Jump to content

Elmiating Outgoing websites


vflores
 Share

Recommended Posts

I have on my computer Superantispyware and Malwarebytes running. I uploaded Malwarebytes because was unable to remove infection. After a few attempts I was able to successfully uploaded Malwarebytes and run it. The software did an awesome job and eliminated almost everything that was plaguing my computer. Now what I have left are balloon notifications: Malwarebytes anti malware Successfully blocked accesses to a potentially malicious website(then one of following websites would pop up: 194.60.205.22; 89.187.53.53; 91.212.226.5; 94.228.209.216; 94.228.209.213; 91.193.194.138; 91.193.194.137; 91.193.194.136; 91.193.194.9; 212.117.177.13; 91.212.226.5 or 91.212.226.179. then saying type: out going. Today I ran DeFogger, DDS, and Gemer See attachments. I would like eliminate the rest of these viruses.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please post all logs directly into your reply instead of attaching them.

Update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post DDS.txt directly into your reply.

Link to post
Share on other sites

ok here is the art.txt:

GMER 1.0.15.15530 - http://www.gmer.net

Rootkit scan 2011-01-29 12:32:31

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 Maxtor_4A250J0 rev.RAMB1TU0

Running: xjs7dhix.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uxtdrpob.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEB975620]

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A9000A

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00AA000A

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A8000C

.text C:\WINDOWS\System32\svchost.exe[1124] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 01AE000A

.text C:\WINDOWS\System32\svchost.exe[1124] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00F5000A

.text C:\WINDOWS\Explorer.EXE[3536] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E2000A

.text C:\WINDOWS\Explorer.EXE[3536] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E3000A

.text C:\WINDOWS\Explorer.EXE[3536] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E1000C

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T1L0-17 8772439B

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8772439B

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8772439B

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-f 8772439B

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskMaxtor_4A250J0__________________________RAMB1TU0#38413830585a453920

2020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Photosmart C4700 series@ChangeID 4069484

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- EOF - GMER 1.0.15 ----

And here is the Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 7/11/2005 12:21:00 PM

System Uptime: 1/29/2011 11:14:08 AM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | P4S533VL

Processor: Intel® Pentium® 4 CPU 3.06GHz | PGA 478 | 3059/133mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 234 GiB total, 185.955 GiB free.

D: is Removable

E: is CDROM ()

F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:

Description:

Device ID: ROOT\LEGACY_WINIO\0000

Manufacturer:

Name:

PNP Device ID: ROOT\LEGACY_WINIO\0000

Service:

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}

Description: Photosmart C4700 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart C4700 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

==== System Restore Points ===================

==== Installed Programs ======================

32 Bit HP CIO Components Installer

Acrobat.com

Ad-Aware

Adobe Acrobat 4.0

Adobe Acrobat 5.0

Adobe AIR

Adobe Download Manager

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Photoshop Elements

Adobe Reader 9.4.1

Adobe Shockwave Player 11.5

Adobe SVG Viewer

Agere Systems AC'97 Modem

Apple Software Update

Batch Update

Bible Data Type System Files

BufferChm

C4700

Canon Camera Access Library

Canon Camera Support Core Library

Canon Camera Window DC_DV 5 for ZoomBrowser EX

Canon Camera Window DC_DV 6 for ZoomBrowser EX

Canon Camera Window MC 6 for ZoomBrowser EX

Canon G.726 WMP-Decoder

Canon MovieEdit Task for ZoomBrowser EX

Canon PhotoRecord

Canon RAW Image Task for ZoomBrowser EX

Canon RemoteCapture Task for ZoomBrowser EX

Canon Utilities EOS Utility

Canon Utilities PhotoStitch

Canon Utilities ZoomBrowser EX

Clause Visualizer

Click to DVD 1.1

Common System Files

Compact Wireless-G USB Adapter

Creative Driver

Critical Update for Windows Media Player 11 (KB959772)

Destinations

DeviceDiscovery

DVD Creation

DVgate

Experience VAIO

Google Toolbar for Internet Explorer

GPBaseService2

Graphical Query Editor

Help and Support

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Customer Participation Program 13.0

hp deskjet 940c series

HP Imaging Device Functions 13.0

HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6

HP Print Projects 1.0

HP Smart Web Printing 4.60

HP Solution Center 13.0

HP Update

hpPrintProjects

HPProductAssistant

HPSSupply

hpWLPGInstaller

ImageStation Tour

InterActual Player

ISScript

Java 6 Update 17

JumpStart Advanced Preschool

JumpStart Advanced School Time

JumpStart Art for Fun

JumpStart Languages

JumpStart Phonics

JumpStart Spelling

Learn Excel 2007 Essential Skills with The Smart Method Vsn 1.0

Libronix Digital Library System

Libronix DLS Application

Libronix DLS Shortcuts

LibronixUpdate

LLS Resource Driver

Macromedia Shockwave Player

Malwarebytes' Anti-Malware

MarketResearch

Mastering Middle School 2009

Math Blaster Ages 4-6

MediaMonkey 3.2

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Learning and Research Plus Support Files

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edition 2003

Microsoft Picture It! Express 7.0

Microsoft Security Essentials

Microsoft User-Mode Driver Framework Feature Pack 1.7

Microsoft Visual C Runtime

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft WinUsb 1.0

Minute Menu Kids

MoodLogic

MovieShaker 3.3

Mozilla Firefox (3.6.13)

MSN Internet Software

MSN Messenger 5.0

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Music Visualizer Library 1.4.00

Network

Network Smart Capture

Novacomd

NVIDIA Windows 2000/XP Display Drivers

OEB Resource Driver

OpenMG Limited Patch 3.1-02-10-22-01

OpenMG Limited Patch 3.1-02-10-23-01

OpenMG Secure Module 3.1

PDF Resource Driver

Pdf995

PdfEdit995

PerSonoCall

PicoPlayer

PicoPlayer Demo

PicoPlayerSplashScreen

PictureGear Studio 1.0

PowerDVD

Print Server Driver

PS_AIO_06_C4700_SW_Min

Quicken 2005

QuickTime

RealPlayer

RealProducer Basic 8.5

Rhapsody Player Engine

Rosetta Stone 2.1.3.0A

SBC Yahoo! DSL Home Networking Installer

Scan

Screenblast ACID 2.0a

Screenblast Sound Forge 1.0b

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Sentence Diagramming

Shockwave

Shop for HP Supplies

Signature995

SiS Compatible VGA V2.09s

SmartWebPrinting

SolutionCenter

SonicStage 1.5.05

Sony Certificate PCH

Sony DV Shared Library

Sony on Yahoo! Essentials

Spelling Dictionaries Support For Adobe Reader 9

Status

SUPERAntiSpyware Professional

Support Actions WinXP

SupportComPatch

TestSim BiEdSupplemental

the sample files needed for the course

TimeBridge Connector for Outlook v1.19.236.14405

Toolbox

TrayApp

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

URGE

VAIO Action Setup

VAIO Media 2.0

VAIO Media Installer 2.0

VAIO Media Music Server 2.0

VAIO Media Photo Server 2.0

VAIO Media Platform 2.0

VAIO Registration

VAIO Serenus Wallpaper

VAIO Support

VAIO Survey Standalone

VAIO System Information

VERITAS RecordNow

VERITAS RecordNow Update Manager

Video Resource Driver

WebFldrs XP

WebReg

Windows Driver Package - Palm (WinUSB) Palm Devices (11/30/2008 1.0.0)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WordPerfect Office 2002

Yahoo! Install Manager

Z 39.50 Library

==== End Of File ===========================

and here is the DDS.txt

DDS (Ver_10-12-12.02) - NTFSx86

Run by Owner at 11:27:18.28 on Sat 01/29/2011

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.407 [GMT -6:00]

AV: Microsoft Security Essentials *Enabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe

C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Owner\Application Data\TimeBridge\TimeBridge Connector for Outlook\TimeBridgeConnectorForOutlook.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Documents and Settings\Owner\Desktop\Defogger.exe

C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.foxnews.com

uInternet Settings,ProxyOverride = <local>

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [TimeBridge Connector for Outlook] "c:\documents and settings\owner\application data\timebridge\timebridge connector for outlook\TimeBridgeConnectorForOutlook.exe"

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [CTHelper] CTHELPER.EXE

mRun: [QuickFinder Scheduler] "c:\program files\corel\wordperfect office 2002\programs\QFSCHD100.EXE"

mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRunOnce: [setDefaultMidi] MIDIDEF.EXE

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121112359438

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121112210891

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: {7232894C-42A4-46E4-AD01-065D229B1951} = 4.2.2.1

TCP: {CA0154F2-AAEC-4920-AAEF-074E988571A0} = 4.2.2.1 209.18.47.61 209.18.47.62

Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll

Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

AppInit_DLLs: c:\windows\system32\kbdsock.dll pinofivu.dll c:\windows\system32\zilolilo.dll robenala.dll c:\windows\system32\yijazowi.dll c:\windows\system32\yawiziga.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

LSA: Notification Packages = scecli vuseyiju.dll vagazodi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z1zp1glf.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com

FF - prefs.js: network.proxy.type - 4

FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]

R1 MpKsl40b013de;MpKsl40b013de;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bc470090-3f26-466a-968f-7ae61cba369f}\MpKsl40b013de.sys [2011-1-29 28752]

R1 MpKsl95b7b5e2;MpKsl95b7b5e2;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bc470090-3f26-466a-968f-7ae61cba369f}\MpKsl95b7b5e2.sys [2011-1-29 28752]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 67656]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-28 20952]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S1 MpKsl0ee91ba2;MpKsl0ee91ba2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{61c3958e-3650-4372-bf45-b27dff0d303b}\mpksl0ee91ba2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{61c3958e-3650-4372-bf45-b27dff0d303b}\MpKsl0ee91ba2.sys [?]

S1 MpKsl3177900d;MpKsl3177900d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{61c3958e-3650-4372-bf45-b27dff0d303b}\mpksl3177900d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{61c3958e-3650-4372-bf45-b27dff0d303b}\MpKsl3177900d.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [2006-12-29 247808]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

=============== Created Last 30 ================

2011-01-29 17:15:11 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{bc470090-3f26-466a-968f-7ae61cba369f}\MpKsl95b7b5e2.sys

2011-01-29 16:30:07 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{bc470090-3f26-466a-968f-7ae61cba369f}\MpKsl40b013de.sys

2011-01-29 06:07:14 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{bc470090-3f26-466a-968f-7ae61cba369f}\MpKsld7c1a929.sys

2011-01-29 04:16:23 5890896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{bc470090-3f26-466a-968f-7ae61cba369f}\mpengine.dll

2011-01-28 23:53:15 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes

2011-01-28 23:52:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-28 23:52:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-01-28 23:52:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-28 23:52:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-27 22:40:10 1409 ----a-w- c:\windows\QTFont.for

2011-01-24 05:39:49 0 ----a-w- c:\windows\Rfusi.bin

2011-01-24 05:39:48 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\{CAE38E14-5CD8-4698-9978-9420F7C3CDF5}

2011-01-24 05:37:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\gBkJmDg00000

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll

2010-11-09 14:28:41 49 ----a-w- c:\windows\wpd99.drv

2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:34:11 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-11-06 00:34:11 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2010-11-06 00:34:11 17408 ----a-w- c:\windows\system32\corpol.dll

2010-11-03 12:25:53 389120 ----a-w- c:\windows\system32\html.iec

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: Maxtor_4A250J0 rev.RAMB1TU0 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x87724555]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8772a7b0]; MOV EAX, [0x8772a82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8776EAB8]

3 CLASSPNP[0xF778EFD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000074[0x877739E8]

5 ACPI[0xF76E5620] -> nt!IofCallDriver[0x804E13B9] -> [0x87759940]

\Driver\atapi[0x877A61D8] -> IRP_MJ_CREATE -> 0x87724555

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskMaxtor_4A250J0__________________________RAMB1TU0#38413830585a453920

2020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

\Driver\atapi DriverStartIo -> 0x8772439B

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

============= FINISH: 11:41:39.48 ===============

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

Hi,

My apologies for the delay.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

2011/02/01 10:44:01.0406 2240 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03

2011/02/01 10:44:01.0906 2240 ================================================================================

2011/02/01 10:44:01.0906 2240 SystemInfo:

2011/02/01 10:44:01.0906 2240

2011/02/01 10:44:01.0906 2240 OS Version: 5.1.2600 ServicePack: 3.0

2011/02/01 10:44:01.0906 2240 Product type: Workstation

2011/02/01 10:44:01.0906 2240 ComputerName: AMADA

2011/02/01 10:44:01.0906 2240 UserName: Owner

2011/02/01 10:44:01.0906 2240 Windows directory: C:\WINDOWS

2011/02/01 10:44:01.0906 2240 System windows directory: C:\WINDOWS

2011/02/01 10:44:01.0906 2240 Processor architecture: Intel x86

2011/02/01 10:44:01.0906 2240 Number of processors: 2

2011/02/01 10:44:01.0906 2240 Page size: 0x1000

2011/02/01 10:44:01.0906 2240 Boot type: Normal boot

2011/02/01 10:44:01.0906 2240 ================================================================================

2011/02/01 10:44:03.0015 2240 Initialize success

2011/02/01 10:44:08.0484 3964 ================================================================================

2011/02/01 10:44:08.0484 3964 Scan started

2011/02/01 10:44:08.0484 3964 Mode: Manual;

2011/02/01 10:44:08.0484 3964 ================================================================================

2011/02/01 10:44:09.0859 3964 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/02/01 10:44:09.0984 3964 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/02/01 10:44:10.0203 3964 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/02/01 10:44:10.0359 3964 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/02/01 10:44:10.0578 3964 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/02/01 10:44:10.0828 3964 AgereSoftModem (ed5c8b22de2021339a7c7fccfe5c5d7e) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

2011/02/01 10:44:11.0375 3964 AIRPLUS (8b9ccded592a52e9c27e862f11a29c4d) C:\WINDOWS\system32\DRIVERS\airplus.sys

2011/02/01 10:44:11.0718 3964 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/02/01 10:44:12.0250 3964 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/02/01 10:44:12.0328 3964 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/02/01 10:44:12.0531 3964 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/02/01 10:44:12.0750 3964 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/02/01 10:44:12.0890 3964 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS

2011/02/01 10:44:13.0062 3964 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/02/01 10:44:13.0234 3964 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/02/01 10:44:13.0375 3964 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/02/01 10:44:13.0562 3964 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/02/01 10:44:13.0671 3964 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/02/01 10:44:13.0875 3964 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/02/01 10:44:14.0390 3964 ctac32k (c2eae43e39fd5b0908819bfb81f19d85) C:\WINDOWS\system32\drivers\ctac32k.sys

2011/02/01 10:44:14.0531 3964 ctaud2k (19a6ca6f8f5fee718996bd0d756d0582) C:\WINDOWS\system32\drivers\ctaud2k.sys

2011/02/01 10:44:14.0734 3964 ctprxy2k (76f7f27e2df96daa0c9b91942ab43893) C:\WINDOWS\system32\drivers\ctprxy2k.sys

2011/02/01 10:44:14.0890 3964 ctsfm2k (96ab6fd19e28e74b89a55c98d5d22291) C:\WINDOWS\system32\drivers\ctsfm2k.sys

2011/02/01 10:44:15.0218 3964 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/02/01 10:44:15.0406 3964 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/02/01 10:44:15.0609 3964 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys

2011/02/01 10:44:15.0781 3964 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/02/01 10:44:16.0125 3964 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/02/01 10:44:16.0296 3964 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/02/01 10:44:16.0562 3964 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/02/01 10:44:16.0718 3964 emupia (8955251ce7cc14913693165fb25a155f) C:\WINDOWS\system32\drivers\emupia2k.sys

2011/02/01 10:44:16.0921 3964 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/02/01 10:44:17.0031 3964 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/02/01 10:44:17.0203 3964 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/02/01 10:44:17.0312 3964 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/02/01 10:44:17.0546 3964 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/02/01 10:44:17.0703 3964 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/02/01 10:44:17.0812 3964 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/02/01 10:44:17.0968 3964 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

2011/02/01 10:44:18.0078 3964 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/02/01 10:44:18.0234 3964 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS

2011/02/01 10:44:18.0453 3964 ha10kx2k (5295ee59854289800320eab6c6464147) C:\WINDOWS\system32\drivers\ha10kx2k.sys

2011/02/01 10:44:18.0671 3964 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/02/01 10:44:18.0937 3964 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/02/01 10:44:19.0078 3964 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/02/01 10:44:19.0203 3964 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/02/01 10:44:19.0421 3964 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/02/01 10:44:19.0796 3964 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/02/01 10:44:19.0890 3964 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/02/01 10:44:20.0218 3964 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/02/01 10:44:20.0343 3964 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/02/01 10:44:20.0468 3964 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/02/01 10:44:20.0593 3964 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/02/01 10:44:20.0718 3964 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/02/01 10:44:20.0843 3964 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/02/01 10:44:20.0921 3964 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/02/01 10:44:21.0015 3964 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/02/01 10:44:21.0140 3964 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/02/01 10:44:21.0296 3964 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/02/01 10:44:21.0468 3964 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/02/01 10:44:21.0781 3964 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys

2011/02/01 10:44:21.0937 3964 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys

2011/02/01 10:44:22.0078 3964 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/02/01 10:44:22.0250 3964 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/02/01 10:44:22.0437 3964 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/02/01 10:44:22.0578 3964 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/02/01 10:44:22.0781 3964 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/02/01 10:44:22.0937 3964 MpFilter (eb950bfe2432d4fdcd2dda9ca7665055) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

2011/02/01 10:44:23.0265 3964 MpKsl5931137d (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{41ABE071-5119-4A68-A112-B73071F39A4D}\MpKsl5931137d.sys

2011/02/01 10:44:23.0546 3964 MpKslc2e9c136 (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{41ABE071-5119-4A68-A112-B73071F39A4D}\MpKslc2e9c136.sys

2011/02/01 10:44:23.0796 3964 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

2011/02/01 10:44:24.0015 3964 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

2011/02/01 10:44:24.0296 3964 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/02/01 10:44:24.0515 3964 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/02/01 10:44:24.0750 3964 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/02/01 10:44:24.0859 3964 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/02/01 10:44:24.0937 3964 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/02/01 10:44:25.0015 3964 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/02/01 10:44:25.0187 3964 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/02/01 10:44:25.0343 3964 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/02/01 10:44:25.0546 3964 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/02/01 10:44:25.0625 3964 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/02/01 10:44:25.0765 3964 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/02/01 10:44:25.0937 3964 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys

2011/02/01 10:44:26.0046 3964 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/02/01 10:44:26.0296 3964 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/02/01 10:44:26.0406 3964 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/02/01 10:44:26.0562 3964 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/02/01 10:44:26.0718 3964 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/02/01 10:44:26.0906 3964 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/02/01 10:44:27.0062 3964 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/02/01 10:44:27.0218 3964 netr73 (2dd6bb85c8bdae6116565ab5beca4f7c) C:\WINDOWS\system32\DRIVERS\netr73.sys

2011/02/01 10:44:27.0453 3964 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/02/01 10:44:27.0687 3964 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/02/01 10:44:27.0875 3964 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/02/01 10:44:28.0109 3964 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/02/01 10:44:28.0312 3964 nv (16e3095560cb731edd9966b9294fce18) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/02/01 10:44:28.0546 3964 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/02/01 10:44:28.0750 3964 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/02/01 10:44:28.0937 3964 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/02/01 10:44:29.0140 3964 ossrv (efa821d3e0bd123dc7d78714179c43f5) C:\WINDOWS\system32\drivers\ctoss2k.sys

2011/02/01 10:44:29.0296 3964 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/02/01 10:44:29.0453 3964 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/02/01 10:44:29.0625 3964 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/02/01 10:44:29.0812 3964 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/02/01 10:44:30.0078 3964 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/02/01 10:44:30.0218 3964 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/02/01 10:44:30.0906 3964 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/02/01 10:44:31.0062 3964 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/02/01 10:44:31.0218 3964 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/02/01 10:44:31.0359 3964 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/02/01 10:44:31.0515 3964 PxHelp20 (951d4769ba5b8a3c58404b5cef4a65ca) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

2011/02/01 10:44:32.0062 3964 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/02/01 10:44:32.0218 3964 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/02/01 10:44:32.0312 3964 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/02/01 10:44:32.0453 3964 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/02/01 10:44:32.0578 3964 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/02/01 10:44:32.0812 3964 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/02/01 10:44:32.0968 3964 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/02/01 10:44:33.0109 3964 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/02/01 10:44:33.0281 3964 RT73 (cb20f16afdba63707fb971e0922edec1) C:\WINDOWS\system32\DRIVERS\rt73.sys

2011/02/01 10:44:33.0437 3964 rtl8139 (d0ac0b0355a3ffb85eb77b083cd0627c) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS

2011/02/01 10:44:33.0671 3964 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2011/02/01 10:44:33.0765 3964 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

2011/02/01 10:44:33.0859 3964 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2011/02/01 10:44:34.0031 3964 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/02/01 10:44:34.0203 3964 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/02/01 10:44:34.0359 3964 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/02/01 10:44:34.0593 3964 SiS315 (80ca473eebd2bbaeab7e62b1b03cbe03) C:\WINDOWS\system32\DRIVERS\sisgrp.sys

2011/02/01 10:44:34.0796 3964 sisagp (1630fbdbcb0cf3a60c02b6f140bab98b) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys

2011/02/01 10:44:34.0968 3964 SiSkp (0ba1bc20204db877236eb5f674879ed5) C:\WINDOWS\system32\drivers\srvkp.sys

2011/02/01 10:44:35.0093 3964 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/02/01 10:44:35.0265 3964 soma (9ba63b0798e0e5f75d148dcef4098e8a) C:\WINDOWS\system32\DRIVERS\soma.sys

2011/02/01 10:44:35.0453 3964 SONYWBMS (e6320f02dc53402bbff34f0d0a5fee51) C:\WINDOWS\system32\DRIVERS\SonyWBMS.SYS

2011/02/01 10:44:35.0640 3964 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/02/01 10:44:35.0828 3964 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/02/01 10:44:36.0000 3964 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/02/01 10:44:36.0296 3964 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

2011/02/01 10:44:36.0453 3964 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/02/01 10:44:36.0640 3964 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/02/01 10:44:36.0843 3964 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/02/01 10:44:37.0390 3964 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/02/01 10:44:37.0578 3964 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/02/01 10:44:37.0781 3964 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/02/01 10:44:37.0937 3964 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/02/01 10:44:38.0078 3964 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/02/01 10:44:38.0656 3964 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/02/01 10:44:38.0968 3964 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/02/01 10:44:39.0218 3964 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/02/01 10:44:39.0343 3964 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/02/01 10:44:39.0484 3964 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/02/01 10:44:39.0625 3964 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/02/01 10:44:39.0796 3964 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/02/01 10:44:39.0984 3964 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/02/01 10:44:40.0109 3964 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/02/01 10:44:40.0250 3964 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/02/01 10:44:40.0406 3964 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/02/01 10:44:40.0640 3964 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/02/01 10:44:40.0859 3964 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/02/01 10:44:41.0031 3964 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

2011/02/01 10:44:41.0296 3964 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/02/01 10:44:41.0484 3964 WDM_YAMAHAAC97 (ca4d9ade72b8e5a1802a452c4c0a5170) C:\WINDOWS\system32\drivers\yacxgc.sys

2011/02/01 10:44:41.0703 3964 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys

2011/02/01 10:44:41.0875 3964 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/02/01 10:44:42.0062 3964 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/02/01 10:44:42.0218 3964 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/02/01 10:44:42.0343 3964 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/02/01 10:44:42.0484 3964 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/02/01 10:44:42.0484 3964 ================================================================================

2011/02/01 10:44:42.0484 3964 Scan finished

2011/02/01 10:44:42.0484 3964 ================================================================================

2011/02/01 10:44:42.0515 1412 Detected object count: 1

2011/02/01 10:45:57.0609 1412 \HardDisk0 - will be cured after reboot

2011/02/01 10:45:57.0609 1412 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2011/02/01 10:46:04.0265 3760 Deinitialize success

Link to post
Share on other sites

Chris,

thanks for your help. I no longer see the balloon notifications: Malwarebytes anti malware Successfully blocked accesses to a potentially malicious website does that mean my computer is clean?

one last thing do I need to keep superantispyware on my computer since I have and im using malwarebytes? thanks again for all your help

Link to post
Share on other sites

  • Staff

Hi,

Let's see if any part of the infection is still around.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

here you go Chris--not sure how to access the ComboFix.txt, but here is the log

ComboFix 11-02-11.01 - Owner 02/11/2011 17:49:14.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.456 [GMT -6:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\documents and settings\Owner\Application Data\Adobe\AdobeUpdate .exe

c:\documents and settings\Owner\Application Data\Adobe\plugs

c:\documents and settings\Owner\Recent\Thumbs.db

c:\documents and settings\Owner\Start Menu\Programs\Windows Scan

C:\s

c:\windows\desktop

c:\windows\system32\11478.exe

c:\windows\system32\15724.exe

c:\windows\system32\18467.exe

c:\windows\system32\19169.exe

c:\windows\system32\26500.exe

c:\windows\system32\6334.exe

c:\windows\Tasks\kghchqgz.job

----- BITS: Possible infected sites -----

hxxp://app.timebridge.com

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_6TO4

((((((((((((((((((((((((( Files Created from 2011-01-12 to 2011-02-12 )))))))))))))))))))))))))))))))

.

2011-02-12 00:25 . 2011-02-12 00:25 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{53D05EF8-D038-4033-AB9F-DF5D681506E2}\MpKsl6591a0a1.sys

2011-02-11 23:28 . 2011-02-11 23:28 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS

2011-02-11 13:52 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{53D05EF8-D038-4033-AB9F-DF5D681506E2}\mpengine.dll

2011-01-28 23:53 . 2011-01-28 23:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2011-01-28 23:52 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-28 23:52 . 2011-01-28 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-01-28 23:52 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-28 23:52 . 2011-01-28 23:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-28 15:25 . 2011-01-28 15:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-01-27 22:40 . 2011-01-27 22:40 1409 ----a-w- c:\windows\QTFont.for

2011-01-24 05:39 . 2011-01-24 05:39 0 ----a-w- c:\windows\Rfusi.bin

2011-01-24 05:39 . 2011-01-24 05:39 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{CAE38E14-5CD8-4698-9978-9420F7C3CDF5}

2011-01-24 05:37 . 2011-01-24 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\gBkJmDg00000

2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-01-21 14:44 . 2002-12-05 01:15 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-13 09:41 . 2010-01-13 18:07 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-01-07 14:09 . 2002-12-05 01:14 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10 . 2002-12-05 01:15 1854976 ----a-w- c:\windows\system32\win32k.sys

2010-12-22 12:34 . 2002-12-05 01:15 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-20 23:08 . 2005-07-11 18:34 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-12-20 23:08 . 2002-12-05 01:15 832512 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 23:08 . 2002-12-05 01:15 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2010-12-20 23:08 . 2002-12-05 01:14 17408 ----a-w- c:\windows\system32\corpol.dll

2010-12-20 17:26 . 2002-12-05 01:15 730112 ----a-w- c:\windows\system32\lsasrv.dll

2010-12-20 12:55 . 2005-07-11 18:34 389120 ----a-w- c:\windows\system32\html.iec

2010-12-09 15:15 . 2002-12-05 01:15 718336 ----a-w- c:\windows\system32\ntdll.dll

2010-12-09 14:30 . 2002-12-05 01:14 33280 ----a-w- c:\windows\system32\csrsrv.dll

2010-12-09 13:42 . 2002-08-29 01:04 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-12-09 13:07 . 2002-08-29 01:04 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-11-18 18:12 . 2002-12-05 02:22 81920 ----a-w- c:\windows\system32\isign32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-08 68856]

"TimeBridge Connector for Outlook"="c:\documents and settings\Owner\Application Data\TimeBridge\TimeBridge Connector for Outlook\TimeBridgeConnectorForOutlook.exe" [2008-10-07 32768]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-13 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2002-11-07 4243456]

"CTHelper"="CTHELPER.EXE" [2002-11-08 24576]

"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" [2002-08-15 77887]

"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-25 28672]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-22 196608]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SetDefaultMidi"="MIDIDEF.EXE" [2002-03-01 61440]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-7-11 113664]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Documents and Settings\\Owner\\Application Data\\TimeBridge\\TimeBridge Connector for Outlook\\TimeBridgeConnectorForOutlook.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\Common Files\\Motive\\McciCMService.exe"=

"c:\\WINDOWS\\system32\\msiexec.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 MpKsl6591a0a1;MpKsl6591a0a1;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{53D05EF8-D038-4033-AB9F-DF5D681506E2}\MpKsl6591a0a1.sys [2/11/2011 6:25 PM 28752]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 67656]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/28/2011 5:52 PM 363344]

R2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacom\x86\novacomd.exe [11/6/2009 12:03 PM 33280]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/28/2011 5:52 PM 20952]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S1 MpKsl0ee91ba2;MpKsl0ee91ba2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{61C3958E-3650-4372-BF45-B27DFF0D303B}\MpKsl0ee91ba2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{61C3958E-3650-4372-BF45-B27DFF0D303B}\MpKsl0ee91ba2.sys [?]

S1 MpKsl29feec08;MpKsl29feec08;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{53D05EF8-D038-4033-AB9F-DF5D681506E2}\MpKsl29feec08.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{53D05EF8-D038-4033-AB9F-DF5D681506E2}\MpKsl29feec08.sys [?]

S1 MpKsl3177900d;MpKsl3177900d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{61C3958E-3650-4372-BF45-B27DFF0D303B}\MpKsl3177900d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{61C3958E-3650-4372-BF45-B27DFF0D303B}\MpKsl3177900d.sys [?]

S1 MpKsl5ae886b2;MpKsl5ae886b2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14747A3B-2801-49E3-B655-733828A2C8A5}\MpKsl5ae886b2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14747A3B-2801-49E3-B655-733828A2C8A5}\MpKsl5ae886b2.sys [?]

S1 MpKsl5dd158f9;MpKsl5dd158f9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{41ABE071-5119-4A68-A112-B73071F39A4D}\MpKsl5dd158f9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{41ABE071-5119-4A68-A112-B73071F39A4D}\MpKsl5dd158f9.sys [?]

S1 MpKsl5e5beec9;MpKsl5e5beec9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BC7CD8A9-6782-4A1F-ABB2-522852484730}\MpKsl5e5beec9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BC7CD8A9-6782-4A1F-ABB2-522852484730}\MpKsl5e5beec9.sys [?]

S1 MpKsl7ae0156b;MpKsl7ae0156b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2B3E8352-CB05-44AA-9357-AA8DF41F16E1}\MpKsl7ae0156b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2B3E8352-CB05-44AA-9357-AA8DF41F16E1}\MpKsl7ae0156b.sys [?]

S1 MpKsle3f6a898;MpKsle3f6a898;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14747A3B-2801-49E3-B655-733828A2C8A5}\MpKsle3f6a898.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14747A3B-2801-49E3-B655-733828A2C8A5}\MpKsle3f6a898.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]

S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [12/29/2006 1:49 AM 247808]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MPKSL6591A0A1

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

2011-02-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 18:42]

2011-02-12 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 23:36]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.foxnews.com

uInternet Settings,ProxyOverride = <local>

TCP: {7232894C-42A4-46E4-AD01-065D229B1951} = 4.2.2.1

TCP: {CA0154F2-AAEC-4920-AAEF-074E988571A0} = 4.2.2.1 209.18.47.61 209.18.47.62

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z1zp1glf.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com

FF - prefs.js: network.proxy.type - 4

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

- - - - ORPHANS REMOVED - - - -

AddRemove-Creative Driver - c:\windows\System32\ctdrvins

AddRemove-Macromedia Shockwave Player - c:\windows\system32\Macromed\SHOCKW~2\UNWISE.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-02-11 18:27

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)

c:\windows\system32\GTGina.dll

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll

- - - - - - - > 'explorer.exe'(572)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Essentials\MsMpEng.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\System32\nvsvc32.exe

c:\program files\Sony\VAIO Media Music Server\SSSvr.exe

c:\program files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

c:\program files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

c:\program files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

c:\program files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

c:\program files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Completion time: 2011-02-11 18:41:57 - machine was rebooted

ComboFix-quarantined-files.txt 2011-02-12 00:41

Pre-Run: 200,531,779,584 bytes free

Post-Run: 205,234,540,544 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 097C8098F696C982D5C67F0516132D77

Link to post
Share on other sites

  • Staff

Hi,

Things are looking good. Something seems off with your antivirus though. Let's get it back to working correctly.

Print out these instructions for reference; you'll be disconnecting from the Internet temporarily during part of this fix:

First, download the installer for the latest version of Microsoft Security Essentials (click Download Now and click the download for Windows XP). Save it to your Desktop but do not run it yet.

Next, Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, disconnect from the Internet; physically unplug the cable or turn off wireless.

Next, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Microsoft Antimalware

Microsoft Security Essentials

Java

Link to post
Share on other sites

Chris,

below are reports you requested. I do have a quick question. go now i have 3 spy-ware running on my computer. supperantispyware, malwarebytes and now Microsoft essential securities. do I still need superantispyware?

here is combofix.txt:

ComboFix 11-02-13.04 - Owner 02/14/2011 18:00:10.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.489 [GMT -6:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Enabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE60066B-6A2F-4D66-B45D-3A82D4EE8BAA}\mpasbase.vdm

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE60066B-6A2F-4D66-B45D-3A82D4EE8BAA}\mpasdlta.vdm

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE60066B-6A2F-4D66-B45D-3A82D4EE8BAA}\mpavbase.vdm

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE60066B-6A2F-4D66-B45D-3A82D4EE8BAA}\mpavdlta.vdm

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE60066B-6A2F-4D66-B45D-3A82D4EE8BAA}\mpengine.dll

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE60066B-6A2F-4D66-B45D-3A82D4EE8BAA}\MpKsl0520b90b.sys

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE60066B-6A2F-4D66-B45D-3A82D4EE8BAA}\MpKsl87d66726.sys

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpasbase.vdm

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpasdlta.vdm

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpavbase.vdm

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpavdlta.vdm

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{06C4E997-5187-4593-2F5E-8714346F1B5A}-47432ed1-2af0d9d8

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{1203786F-4691-47BE-89C2-EADDE9CE3133}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{4447D16D-CFAE-ED94-9C81-3199DF41DB7B}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{81A22F4A-21DD-11CB-A0ED-554E450F2739}-SMSS.EXE

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{99CA1739-B0F1-7B98-7475-262362D266BD}-ComboFix.exe

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{DD5928DB-8B39-31C3-C3EF-91C37E127E64}-extract.cfxxe

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{FFB8085D-F47B-A888-7A93-CBC19FCC3587}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Quick\{0E999FA4-5B21-431B-95D9-1C217848124D}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Quick\{5A59C72E-B485-4F07-B22F-F5708D0396D2}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Quick\{BFB3E8BF-A41D-47CB-BB24-A606EB952800}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{025B5A1C-3659-49BD-A051-517AED553EDB}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{069C15E9-48C6-4C3B-B910-D274E584D59D}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{0C08B7DA-2019-4142-9B82-99CD8B78C59F}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{0F9B0DDF-58EA-49C0-9658-822FFDF38C35}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{1203786F-4691-47BE-89C2-EADDE9CE3133}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{20EC9BAA-53FD-4562-AB01-58BCAFF3C74D}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{22B7C7FD-5887-47BA-A280-5883DE44E99D}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{25684AB7-8583-484A-9CB8-8D500E8AA626}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{26288F2E-FAC9-4A42-844B-065EEE97C146}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2835BFDF-6868-4DF6-8140-9ECDB632926B}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2BCCBD9F-9D41-49D6-BD37-447CFB449B21}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{31A011C7-A63D-4DD4-9238-5DC40D051661}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{32D5F838-E9D8-4001-9100-D4A56CE7A486}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{3372CD12-EDEF-4C2E-AC5D-4B415EC23D40}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{3C32A9F6-580B-4C56-97C5-31E8678598D4}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{4B673490-F1F6-45FC-AAE0-AC8563D31A98}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{4E25C3A2-5906-424C-8B52-01218A0D365B}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{52076EC7-01E4-43AC-9F1B-9C8CD03BBA0D}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{5741B314-4FBF-486A-B4CA-387BEA4DF656}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{6480B0E5-C48B-4CD7-B0B6-DA586A7F2530}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{751FFEF2-3854-4F70-BEF4-77AC9C7FD4BF}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{801316D4-0266-4836-B207-31F021A086F4}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{83A53B7B-CEB6-4C38-930B-C85F8EF98883}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{8713FEF5-79C1-4799-A02F-0C888309757E}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{878C3242-3305-4E3C-A31A-89FA95B2A969}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{886CF5BA-ACE3-4F64-87BF-657486EA4E9B}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{8A43DC95-BA91-4731-BF4D-1AA5094272C9}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{9C32A011-EB71-4569-B244-FB5272C24D64}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{9EBE8424-3AAC-4EE4-A3DC-5C3AA852D848}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A235AD5D-B64F-4E96-B9D3-FFF588EE2559}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{AA063986-62BA-4369-A1A1-10FF1C98245D}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{AA2E1687-8008-4A9B-9ABB-60FA5803A149}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B18FA2D8-447D-4AEE-891F-DAA3D060872A}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B2554B35-6891-46AE-99CF-879D774C2492}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B488E1A4-A412-4CF4-9B2F-47983C6E96C5}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B9BAA711-A9C4-4FC8-A6F1-50B7A09363C0}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{BB5E4FB2-C394-46BF-92BC-508A719B238E}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{C71A8324-E15E-41EC-9335-C8098BB823AE}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{C83E4453-A8DE-4829-9EFB-490187EAFB22}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{CD25DFCD-16C0-4817-848B-94853AEBC3B5}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D2D91BF4-B4C0-4F28-9D5B-E38015D6CC92}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D3066169-DB23-4409-A0D6-95C724B48C76}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{DECB7BC7-580B-43E1-A9D6-55AFCFBD87AF}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{E4E7B92D-CC2D-40B9-A009-7CBE53CCBD2F}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{E973557E-D94E-4566-AB43-0F0019A05A03}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{EE9DE835-DD5F-45ED-9A11-6ED6180B00BF}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{EEC37ED5-E6F3-4E9D-BA46-45BEF8F58380}

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Service\Detections.log

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Service\History.Log

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Service\Unknown.Log

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MPLog-07072010-075101.log

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\documents and settings\Owner\Local Settings\Application Data\{CAE38E14-5CD8-4698-9978-9420F7C3CDF5}

c:\documents and settings\Owner\Local Settings\Application Data\{CAE38E14-5CD8-4698-9978-9420F7C3CDF5}\chrome.manifest

c:\documents and settings\Owner\Local Settings\Application Data\{CAE38E14-5CD8-4698-9978-9420F7C3CDF5}\chrome\content\_cfg.js

c:\documents and settings\Owner\Local Settings\Application Data\{CAE38E14-5CD8-4698-9978-9420F7C3CDF5}\chrome\content\overlay.xul

c:\documents and settings\Owner\Local Settings\Application Data\{CAE38E14-5CD8-4698-9978-9420F7C3CDF5}\install.rdf

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware . . . . Failed to delete

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\IMpServiceBCF43643-A118-4432-AEDE-D861FCBCFCDE.lock . . . . Failed to delete

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpSfc.bin . . . . Failed to delete

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing.bin . . . . Failed to delete

----- BITS: Possible infected sites -----

hxxp://app.timebridge.com

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_MPKSL29FEEC08

-------\Legacy_MPKSL5AE886B2

-------\Legacy_MPKSL5DD158F9

-------\Legacy_MPKSL5E5BEEC9

-------\Legacy_MPKSL6591A0A1

-------\Legacy_MPKSL7AE0156B

-------\Legacy_MPKSLE3F6A898

-------\Service_MpKsl0ee91ba2

-------\Service_MpKsl29feec08

-------\Service_MpKsl3177900d

-------\Service_MpKsl5ae886b2

-------\Service_MpKsl5dd158f9

-------\Service_MpKsl5e5beec9

-------\Service_MpKsl7ae0156b

-------\Service_MpKsle3f6a898

-------\Legacy_MpKsl0520b90b

-------\Legacy_MpKsl0520b90b

-------\Service_MpKsl0520b90b

-------\Service_MpKsl0520b90b

((((((((((((((((((((((((( Files Created from 2011-01-15 to 2011-02-15 )))))))))))))))))))))))))))))))

.

2011-02-15 00:18 . 2011-02-15 00:18 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B259F7F1-E101-4E04-871C-EE1CA687753A}\MpKsl352aa0b7.sys

2011-02-15 00:18 . 2011-01-13 07:41 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B259F7F1-E101-4E04-871C-EE1CA687753A}\mpengine.dll

2011-01-28 23:53 . 2011-01-28 23:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2011-01-28 23:52 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-28 23:52 . 2011-01-28 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-01-28 23:52 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-28 23:52 . 2011-01-28 23:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-28 15:25 . 2011-01-28 15:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-01-27 22:40 . 2011-01-27 22:40 1409 ----a-w- c:\windows\QTFont.for

2011-01-24 05:39 . 2011-01-24 05:39 0 ----a-w- c:\windows\Rfusi.bin

2011-01-24 05:37 . 2011-01-24 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\gBkJmDg00000

2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-01-21 14:44 . 2002-12-05 01:15 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09 . 2002-12-05 01:14 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10 . 2002-12-05 01:15 1854976 ----a-w- c:\windows\system32\win32k.sys

2010-12-22 12:34 . 2002-12-05 01:15 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-20 23:08 . 2005-07-11 18:34 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-12-20 23:08 . 2002-12-05 01:15 832512 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 23:08 . 2002-12-05 01:15 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2010-12-20 23:08 . 2002-12-05 01:14 17408 ----a-w- c:\windows\system32\corpol.dll

2010-12-20 17:26 . 2002-12-05 01:15 730112 ----a-w- c:\windows\system32\lsasrv.dll

2010-12-20 12:55 . 2005-07-11 18:34 389120 ----a-w- c:\windows\system32\html.iec

2010-12-09 15:15 . 2002-12-05 01:15 718336 ----a-w- c:\windows\system32\ntdll.dll

2010-12-09 14:30 . 2002-12-05 01:14 33280 ----a-w- c:\windows\system32\csrsrv.dll

2010-12-09 13:42 . 2002-08-29 01:04 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-12-09 13:07 . 2002-08-29 01:04 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-11-18 18:12 . 2002-12-05 02:22 81920 ----a-w- c:\windows\system32\isign32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-08 68856]

"TimeBridge Connector for Outlook"="c:\documents and settings\Owner\Application Data\TimeBridge\TimeBridge Connector for Outlook\TimeBridgeConnectorForOutlook.exe" [2008-10-07 32768]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-13 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2002-11-07 4243456]

"CTHelper"="CTHELPER.EXE" [2002-11-08 24576]

"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" [2002-08-15 77887]

"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-25 28672]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-22 196608]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SetDefaultMidi"="MIDIDEF.EXE" [2002-03-01 61440]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-7-11 113664]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Documents and Settings\\Owner\\Application Data\\TimeBridge\\TimeBridge Connector for Outlook\\TimeBridgeConnectorForOutlook.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\Common Files\\Motive\\McciCMService.exe"=

"c:\\WINDOWS\\system32\\msiexec.exe"=

R1 MpKsl352aa0b7;MpKsl352aa0b7;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B259F7F1-E101-4E04-871C-EE1CA687753A}\MpKsl352aa0b7.sys [2/14/2011 6:18 PM 28752]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 67656]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/28/2011 5:52 PM 363344]

R2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacom\x86\novacomd.exe [11/6/2009 12:03 PM 33280]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/28/2011 5:52 PM 20952]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S1 MpKsl87d66726;MpKsl87d66726;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE60066B-6A2F-4D66-B45D-3A82D4EE8BAA}\MpKsl87d66726.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE60066B-6A2F-4D66-B45D-3A82D4EE8BAA}\MpKsl87d66726.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]

S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [12/29/2006 1:49 AM 247808]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MPKSL352AA0B7

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

2011-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 18:42]

2011-02-15 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 23:36]

2011-02-15 c:\windows\Tasks\MpIdleTask.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 23:36]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.foxnews.com

uInternet Settings,ProxyOverride = <local>

TCP: {7232894C-42A4-46E4-AD01-065D229B1951} = 4.2.2.1

TCP: {CA0154F2-AAEC-4920-AAEF-074E988571A0} = 4.2.2.1 209.18.47.61 209.18.47.62

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z1zp1glf.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com

FF - prefs.js: network.proxy.type - 4

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

- - - - ORPHANS REMOVED - - - -

AddRemove-com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 - c:\program files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-02-14 18:42

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(536)

c:\windows\system32\GTGina.dll

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll

- - - - - - - > 'explorer.exe'(2856)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Essentials\MsMpEng.exe

c:\windows\System32\nvsvc32.exe

c:\program files\Sony\VAIO Media Music Server\SSSvr.exe

c:\program files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

c:\program files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

c:\program files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

c:\program files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

c:\program files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Completion time: 2011-02-14 19:03:09 - machine was rebooted

ComboFix-quarantined-files.txt 2011-02-15 01:02

ComboFix2.txt 2011-02-12 00:41

Pre-Run: 205,131,444,224 bytes free

Post-Run: 204,977,545,216 bytes free

- - End Of File - - 0A11910FA49BD415DECD27A6BBA6A35D

here is the dds:

DDS (Ver_10-12-12.02) - NTFSx86

Run by Owner at 0:12:22.64 on Tue 02/15/2011

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_23

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.267 [GMT -6:00]

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Enabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe

C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Owner\Application Data\TimeBridge\TimeBridge Connector for Outlook\TimeBridgeConnectorForOutlook.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Documents and Settings\Owner\Desktop\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.foxnews.com

uInternet Settings,ProxyOverride = <local>

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [TimeBridge Connector for Outlook] "c:\documents and settings\owner\application data\timebridge\timebridge connector for outlook\TimeBridgeConnectorForOutlook.exe"

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [CTHelper] CTHELPER.EXE

mRun: [QuickFinder Scheduler] "c:\program files\corel\wordperfect office 2002\programs\QFSCHD100.EXE"

mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRunOnce: [setDefaultMidi] MIDIDEF.EXE

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121112359438

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121112210891

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: {7232894C-42A4-46E4-AD01-065D229B1951} = 4.2.2.1

TCP: {CA0154F2-AAEC-4920-AAEF-074E988571A0} = 4.2.2.1 209.18.47.61 209.18.47.62

Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll

Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z1zp1glf.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com

FF - prefs.js: network.proxy.type - 4

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Google Docs Viewer: adonis.cuhk@gmail.com - %profile%\extensions\adonis.cuhk@gmail.com

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165264]

R1 MpKsl86737c88;MpKsl86737c88;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{eea49e63-f2b3-43b5-99a5-81f572b870fd}\MpKsl86737c88.sys [2011-2-14 28752]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 67656]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-28 363344]

R2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacom\x86\novacomd.exe [2009-11-6 33280]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-28 20952]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S1 MpKsl87d66726;MpKsl87d66726;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fe60066b-6a2f-4d66-b45d-3a82d4ee8baa}\mpksl87d66726.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fe60066b-6a2f-4d66-b45d-3a82d4ee8baa}\MpKsl87d66726.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [2006-12-29 247808]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-02-15 05:46:37 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{eea49e63-f2b3-43b5-99a5-81f572b870fd}\MpKsl86737c88.sys

2011-02-15 04:29:41 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-15 04:29:41 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-15 04:29:41 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-02-15 03:16:41 -------- d-----w- c:\program files\Microsoft Security Client

2011-02-15 03:11:11 17280 ----a-w- C:\FixitRegBackup.reg

2011-02-15 01:49:21 5890896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{eea49e63-f2b3-43b5-99a5-81f572b870fd}\mpengine.dll

2011-02-11 23:36:39 -------- d-sha-r- C:\cmdcons

2011-02-11 23:30:45 89088 ----a-w- c:\windows\MBR.exe

2011-02-11 23:30:45 256512 ----a-w- c:\windows\PEV.exe

2011-02-11 23:30:45 161792 ----a-w- c:\windows\SWREG.exe

2011-02-11 23:30:44 98816 ----a-w- c:\windows\sed.exe

2011-01-28 23:53:15 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes

2011-01-28 23:52:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-28 23:52:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-01-28 23:52:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-28 23:52:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-27 22:40:10 1409 ----a-w- c:\windows\QTFont.for

2011-01-24 05:39:49 0 ----a-w- c:\windows\Rfusi.bin

2011-01-24 05:37:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\gBkJmDg00000

2011-01-21 14:44:37 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys

2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-20 23:08:45 832512 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 23:08:45 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-12-20 23:08:45 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2010-12-20 23:08:45 17408 ----a-w- c:\windows\system32\corpol.dll

2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll

2010-12-20 12:55:25 389120 ----a-w- c:\windows\system32\html.iec

2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll

2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll

2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

============= FINISH: 0:18:09.78 ===============

Link to post
Share on other sites

  • Staff

Hi,

below are reports you requested. I do have a quick question. go now i have 3 spy-ware running on my computer. supperantispyware, malwarebytes and now Microsoft essential securities. do I still need superantispyware?

Well are you using the PRO version of MBAM or SuperAntiSpyware? If not, all are fine to have, and Microsoft Security Essentials will be the only one actively protecting you. If so, let me know and we'll optimize how they work together.
Link to post
Share on other sites

  • Staff

Hi,

Perform all of the below that apply to you:

Set Exclusions for Malwarebytes' Anti-Malware in Microsoft Security Essentials on 32 bit Windows Versions:

  1. Open Microsoft Security Essentials and click on Settings at the top
  2. Click on Excluded processes on the left
  3. Click on the Add... button
  4. Click on the + next to your primary hard drive (usually C:)
  5. Click on the + next to Program Files
  6. Click on the + next to Malwarebytes' Anti-Malware
  7. Click once on mbam.exe and click on OK
  8. Repeat steps 3-7 for the following files:
    • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

[*]Click on Save at the bottom and click Continue if prompted

[*]Close Microsoft Security Essentials

Set Exclusions for Malwarebytes' Anti-Malware in Microsoft Security Essentials on 64 bit Windows Versions:

  1. Open Microsoft Security Essentials and click on Settings at the top
  2. Click on Excluded processes on the left
  3. Click on the Add... button
  4. Click on the + next to your primary hard drive (usually C:)
  5. Click on the + next to Program Files (x86)
  6. Click on the + next to Malwarebytes' Anti-Malware
  7. Click once on mbam.exe and click on OK
  8. Repeat steps 3-7 for the following files:
    • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

[*]Click on Save at the bottom and click Continue if prompted

[*]Close Microsoft Security Essentials

Set Exclusions for Microsoft Security Essentials in Malwarebytes' Anti-Malware:

  • Open Malwarebytes' Anti-Malware and click on the Ignore List tab
  • Click the Add button on the lower left
  • In the small browse window that opens, navigate to C:\Program Files and click once on Microsoft Security Essentials and click OK
  • Close Malwarebytes' Anti-Malware

Set Exclusions for Microsoft Security Essentials 2.x in Malwarebytes' Anti-Malware:

  • Open Malwarebytes' Anti-Malware and click on the Ignore List tab
  • Click the Add button on the lower left
  • In the small browse window that opens, navigate to C:\Program Files and click once on Microsoft Security Client and click OK
  • Close Malwarebytes' Anti-Malware

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.