windows\system32\win32k.sys2010-12-22 12:34 . 2002-12-05 01:15 301568 ----a-w- c:\windows\system32\kerberos.dll2010-12-20 23:08 . 2005-07-11 18:34 78336 ----a-w- c:\windows\system32\ieencode.dll2010-12-20 23:08 . 2002-12-05 01:15 832512 ----a-w- c:\windows\system32\wininet.dll2010-12-20 23:08 . 2002-12-05 01:15 1830912 ----a-w- c:\windows\system32\inetcpl.cpl2010-12-20 23:08 . 2002-12-05 01:14 17408 ----a-w- c:\windows\system32\corpol.dll2010-12-20 17:26 . 2002-12-05 01:15 730112 ----a-w- c:\windows\system32\lsasrv.dll2010-12-20 12:55 . 2005-07-11 18:34 389120 ----a-w- c:\windows\system32\html.iec2010-12-09 15:15 . 2002-12-05 01:15 718336 ----a-w- c:\windows\system32\ntdll.dll2010-12-09 14:30 . 2002-12-05 01:14 33280 ----a-w- c:\windows\system32\csrsrv.dll2010-12-09 13:42 . 2002-08-29 01:04 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe2010-12-09 13:07 . 2002-08-29 01:04 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe2010-11-18 18:12 . 2002-12-05 02:22 81920 ----a-w- c:\windows\system32\isign32.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-08 68856]"TimeBridge Connector for Outlook"="c:\documents and settings\Owner\Application Data\TimeBridge\TimeBridge Connector for Outlook\TimeBridgeConnectorForOutlook.exe" [2008-10-07 32768]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-13 2424560][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2002-11-07 4243456]"CTHelper"="CTHELPER.EXE" [2002-11-08 24576]"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" [2002-08-15 77887]"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-25 28672]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-22 196608]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"SetDefaultMidi"="MIDIDEF.EXE" [2002-03-01 61440]"RunNarrator"="Narrator.exe" [2008-04-14 53760]c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-7-11 113664]HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Documents and Settings\\Owner\\Application Data\\TimeBridge\\TimeBridge Connector for Outlook\\TimeBridgeConnectorForOutlook.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"="c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"="c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"="c:\\Program Files\\Common Files\\Motive\\McciCMService.exe"="c:\\WINDOWS\\system32\\msiexec.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009R1 MpKsl6591a0a1;MpKsl6591a0a1;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{53D05EF8-D038-4033-AB9F-DF5D681506E2}\MpKsl6591a0a1.sys [2/11/2011 6:25 PM 28752]R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 67656]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/28/2011 5:52 PM 363344]R2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacom\x86\novacomd.exe [11/6/2009 12:03 PM 33280]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/28/2011 5:52 PM 20952]S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]S1 MpKsl0ee91ba2;MpKsl0ee91ba2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{61C3958E-3650-4372-BF45-B27DFF0D303B}\MpKsl0ee91ba2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{61C3958E-3650-4372-BF45-B27DFF0D303B}\MpKsl0ee91ba2.sys [?]S1 MpKsl29feec08;MpKsl29feec08;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{53D05EF8-D038-4033-AB9F-DF5D681506E2}\MpKsl29feec08.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{53D05EF8-D038-4033-AB9F-DF5D681506E2}\MpKsl29feec08.sys [?]S1 MpKsl3177900d;MpKsl3177900d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{61C3958E-3650-4372-BF45-B27DFF0D303B}\MpKsl3177900d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{61C3958E-3650-4372-BF45-B27DFF0D303B}\MpKsl3177900d.sys [?]S1 MpKsl5ae886b2;MpKsl5ae886b2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14747A3B-2801-49E3-B655-733828A2C8A5}\MpKsl5ae886b2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14747A3B-2801-49E3-B655-733828A2C8A5}\MpKsl5ae886b2.sys [?]S1 MpKsl5dd158f9;MpKsl5dd158f9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{41ABE071-5119-4A68-A112-B73071F39A4D}\MpKsl5dd158f9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{41ABE071-5119-4A68-A112-B73071F39A4D}\MpKsl5dd158f9.sys [?]S1 MpKsl5e5beec9;MpKsl5e5beec9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BC7CD8A9-6782-4A1F-ABB2-522852484730}\MpKsl5e5beec9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BC7CD8A9-6782-4A1F-ABB2-522852484730}\MpKsl5e5beec9.sys [?]S1 MpKsl7ae0156b;MpKsl7ae0156b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2B3E8352-CB05-44AA-9357-AA8DF41F16E1}\MpKsl7ae0156b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2B3E8352-CB05-44AA-9357-AA8DF41F16E1}\MpKsl7ae0156b.sys [?]S1 MpKsle3f6a898;MpKsle3f6a898;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14747A3B-2801-49E3-B655-733828A2C8A5}\MpKsle3f6a898.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14747A3B-2801-49E3-B655-733828A2C8A5}\MpKsle3f6a898.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [12/29/2006 1:49 AM 247808]S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]--- Other Services/Drivers In Memory ---*NewlyCreated* - MPKSL6591A0A1[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12HPService REG_MULTI_SZ HPSLPSVChpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvcgetPlusHelper REG_MULTI_SZ getPlusHelper.Contents of the 'Scheduled Tasks' folder2011-02-05 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 18:42]2011-02-12 c:\windows\Tasks\MP Scheduled Scan.job- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 23:36]..------- Supplementary Scan -------.uStart Page = hxxp://www.foxnews.comuInternet Settings,ProxyOverride = <local>TCP: {7232894C-42A4-46E4-AD01-065D229B1951} = 4.2.2.1TCP: {CA0154F2-AAEC-4920-AAEF-074E988571A0} = 4.2.2.1 209.18.47.61 209.18.47.62DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cabDPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cabFF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z1zp1glf.default\FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.comFF - prefs.js: network.proxy.type - 4FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ffFF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}.- - - - ORPHANS REMOVED - - - -AddRemove-Creative Driver - c:\windows\System32\ctdrvinsAddRemove-Macromedia Shockwave Player - c:\windows\system32\Macromed\SHOCKW~2\UNWISE.EXE**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-02-11 18:27Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(692)c:\windows\system32\GTGina.dllc:\program files\SUPERAntiSpyware\SASWINLO.dllc:\windows\system32\WININET.dllc:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLLc:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dllc:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dllc:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll- - - - - - - > 'explorer.exe'(572)c:\windows\system32\WININET.dllc:\windows\system32\ieframe.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\program files\Microsoft Security Essentials\MsMpEng.exec:\program files\Java\jre6\bin\jqs.exec:\windows\System32\nvsvc32.exec:\program files\Sony\VAIO Media Music Server\SSSvr.exec:\program files\Sony\Photo Server 20\appsrv\PicAppSrv.exec:\program files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exec:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exec:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exec:\program files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exec:\program files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exec:\program files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exec:\program files\Canon\CAL\CALMAIN.exec:\program files\HP\Digital Imaging\bin\hpqSTE08.exec:\program files\HP\Digital Imaging\bin\hpqbam08.exec:\program files\HP\Digital Imaging\bin\hpqgpc01.exe.**************************************************************************.Completion time: 2011-02-11 18:41:57 - machine was rebootedComboFix-quarantined-files.txt 2011-02-12 00:41Pre-Run: 200,531,779,584 bytes freePost-Run: 205,234,540,544 bytes freeWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn- - End Of File - - 097C8098F696C982D5C67F0516132D77 Link to post Share on other sites More sharing options...
Staff screen317 Posted February 13, 2011 Staff ID:388401 Share Posted February 13, 2011 Hi,Things are looking good. Something seems off with your antivirus though. Let's get it back to working correctly.Print out these instructions for reference; you'll be disconnecting from the Internet temporarily during part of this fix:First, download the installer for the latest version of Microsoft Security Essentials (click Download Now and click the download for Windows XP). Save it to your Desktop but do not run it yet.Next, Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.Next, disconnect from the Internet; physically unplug the cable or turn off wireless.Next, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):Microsoft AntimalwareMicrosoft Security EssentialsJava Link to post Share on other sites More sharing options...
vflores Posted February 15, 2011 Author ID:389429 Share Posted February 15, 2011 Chris, below are reports you requested. I do have a quick question. go now i have 3 spy-ware running on my computer. supperantispyware, malwarebytes and now Microsoft essential securities. do I still need superantispyware? here is combofix.txt:ComboFix 11-02-13.04 - Owner 02/14/2011 18:00:10.2.2 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.489 [GMT -6:00]Running from: c:\documents and settings\Owner\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Owner\Desktop\CFScript.txtAV: Microsoft Security Essentials *Enabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE60066B-6A2F-4D66-B45D-3A82D4EE8BAA}\mpasbase.vdmc:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE60066B-6A2F-4D66-B45D-3A82D4EE8BAA}\mpasdlta.vdmc:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE60066B-6A2F-4D66-B45D-3A82D4EE8BAA}\mpavbase.vdmc:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE60066B-6A2F-4D66-B45D-3A82D4EE8BAA}\mpavdlta.vdmc:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE60066B-6A2F-4D66-B45D-3A82D4EE8BAA}\mpengine.dllc:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE60066B-6A2F-4D66-B45D-3A82D4EE8BAA}\MpKsl0520b90b.sysc:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE60066B-6A2F-4D66-B45D-3A82D4EE8BAA}\MpKsl87d66726.sysc:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpasbase.vdmc:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpasdlta.vdmc:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpavbase.vdmc:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpavdlta.vdmc:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dllc:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{06C4E997-5187-4593-2F5E-8714346F1B5A}-47432ed1-2af0d9d8c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{1203786F-4691-47BE-89C2-EADDE9CE3133}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{4447D16D-CFAE-ED94-9C81-3199DF41DB7B}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{81A22F4A-21DD-11CB-A0ED-554E450F2739}-SMSS.EXEc:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{99CA1739-B0F1-7B98-7475-262362D266BD}-ComboFix.exec:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{DD5928DB-8B39-31C3-C3EF-91C37E127E64}-extract.cfxxec:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{FFB8085D-F47B-A888-7A93-CBC19FCC3587}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Quick\{0E999FA4-5B21-431B-95D9-1C217848124D}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Quick\{5A59C72E-B485-4F07-B22F-F5708D0396D2}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Quick\{BFB3E8BF-A41D-47CB-BB24-A606EB952800}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{025B5A1C-3659-49BD-A051-517AED553EDB}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{069C15E9-48C6-4C3B-B910-D274E584D59D}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{0C08B7DA-2019-4142-9B82-99CD8B78C59F}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{0F9B0DDF-58EA-49C0-9658-822FFDF38C35}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{1203786F-4691-47BE-89C2-EADDE9CE3133}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{20EC9BAA-53FD-4562-AB01-58BCAFF3C74D}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{22B7C7FD-5887-47BA-A280-5883DE44E99D}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{25684AB7-8583-484A-9CB8-8D500E8AA626}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{26288F2E-FAC9-4A42-844B-065EEE97C146}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2835BFDF-6868-4DF6-8140-9ECDB632926B}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2BCCBD9F-9D41-49D6-BD37-447CFB449B21}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{31A011C7-A63D-4DD4-9238-5DC40D051661}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{32D5F838-E9D8-4001-9100-D4A56CE7A486}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{3372CD12-EDEF-4C2E-AC5D-4B415EC23D40}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{3C32A9F6-580B-4C56-97C5-31E8678598D4}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{4B673490-F1F6-45FC-AAE0-AC8563D31A98}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{4E25C3A2-5906-424C-8B52-01218A0D365B}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{52076EC7-01E4-43AC-9F1B-9C8CD03BBA0D}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{5741B314-4FBF-486A-B4CA-387BEA4DF656}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{6480B0E5-C48B-4CD7-B0B6-DA586A7F2530}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{751FFEF2-3854-4F70-BEF4-77AC9C7FD4BF}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{801316D4-0266-4836-B207-31F021A086F4}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{83A53B7B-CEB6-4C38-930B-C85F8EF98883}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{8713FEF5-79C1-4799-A02F-0C888309757E}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{878C3242-3305-4E3C-A31A-89FA95B2A969}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{886CF5BA-ACE3-4F64-87BF-657486EA4E9B}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{8A43DC95-BA91-4731-BF4D-1AA5094272C9}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{9C32A011-EB71-4569-B244-FB5272C24D64}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{9EBE8424-3AAC-4EE4-A3DC-5C3AA852D848}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A235AD5D-B64F-4E96-B9D3-FFF588EE2559}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{AA063986-62BA-4369-A1A1-10FF1C98245D}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{AA2E1687-8008-4A9B-9ABB-60FA5803A149}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B18FA2D8-447D-4AEE-891F-DAA3D060872A}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B2554B35-6891-46AE-99CF-879D774C2492}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B488E1A4-A412-4CF4-9B2F-47983C6E96C5}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B9BAA711-A9C4-4FC8-A6F1-50B7A09363C0}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{BB5E4FB2-C394-46BF-92BC-508A719B238E}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{C71A8324-E15E-41EC-9335-C8098BB823AE}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{C83E4453-A8DE-4829-9EFB-490187EAFB22}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{CD25DFCD-16C0-4817-848B-94853AEBC3B5}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D2D91BF4-B4C0-4F28-9D5B-E38015D6CC92}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D3066169-DB23-4409-A0D6-95C724B48C76}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{DECB7BC7-580B-43E1-A9D6-55AFCFBD87AF}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{E4E7B92D-CC2D-40B9-A009-7CBE53CCBD2F}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{E973557E-D94E-4566-AB43-0F0019A05A03}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{EE9DE835-DD5F-45ED-9A11-6ED6180B00BF}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{EEC37ED5-E6F3-4E9D-BA46-45BEF8F58380}c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Service\Detections.logc:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Service\History.Logc:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Service\Unknown.Logc:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MPLog-07072010-075101.logc:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.datc:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.datc:\documents and settings\Owner\Local Settings\Application Data\{CAE38E14-5CD8-4698-9978-9420F7C3CDF5}c:\documents and settings\Owner\Local Settings\Application Data\{CAE38E14-5CD8-4698-9978-9420F7C3CDF5}\chrome.manifestc:\documents and settings\Owner\Local Settings\Application Data\{CAE38E14-5CD8-4698-9978-9420F7C3CDF5}\chrome\content\_cfg.jsc:\documents and settings\Owner\Local Settings\Application Data\{CAE38E14-5CD8-4698-9978-9420F7C3CDF5}\chrome\content\overlay.xulc:\documents and settings\Owner\Local Settings\Application Data\{CAE38E14-5CD8-4698-9978-9420F7C3CDF5}\install.rdfc:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware . . . . Failed to deletec:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\IMpServiceBCF43643-A118-4432-AEDE-D861FCBCFCDE.lock . . . . Failed to deletec:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpSfc.bin . . . . Failed to deletec:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing.bin . . . . Failed to delete----- BITS: Possible infected sites -----hxxp://app.timebridge.com.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_MPKSL29FEEC08-------\Legacy_MPKSL5AE886B2-------\Legacy_MPKSL5DD158F9-------\Legacy_MPKSL5E5BEEC9-------\Legacy_MPKSL6591A0A1-------\Legacy_MPKSL7AE0156B-------\Legacy_MPKSLE3F6A898-------\Service_MpKsl0ee91ba2-------\Service_MpKsl29feec08-------\Service_MpKsl3177900d-------\Service_MpKsl5ae886b2-------\Service_MpKsl5dd158f9-------\Service_MpKsl5e5beec9-------\Service_MpKsl7ae0156b-------\Service_MpKsle3f6a898-------\Legacy_MpKsl0520b90b-------\Legacy_MpKsl0520b90b-------\Service_MpKsl0520b90b-------\Service_MpKsl0520b90b((((((((((((((((((((((((( Files Created from 2011-01-15 to 2011-02-15 ))))))))))))))))))))))))))))))).2011-02-15 00:18 . 2011-02-15 00:18 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B259F7F1-E101-4E04-871C-EE1CA687753A}\MpKsl352aa0b7.sys2011-02-15 00:18 . 2011-01-13 07:41 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B259F7F1-E101-4E04-871C-EE1CA687753A}\mpengine.dll2011-01-28 23:53 . 2011-01-28 23:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes2011-01-28 23:52 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-01-28 23:52 . 2011-01-28 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2011-01-28 23:52 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2011-01-28 23:52 . 2011-01-28 23:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-01-28 15:25 . 2011-01-28 15:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe2011-01-27 22:40 . 2011-01-27 22:40 1409 ----a-w- c:\windows\QTFont.for2011-01-24 05:39 . 2011-01-24 05:39 0 ----a-w- c:\windows\Rfusi.bin2011-01-24 05:37 . 2011-01-24 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\gBkJmDg000002011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-01-21 14:44 . 2002-12-05 01:15 439296 ----a-w- c:\windows\system32\shimgvw.dll2011-01-07 14:09 . 2002-12-05 01:14 290048 ----a-w- c:\windows\system32\atmfd.dll2010-12-31 13:10 . 2002-12-05 01:15 1854976 ----a-w- c:\windows\system32\win32k.sys2010-12-22 12:34 . 2002-12-05 01:15 301568 ----a-w- c:\windows\system32\kerberos.dll2010-12-20 23:08 . 2005-07-11 18:34 78336 ----a-w- c:\windows\system32\ieencode.dll2010-12-20 23:08 . 2002-12-05 01:15 832512 ----a-w- c:\windows\system32\wininet.dll2010-12-20 23:08 . 2002-12-05 01:15 1830912 ----a-w- c:\windows\system32\inetcpl.cpl2010-12-20 23:08 . 2002-12-05 01:14 17408 ----a-w- c:\windows\system32\corpol.dll2010-12-20 17:26 . 2002-12-05 01:15 730112 ----a-w- c:\windows\system32\lsasrv.dll2010-12-20 12:55 . 2005-07-11 18:34 389120 ----a-w- c:\windows\system32\html.iec2010-12-09 15:15 . 2002-12-05 01:15 718336 ----a-w- c:\windows\system32\ntdll.dll2010-12-09 14:30 . 2002-12-05 01:14 33280 ----a-w- c:\windows\system32\csrsrv.dll2010-12-09 13:42 . 2002-08-29 01:04 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe2010-12-09 13:07 . 2002-08-29 01:04 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe2010-11-18 18:12 . 2002-12-05 02:22 81920 ----a-w- c:\windows\system32\isign32.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-08 68856]"TimeBridge Connector for Outlook"="c:\documents and settings\Owner\Application Data\TimeBridge\TimeBridge Connector for Outlook\TimeBridgeConnectorForOutlook.exe" [2008-10-07 32768]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-13 2424560][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2002-11-07 4243456]"CTHelper"="CTHELPER.EXE" [2002-11-08 24576]"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" [2002-08-15 77887]"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-25 28672]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-22 196608]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"SetDefaultMidi"="MIDIDEF.EXE" [2002-03-01 61440]"RunNarrator"="Narrator.exe" [2008-04-14 53760]c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-7-11 113664]HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Documents and Settings\\Owner\\Application Data\\TimeBridge\\TimeBridge Connector for Outlook\\TimeBridgeConnectorForOutlook.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"="c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"="c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"="c:\\Program Files\\Common Files\\Motive\\McciCMService.exe"="c:\\WINDOWS\\system32\\msiexec.exe"=R1 MpKsl352aa0b7;MpKsl352aa0b7;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B259F7F1-E101-4E04-871C-EE1CA687753A}\MpKsl352aa0b7.sys [2/14/2011 6:18 PM 28752]R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 67656]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/28/2011 5:52 PM 363344]R2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacom\x86\novacomd.exe [11/6/2009 12:03 PM 33280]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/28/2011 5:52 PM 20952]S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]S1 MpKsl87d66726;MpKsl87d66726;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE60066B-6A2F-4D66-B45D-3A82D4EE8BAA}\MpKsl87d66726.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE60066B-6A2F-4D66-B45D-3A82D4EE8BAA}\MpKsl87d66726.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [12/29/2006 1:49 AM 247808]S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]--- Other Services/Drivers In Memory ---*NewlyCreated* - MPKSL352AA0B7[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12HPService REG_MULTI_SZ HPSLPSVChpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvcgetPlusHelper REG_MULTI_SZ getPlusHelper.Contents of the 'Scheduled Tasks' folder2011-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 18:42]2011-02-15 c:\windows\Tasks\MP Scheduled Scan.job- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 23:36]2011-02-15 c:\windows\Tasks\MpIdleTask.job- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 23:36]..------- Supplementary Scan -------.uStart Page = hxxp://www.foxnews.comuInternet Settings,ProxyOverride = <local>TCP: {7232894C-42A4-46E4-AD01-065D229B1951} = 4.2.2.1TCP: {CA0154F2-AAEC-4920-AAEF-074E988571A0} = 4.2.2.1 209.18.47.61 209.18.47.62DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cabDPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cabFF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z1zp1glf.default\FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.comFF - prefs.js: network.proxy.type - 4FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}.- - - - ORPHANS REMOVED - - - -AddRemove-com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 - c:\program files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-02-14 18:42Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(536)c:\windows\system32\GTGina.dllc:\program files\SUPERAntiSpyware\SASWINLO.dllc:\windows\system32\WININET.dllc:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLLc:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dllc:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dllc:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll- - - - - - - > 'explorer.exe'(2856)c:\windows\system32\WININET.dllc:\windows\system32\ieframe.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\program files\Microsoft Security Essentials\MsMpEng.exec:\windows\System32\nvsvc32.exec:\program files\Sony\VAIO Media Music Server\SSSvr.exec:\program files\Sony\Photo Server 20\appsrv\PicAppSrv.exec:\program files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exec:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exec:\program files\Canon\CAL\CALMAIN.exec:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exec:\program files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exec:\program files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exec:\program files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exec:\program files\HP\Digital Imaging\bin\hpqSTE08.exec:\program files\HP\Digital Imaging\bin\hpqbam08.exec:\program files\HP\Digital Imaging\bin\hpqgpc01.exe.**************************************************************************.Completion time: 2011-02-14 19:03:09 - machine was rebootedComboFix-quarantined-files.txt 2011-02-15 01:02ComboFix2.txt 2011-02-12 00:41Pre-Run: 205,131,444,224 bytes freePost-Run: 204,977,545,216 bytes free- - End Of File - - 0A11910FA49BD415DECD27A6BBA6A35Dhere is the dds: DDS (Ver_10-12-12.02) - NTFSx86 Run by Owner at 0:12:22.64 on Tue 02/15/2011Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_23Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.267 [GMT -6:00]AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}AV: Microsoft Security Essentials *Enabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exec:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\WINDOWS\system32\svchost.exe -k HPServiceC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\Program Files\Palm, Inc\novacom\x86\novacomd.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\System32\svchost.exe -k imgsvcC:\Program Files\Sony\VAIO Media Music Server\SSSvr.exeC:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exeC:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exeC:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exeC:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exeC:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exeC:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Documents and Settings\Owner\Application Data\TimeBridge\TimeBridge Connector for Outlook\TimeBridgeConnectorForOutlook.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exeC:\Documents and Settings\Owner\Desktop\dds(2).scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.foxnews.comuInternet Settings,ProxyOverride = <local>BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dllBHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No FileTB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No FileTB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No FileuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [TimeBridge Connector for Outlook] "c:\documents and settings\owner\application data\timebridge\timebridge connector for outlook\TimeBridgeConnectorForOutlook.exe"uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exeuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [CTHelper] CTHELPER.EXEmRun: [QuickFinder Scheduler] "c:\program files\corel\wordperfect office 2002\programs\QFSCHD100.EXE"mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exemRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exemRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeymRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tdRunOnce: [setDefaultMidi] MIDIDEF.EXEdRunOnce: [RunNarrator] Narrator.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLLIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllDPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cabDPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cabDPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cabDPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dllDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121112359438DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121112210891DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cabDPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: {7232894C-42A4-46E4-AD01-065D229B1951} = 4.2.2.1TCP: {CA0154F2-AAEC-4920-AAEF-074E988571A0} = 4.2.2.1 209.18.47.61 209.18.47.62Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dllHandler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dllNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL================= FIREFOX ===================FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z1zp1glf.default\FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.comFF - prefs.js: network.proxy.type - 4FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dllFF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dllFF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dllFF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtensionFF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}FF - Ext: Google Docs Viewer: adonis.cuhk@gmail.com - %profile%\extensions\adonis.cuhk@gmail.com============= SERVICES / DRIVERS ===============R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165264]R1 MpKsl86737c88;MpKsl86737c88;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{eea49e63-f2b3-43b5-99a5-81f572b870fd}\MpKsl86737c88.sys [2011-2-14 28752]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 67656]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-28 363344]R2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacom\x86\novacomd.exe [2009-11-6 33280]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-28 20952]S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]S1 MpKsl87d66726;MpKsl87d66726;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fe60066b-6a2f-4d66-b45d-3a82d4ee8baa}\mpksl87d66726.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fe60066b-6a2f-4d66-b45d-3a82d4ee8baa}\MpKsl87d66726.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [2006-12-29 247808]S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]=============== Created Last 30 ================2011-02-15 05:46:37 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{eea49e63-f2b3-43b5-99a5-81f572b870fd}\MpKsl86737c88.sys2011-02-15 04:29:41 73728 ----a-w- c:\windows\system32\javacpl.cpl2011-02-15 04:29:41 472808 ----a-w- c:\windows\system32\deployJava1.dll2011-02-15 04:29:41 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll2011-02-15 03:16:41 -------- d-----w- c:\program files\Microsoft Security Client2011-02-15 03:11:11 17280 ----a-w- C:\FixitRegBackup.reg2011-02-15 01:49:21 5890896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{eea49e63-f2b3-43b5-99a5-81f572b870fd}\mpengine.dll2011-02-11 23:36:39 -------- d-sha-r- C:\cmdcons2011-02-11 23:30:45 89088 ----a-w- c:\windows\MBR.exe2011-02-11 23:30:45 256512 ----a-w- c:\windows\PEV.exe2011-02-11 23:30:45 161792 ----a-w- c:\windows\SWREG.exe2011-02-11 23:30:44 98816 ----a-w- c:\windows\sed.exe2011-01-28 23:53:15 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes2011-01-28 23:52:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-01-28 23:52:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes2011-01-28 23:52:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2011-01-28 23:52:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-01-27 22:40:10 1409 ----a-w- c:\windows\QTFont.for2011-01-24 05:39:49 0 ----a-w- c:\windows\Rfusi.bin2011-01-24 05:37:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\gBkJmDg000002011-01-21 14:44:37 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll==================== Find3M ====================2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll2010-12-20 23:08:45 832512 ----a-w- c:\windows\system32\wininet.dll2010-12-20 23:08:45 78336 ----a-w- c:\windows\system32\ieencode.dll2010-12-20 23:08:45 1830912 ----a-w- c:\windows\system32\inetcpl.cpl2010-12-20 23:08:45 17408 ----a-w- c:\windows\system32\corpol.dll2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll2010-12-20 12:55:25 389120 ----a-w- c:\windows\system32\html.iec2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll============= FINISH: 0:18:09.78 =============== Link to post Share on other sites More sharing options...
Staff screen317 Posted February 16, 2011 Staff ID:389856 Share Posted February 16, 2011 Hi,I'll have a reply for you tonight. Link to post Share on other sites More sharing options...
Staff screen317 Posted February 16, 2011 Staff ID:389887 Share Posted February 16, 2011 Hi,below are reports you requested. I do have a quick question. go now i have 3 spy-ware running on my computer. supperantispyware, malwarebytes and now Microsoft essential securities. do I still need superantispyware? Well are you using the PRO version of MBAM or SuperAntiSpyware? If not, all are fine to have, and Microsoft Security Essentials will be the only one actively protecting you. If so, let me know and we'll optimize how they work together. Link to post Share on other sites More sharing options...
vflores Posted February 16, 2011 Author ID:390126 Share Posted February 16, 2011 Chris, thanks for all your help so far! I have the professional version of MBAM and SuperAntiSpyware (the subscription expires 4/4/11) Link to post Share on other sites More sharing options...
Staff screen317 Posted February 20, 2011 Staff ID:391152 Share Posted February 20, 2011 Hi,My apologies for the delay.In my opinion, the PRO version of MBAM (which is a lifetime license) and your antivirus are a great match, and if you don't want to pay for SuperAntiSpyware again, I personally wouldn't. Link to post Share on other sites More sharing options...
vflores Posted February 20, 2011 Author ID:391193 Share Posted February 20, 2011 ok how would you recommend I set the settings for both Microsoft and MBAM? Link to post Share on other sites More sharing options...
Staff screen317 Posted February 21, 2011 Staff ID:391508 Share Posted February 21, 2011 Hi,Perform all of the below that apply to you:Set Exclusions for Malwarebytes' Anti-Malware in Microsoft Security Essentials on 32 bit Windows Versions:Open Microsoft Security Essentials and click on Settings at the topClick on Excluded processes on the leftClick on the Add... buttonClick on the + next to your primary hard drive (usually C:)Click on the + next to Program FilesClick on the + next to Malwarebytes' Anti-MalwareClick once on mbam.exe and click on OKRepeat steps 3-7 for the following files:C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[*]Click on Save at the bottom and click Continue if prompted[*]Close Microsoft Security EssentialsSet Exclusions for Malwarebytes' Anti-Malware in Microsoft Security Essentials on 64 bit Windows Versions:Open Microsoft Security Essentials and click on Settings at the topClick on Excluded processes on the leftClick on the Add... buttonClick on the + next to your primary hard drive (usually C:)Click on the + next to Program Files (x86)Click on the + next to Malwarebytes' Anti-MalwareClick once on mbam.exe and click on OKRepeat steps 3-7 for the following files:C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[*]Click on Save at the bottom and click Continue if prompted[*]Close Microsoft Security EssentialsSet Exclusions for Microsoft Security Essentials in Malwarebytes' Anti-Malware:Open Malwarebytes' Anti-Malware and click on the Ignore List tabClick the Add button on the lower leftIn the small browse window that opens, navigate to C:\Program Files and click once on Microsoft Security Essentials and click OKClose Malwarebytes' Anti-MalwareSet Exclusions for Microsoft Security Essentials 2.x in Malwarebytes' Anti-Malware:Open Malwarebytes' Anti-Malware and click on the Ignore List tabClick the Add button on the lower leftIn the small browse window that opens, navigate to C:\Program Files and click once on Microsoft Security Client and click OKClose Malwarebytes' Anti-Malware Link to post Share on other sites More sharing options...
Staff screen317 Posted March 1, 2011 Staff ID:395010 Share Posted March 1, 2011 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts