Jump to content

Malwarebytes blocking IP Addresses


Recommended Posts

Hi folks,

I am using Malwarebytes Anti-Malware Protection module after it detected few malwares in my pc.

But even though I removed them using Malwarebytes, I think they are not getting removed.

Also, I have Avast Free Antivirus which is detecting some Rootkit in C:\Windows\System32 folder with filename 'X' but it is not deleting it.

Here is the list of IP Addresses getting blocked:

124.217.253.138 (Type: outgoing)

91.188.39.85 (Type: outgoing)

79.135.153.13 (Type: outgoing)

83.233.165.43 (Type: outgoing)

59.34.175.122 (Type: incoming)

Here is the list of infected files which Malwarebytes found in Quick Scan:

Files Infected:

c:\documents and settings\networkservice\local settings\temporary internet files\content.ie5\r7tzxcww\jifcc[1].jpg (Extension.Mismatch)

c:\documents and settings\networkservice\local settings\temporary internet files\content.ie5\r7tzxcww\raebydju[1].gif (Extension.Mismatch)

c:\documents and settings\networkservice\local settings\temporary internet files\content.ie5\r7tzxcww\ruetok[1].gif (Extension.Mismatch)

c:\documents and settings\networkservice\local settings\temporary internet files\content.ie5\rim7baew\edydzh[1].gif (Extension.Mismatch)

Please help.

Link to post
Share on other sites

:welcome:

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

  • If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Thanks for a reply LDTate.

But I will not be able to log in to the infected system till this Saturday.

I have done Boot Time Scan with Avast Antivirus which deleted few infected files.

As soon as I go back home I will post those here.

Can you suggest Anything else which can check if even more files are infected?

Link to post
Share on other sites

LDTate, Please tell me if GooredFix log is needed.

Here is what the TDSKiller log contains-

2011/07/16 12:06:54.0453 2144 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56

2011/07/16 12:06:56.0453 2144 ================================================================================

2011/07/16 12:06:56.0453 2144 SystemInfo:

2011/07/16 12:06:56.0453 2144

2011/07/16 12:06:56.0453 2144 OS Version: 5.1.2600 ServicePack: 2.0

2011/07/16 12:06:56.0453 2144 Product type: Workstation

2011/07/16 12:06:56.0453 2144 ComputerName: ANUJA

2011/07/16 12:06:56.0453 2144 UserName: Amol

2011/07/16 12:06:56.0453 2144 Windows directory: C:\WINDOWS

2011/07/16 12:06:56.0453 2144 System windows directory: C:\WINDOWS

2011/07/16 12:06:56.0453 2144 Processor architecture: Intel x86

2011/07/16 12:06:56.0453 2144 Number of processors: 2

2011/07/16 12:06:56.0453 2144 Page size: 0x1000

2011/07/16 12:06:56.0453 2144 Boot type: Normal boot

2011/07/16 12:06:56.0453 2144 ================================================================================

2011/07/16 12:06:58.0671 2144 Initialize success

2011/07/16 12:07:04.0515 3768 ================================================================================

2011/07/16 12:07:04.0515 3768 Scan started

2011/07/16 12:07:04.0515 3768 Mode: Manual;

2011/07/16 12:07:04.0515 3768 ================================================================================

2011/07/16 12:07:05.0625 3768 Aavmker4 (dfcdd5936cad0138775d5a105d4c7716) C:\WINDOWS\system32\drivers\Aavmker4.sys

2011/07/16 12:07:06.0281 3768 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/07/16 12:07:06.0531 3768 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/07/16 12:07:06.0984 3768 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys

2011/07/16 12:07:07.0250 3768 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys

2011/07/16 12:07:09.0000 3768 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\WINDOWS\system32\drivers\aswFsBlk.sys

2011/07/16 12:07:09.0218 3768 aswMon2 (7857e0b4c817f69ff463eea2c63e56f9) C:\WINDOWS\system32\drivers\aswMon2.sys

2011/07/16 12:07:09.0453 3768 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\WINDOWS\system32\drivers\aswRdr.sys

2011/07/16 12:07:09.0781 3768 aswSnx (17230708a2028cd995656df455f2e303) C:\WINDOWS\system32\drivers\aswSnx.sys

2011/07/16 12:07:10.0093 3768 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\WINDOWS\system32\drivers\aswSP.sys

2011/07/16 12:07:10.0312 3768 aswTdi (984cfce2168286c2511695c2f9621475) C:\WINDOWS\system32\drivers\aswTdi.sys

2011/07/16 12:07:10.0531 3768 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/07/16 12:07:10.0781 3768 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/07/16 12:07:11.0234 3768 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/07/16 12:07:11.0468 3768 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/07/16 12:07:11.0687 3768 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/07/16 12:07:12.0062 3768 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/07/16 12:07:12.0500 3768 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/07/16 12:07:12.0750 3768 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/07/16 12:07:13.0031 3768 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/07/16 12:07:13.0859 3768 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys

2011/07/16 12:07:14.0484 3768 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/07/16 12:07:14.0906 3768 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2011/07/16 12:07:15.0359 3768 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

2011/07/16 12:07:15.0609 3768 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/07/16 12:07:15.0828 3768 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2011/07/16 12:07:16.0265 3768 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/07/16 12:07:16.0515 3768 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/07/16 12:07:16.0750 3768 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/07/16 12:07:16.0953 3768 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

2011/07/16 12:07:17.0171 3768 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/07/16 12:07:17.0437 3768 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/07/16 12:07:17.0703 3768 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

2011/07/16 12:07:17.0906 3768 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/07/16 12:07:18.0156 3768 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/07/16 12:07:18.0390 3768 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys

2011/07/16 12:07:18.0609 3768 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys

2011/07/16 12:07:18.0812 3768 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/07/16 12:07:18.0812 3768 Suspicious service (NoAccess): gtdrta

2011/07/16 12:07:19.0093 3768 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/07/16 12:07:19.0312 3768 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/07/16 12:07:19.0796 3768 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/07/16 12:07:20.0312 3768 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/07/16 12:07:20.0937 3768 ialm (c5db546f9028cd00e64335091860d8f3) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2011/07/16 12:07:21.0562 3768 IDMTDI (d890bcc3070242f6ba34744bba756152) C:\WINDOWS\system32\DRIVERS\idmtdi.sys

2011/07/16 12:07:21.0796 3768 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/07/16 12:07:23.0250 3768 IntcAzAudAddService (9f6320e7b0c43e4e5693e1515ba5595c) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/07/16 12:07:23.0687 3768 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/07/16 12:07:23.0921 3768 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/07/16 12:07:24.0140 3768 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/07/16 12:07:24.0375 3768 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/07/16 12:07:24.0625 3768 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/07/16 12:07:24.0875 3768 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/07/16 12:07:25.0109 3768 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/07/16 12:07:25.0343 3768 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/07/16 12:07:25.0890 3768 ISODrive (3ff410ccffcc6a25f33080b8f6e345cd) E:\150000 Universal Drivers 2009[HIghly Compressed]\Portable UltraISO Premium Edition\App\UltraISO\drivers\ISODrive.sys

2011/07/16 12:07:26.0109 3768 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/07/16 12:07:26.0375 3768 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys

2011/07/16 12:07:26.0640 3768 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/07/16 12:07:27.0078 3768 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys

2011/07/16 12:07:27.0312 3768 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/07/16 12:07:27.0562 3768 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

2011/07/16 12:07:27.0781 3768 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/07/16 12:07:28.0000 3768 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/07/16 12:07:28.0250 3768 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/07/16 12:07:28.0703 3768 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/07/16 12:07:29.0046 3768 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/07/16 12:07:29.0375 3768 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2011/07/16 12:07:29.0609 3768 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/07/16 12:07:29.0828 3768 msloop (64e8b7c65eb4796939c0f64f8170821b) C:\WINDOWS\system32\DRIVERS\loop.sys

2011/07/16 12:07:30.0062 3768 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/07/16 12:07:30.0265 3768 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/07/16 12:07:30.0484 3768 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/07/16 12:07:30.0750 3768 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2011/07/16 12:07:31.0015 3768 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2011/07/16 12:07:31.0281 3768 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/07/16 12:07:31.0500 3768 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/07/16 12:07:31.0734 3768 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/07/16 12:07:31.0968 3768 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/07/16 12:07:32.0203 3768 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/07/16 12:07:32.0484 3768 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/07/16 12:07:32.0750 3768 nmwcd (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\WINDOWS\system32\drivers\ccdcmb.sys

2011/07/16 12:07:33.0000 3768 nmwcdc (8f2a94f991f8c73cec26b4b5620d1edc) C:\WINDOWS\system32\drivers\ccdcmbo.sys

2011/07/16 12:07:33.0250 3768 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2011/07/16 12:07:33.0609 3768 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/07/16 12:07:33.0968 3768 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/07/16 12:07:35.0109 3768 nv (34c114da0a5e03219444e46f122ff5a3) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/07/16 12:07:36.0250 3768 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/07/16 12:07:36.0484 3768 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/07/16 12:07:36.0718 3768 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys

2011/07/16 12:07:36.0953 3768 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/07/16 12:07:37.0171 3768 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/07/16 12:07:37.0406 3768 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

2011/07/16 12:07:37.0640 3768 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/07/16 12:07:38.0109 3768 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/07/16 12:07:38.0343 3768 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/07/16 12:07:39.0750 3768 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/07/16 12:07:39.0968 3768 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/07/16 12:07:40.0171 3768 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/07/16 12:07:40.0406 3768 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/07/16 12:07:41.0562 3768 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/07/16 12:07:42.0000 3768 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/07/16 12:07:42.0234 3768 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/07/16 12:07:42.0453 3768 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/07/16 12:07:42.0703 3768 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/07/16 12:07:43.0000 3768 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/07/16 12:07:43.0265 3768 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/07/16 12:07:43.0546 3768 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/07/16 12:07:43.0828 3768 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/07/16 12:07:44.0062 3768 RMSPPPOE (cdc25603946e66532fba58baae172c8e) C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS

2011/07/16 12:07:44.0328 3768 RTLE8023xp (bb0ae2171f08129f4f3ff9df20ffbf89) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2011/07/16 12:07:44.0421 3768 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2011/07/16 12:07:44.0531 3768 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2011/07/16 12:07:44.0796 3768 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/07/16 12:07:45.0046 3768 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/07/16 12:07:45.0296 3768 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/07/16 12:07:45.0531 3768 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/07/16 12:07:46.0171 3768 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys

2011/07/16 12:07:46.0406 3768 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/07/16 12:07:46.0718 3768 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/07/16 12:07:47.0046 3768 sscdbus (2d4027c46b4c6e45875e3c4ba3f67492) C:\WINDOWS\system32\DRIVERS\sscdbus.sys

2011/07/16 12:07:47.0296 3768 sscdmdfl (f548f1eba107bc19e91189e6a460bd0e) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys

2011/07/16 12:07:47.0546 3768 sscdmdm (71d348d53597379dfe1de255d70af13c) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

2011/07/16 12:07:47.0828 3768 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys

2011/07/16 12:07:48.0078 3768 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/07/16 12:07:48.0312 3768 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2011/07/16 12:07:49.0328 3768 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/07/16 12:07:49.0625 3768 Tcpip (7b11118b078b88f87183fe69eda43137) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/07/16 12:07:49.0921 3768 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/07/16 12:07:50.0156 3768 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/07/16 12:07:50.0406 3768 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/07/16 12:07:50.0859 3768 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2011/07/16 12:07:51.0343 3768 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys

2011/07/16 12:07:51.0578 3768 upperdev (ec01da44b090d2651fc032c8b9257232) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys

2011/07/16 12:07:51.0843 3768 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/07/16 12:07:52.0078 3768 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/07/16 12:07:52.0312 3768 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/07/16 12:07:52.0546 3768 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\drivers\usbser.sys

2011/07/16 12:07:52.0812 3768 UsbserFilt (4abd37cfbd710e64f01f9da8710c73f7) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys

2011/07/16 12:07:53.0062 3768 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/07/16 12:07:53.0296 3768 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/07/16 12:07:53.0546 3768 VBoxNetAdp (87f80943992bda64bc2208f3ccd0d38a) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys

2011/07/16 12:07:53.0968 3768 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2011/07/16 12:07:54.0437 3768 vmm (b0fd6e31ed4acd87eb852c5dac27734a) C:\WINDOWS\system32\Drivers\vmm.sys

2011/07/16 12:07:54.0656 3768 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/07/16 12:07:54.0937 3768 VPCNetS2 (2abe8281db609d8bb1bd1b2f93800d5f) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys

2011/07/16 12:07:55.0203 3768 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/07/16 12:07:55.0500 3768 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

2011/07/16 12:07:56.0062 3768 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/07/16 12:07:56.0328 3768 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/07/16 12:07:56.0546 3768 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/07/16 12:07:56.0781 3768 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/07/16 12:07:57.0078 3768 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/07/16 12:07:57.0109 3768 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/07/16 12:07:57.0140 3768 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

2011/07/16 12:07:57.0312 3768 Boot (0x1200) (8dcc764cb12e373c00128a763123ea72) \Device\Harddisk0\DR0\Partition0

2011/07/16 12:07:57.0328 3768 Boot (0x1200) (a1e7a634a6ce42af63d687d9e04f5f7b) \Device\Harddisk0\DR0\Partition1

2011/07/16 12:07:57.0343 3768 Boot (0x1200) (dc9e8ddd5be20675ca2650446f128b56) \Device\Harddisk0\DR0\Partition2

2011/07/16 12:07:57.0375 3768 Boot (0x1200) (3f233619e73752b0703ef0cab69dffc5) \Device\Harddisk0\DR0\Partition3

2011/07/16 12:07:57.0375 3768 Boot (0x1200) (536c804af5cd30ffc1a5d9d5666587a1) \Device\Harddisk1\DR1\Partition0

2011/07/16 12:07:57.0406 3768 Boot (0x1200) (7360dc303300c2eb4e7c0e32d06b52b5) \Device\Harddisk1\DR1\Partition1

2011/07/16 12:07:57.0406 3768 ================================================================================

2011/07/16 12:07:57.0406 3768 Scan finished

2011/07/16 12:07:57.0406 3768 ================================================================================

2011/07/16 12:07:57.0406 3760 Detected object count: 0

2011/07/16 12:07:57.0406 3760 Actual detected object count: 0

Link to post
Share on other sites

Sorry for not including this in the same reply.

But my computer is booting slower than before. Also, one more weird behavior I have seen is with Video/Audio.

Computer hangs in between when I play audio/video.

Please tell me if I should mention IP addresses which Malwarebytes is blocking.

Link to post
Share on other sites

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Here is the log of Combofix -

---------------------------------------------------------------------------------------------------------------------

ComboFix 11-07-15.03 - Amol 07/16/2011 13:32:02.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2557.1984 [GMT 5.5:30]

Running from: c:\documents and settings\Amol\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((( Files Created from 2011-06-16 to 2011-07-16 )))))))))))))))))))))))))))))))

.

.

2011-11-28 12:40 . 2011-11-28 12:40 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-11-27 13:29 . 2011-11-27 13:29 -------- d-----w- c:\documents and settings\Amol\Local Settings\Application Data\Netscape

2011-11-27 13:29 . 2011-11-27 13:29 -------- d-----w- c:\documents and settings\Amol\Application Data\Netscape

2011-11-27 13:29 . 2011-07-03 08:23 -------- d-----w- c:\program files\Netscape

2011-07-16 07:09 . 2011-07-16 07:09 709968 ----a-w- c:\windows\isRS-000.tmp

2011-07-09 17:57 . 2011-07-09 17:59 -------- d-----w- c:\program files\Softwin

2011-07-09 17:44 . 2011-07-09 17:50 -------- d-----w- C:\MGtools

2011-07-09 17:42 . 2011-07-09 17:43 -------- d-----w- c:\documents and settings\Amol\Local Settings\Application Data\Facebook

2011-07-09 15:47 . 2011-07-06 14:22 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-09 15:47 . 2011-07-16 07:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-09 15:47 . 2011-07-06 14:22 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-09 13:19 . 2011-07-09 13:19 -------- d-----w- c:\documents and settings\Amol\Application Data\SUPERAntiSpyware.com

2011-07-09 13:19 . 2011-07-09 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-07-09 13:18 . 2011-07-09 13:19 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-07-09 11:53 . 2011-07-09 11:53 -------- d-----w- c:\program files\Common Files\Java

2011-07-09 11:53 . 2011-07-09 11:52 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-07-03 12:24 . 2011-07-09 10:43 -------- d-----w- c:\documents and settings\Administrator

2011-07-03 09:27 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-07-03 09:27 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-07-03 09:27 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-07-03 09:27 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-07-03 09:27 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-07-03 09:27 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-07-03 09:27 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-07-03 09:27 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-07-03 09:27 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr

2011-07-03 09:27 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-07-03 08:20 . 2011-07-03 08:27 -------- d-----w- c:\windows\SxsCaPendDel

2011-07-03 07:19 . 2008-08-26 04:56 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2011-07-03 07:19 . 2011-07-03 07:19 -------- d-----w- c:\program files\PC Connectivity Solution

2011-07-03 07:18 . 2011-05-18 04:42 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys

2011-07-03 07:18 . 2011-05-18 04:42 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys

2011-07-03 07:18 . 2011-05-18 04:42 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys

2011-07-03 07:18 . 2011-05-18 04:42 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys

2011-07-02 20:04 . 2011-07-02 20:04 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys

2011-07-02 20:04 . 2011-07-02 20:04 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2011-07-02 20:04 . 2011-07-02 20:04 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys

2011-07-02 20:04 . 2011-07-02 20:04 -------- d-----w- c:\program files\Sony Ericsson

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-09 17:50 . 2011-07-09 17:44 169119 ----a-w- C:\MGlogs.zip

2011-07-09 11:52 . 2010-06-26 10:13 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-05 17:33 . 2011-06-05 17:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-18 04:43 . 2011-05-14 19:01 123904 ----a-w- c:\windows\system32\ccdcmbwu.dll

2011-05-18 04:43 . 2011-05-14 19:01 605696 ----a-w- c:\windows\system32\nmwcdcocls.dll

2011-05-18 04:43 . 2010-04-12 15:34 75264 ----a-w- c:\windows\system32\nmwcdcls.dll

2009-09-12 17:35 . 2009-09-12 17:35 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll

2009-09-12 17:36 . 2009-09-12 17:36 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2009-09-12 17:36 . 2009-09-12 17:36 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2009-09-12 17:36 . 2009-09-12 17:36 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2009-09-12 17:36 . 2009-09-12 17:36 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2009-09-12 17:37 . 2009-09-12 17:37 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2009-09-12 17:36 . 2009-09-12 17:36 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2009-09-12 17:36 . 2009-09-12 17:36 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2009-08-14 08:03 . 2009-08-14 08:03 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2009-09-12 17:36 . 2009-09-12 17:36 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2011-04-14 16:26 . 2011-05-08 15:04 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2004-09-01 . 7B11118B078B88F87183FE69EDA43137 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys

.

.

c:\windows\System32\termsrv.dll ... is missing !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2011-03-02 15:23 68216 ----a-w- c:\program files\IDM\IDMShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IDMan"="c:\program files\IDM\IDMan.exe" [2011-05-14 3294616]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-06-24 639352]

"Facebook Update"="c:\documents and settings\Amol\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2011-07-14 137536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]

"nwiz"="nwiz.exe" [2007-04-19 1626112]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\ApexDC++\\ApexDC.exe"=

"c:\\Documents and Settings\\Amol\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\Amol\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=

"c:\\Documents and Settings\\Amol\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3442:TCP"= 3442:TCP:nkkbun

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/3/2011 2:57 PM 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/3/2011 2:57 PM 309848]

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 6:13 PM 65584]

R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [7/29/2010 6:37 PM 98160]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:55 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 12:11 AM 67656]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/3/2011 2:57 PM 19544]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/9/2011 9:17 PM 366640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/9/2011 9:17 PM 22712]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [12/4/2010 8:12 PM 31424]

S2 gtdrta;Microsoft Task;c:\windows\system32\svchost.exe -k netsvcs [9/1/2004 5:30 AM 14336]

S3 Apache2.2-Zend;Apache2.2-Zend;c:\program files\Zend\Apache2\bin\httpd.exe [2/23/2010 1:05 PM 27240]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [7/3/2011 1:34 AM 13224]

S3 PciCon;PciCon;\??\i:\pcicon.sys --> i:\PciCon.sys [?]

S3 Tomcat6;Apache Tomcat 6;c:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [1/19/2010 7:12 PM 57344]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [12/17/2009 3:02 PM 99152]

S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]

S3 ZendJavaBridge;Zend Java Bridge;c:\program files\Zend\ZendServer\bin\JavaServer.exe [2/23/2010 1:05 PM 23544]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

lokkl

gtdrta

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-436374069-1606980848-839522115-1003Core.job

- c:\documents and settings\Amol\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-09 05:47]

.

2011-07-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-436374069-1606980848-839522115-1003UA.job

- c:\documents and settings\Amol\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-09 05:47]

.

2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1606980848-839522115-1003Core.job

- c:\documents and settings\Amol\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-17 15:31]

.

2011-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1606980848-839522115-1003UA.job

- c:\documents and settings\Amol\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-17 15:31]

.

2011-07-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-436374069-1606980848-839522115-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 06:03]

.

2011-07-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-436374069-1606980848-839522115-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 06:03]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Download all links with IDM - c:\program files\IDM\IEGetAll.htm

IE: Download with IDM - c:\program files\IDM\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: Zend Studio - Debug current page - c:\program files\Zend\Zend Studio - 7.1.1\toolbars\ZendIEToolbar.dll/DebugCurrent.html

IE: Zend Studio - Debug next page - c:\program files\Zend\Zend Studio - 7.1.1\toolbars\ZendIEToolbar.dll/DebugNext.html

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{C7503213-B6B4-46DB-B569-7B53AAE0BAED}: NameServer = 202.177.240.250 202.177.240.251

FF - ProfilePath - c:\documents and settings\Amol\Application Data\Mozilla\Firefox\Profiles\olk8l1gc.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#search/malwarebytes/1311e1f30495758a|http://forums.malwarebytes.org/index.php?showtopic=89177&pid=451225&st=0entry451225|http://forums.whatthetech.com/index.php?autocom=downloads&req=download&code=confirm_download&id=17|https://www.facebook.com/

FF - prefs.js: keyword.URL - hxxp://eis.esnips.com/page/search_provider/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d&q=

FF - user.js: zend.ZDE_Path - c:\program files\Zend\Zend Studio - 7.1.1\ZendStudio.exe

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-16 13:46

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

"ImagePath"="\??\E:\150000 Universal Drivers 2009

[HIghly Compressed]\Portable UltraISO Premium Edition\App\UltraISO\drivers\ISODrive.sys"

.

.

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ISODrive]

"ImagePath"="\??\E:\150000 Universal Drivers 2009

.

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gtdrta]

"ServiceDll"="c:\windows\system32\vrdjcioj.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{561b2f79-c072-4f24-ac35-52bd90c955b9}]

@Denied: (Full) (Everyone)

"Model"=dword:0000002e

"Therad"=dword:00000012

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):ac,22,94,b7,31,2e,9f,f6,53,3f,4a,47,2a,9b,f6,38,65,a3,4c,14,49,

a3,ac,18,89,d3,24,8a,af,7b,aa,c6,35,9e,db,92,f3,b5,2e,73,00,00,00,00,00,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1040)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

- - - - - - - > 'explorer.exe'(2828)

c:\windows\system32\msi.dll

c:\program files\IDM\IDMShellExt.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-07-16 13:51:14

ComboFix-quarantined-files.txt 2011-07-16 08:21

ComboFix2.txt 2011-07-09 16:42

ComboFix3.txt 2011-07-03 15:49

.

Pre-Run: 14,469,947,392 bytes free

Post-Run: 14,443,462,656 bytes free

.

- - End Of File - - 274F817819E8508531270006A5A4D950

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\windows\isRS-000.tmp

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3442:TCP"=-

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

I deleted mbamservices.exe from the processes before running Combofix. But it came back after Combofix restarted the system.

Here is the log-

----------------------------------------------------------------------------------------------------------------------ComboFix 11-07-15.03 - Amol 07/16/2011 15:47:59.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2557.2021 [GMT 5.5:30]

Running from: c:\documents and settings\Amol\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Amol\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

FILE ::

"c:\windows\isRS-000.tmp"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\isRS-000.tmp

.

.

((((((((((((((((((((((((( Files Created from 2011-06-16 to 2011-07-16 )))))))))))))))))))))))))))))))

.

.

2011-11-28 12:40 . 2011-11-28 12:40 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-11-27 13:29 . 2011-11-27 13:29 -------- d-----w- c:\documents and settings\Amol\Local Settings\Application Data\Netscape

2011-11-27 13:29 . 2011-11-27 13:29 -------- d-----w- c:\documents and settings\Amol\Application Data\Netscape

2011-11-27 13:29 . 2011-07-03 08:23 -------- d-----w- c:\program files\Netscape

2011-07-09 17:57 . 2011-07-09 17:59 -------- d-----w- c:\program files\Softwin

2011-07-09 17:44 . 2011-07-09 17:50 -------- d-----w- C:\MGtools

2011-07-09 17:42 . 2011-07-09 17:43 -------- d-----w- c:\documents and settings\Amol\Local Settings\Application Data\Facebook

2011-07-09 15:47 . 2011-07-06 14:22 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-09 15:47 . 2011-07-16 07:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-09 15:47 . 2011-07-06 14:22 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-09 13:19 . 2011-07-09 13:19 -------- d-----w- c:\documents and settings\Amol\Application Data\SUPERAntiSpyware.com

2011-07-09 13:19 . 2011-07-09 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-07-09 13:18 . 2011-07-09 13:19 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-07-09 11:53 . 2011-07-09 11:53 -------- d-----w- c:\program files\Common Files\Java

2011-07-09 11:53 . 2011-07-09 11:52 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-07-03 12:24 . 2011-07-09 10:43 -------- d-----w- c:\documents and settings\Administrator

2011-07-03 09:27 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-07-03 09:27 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-07-03 09:27 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-07-03 09:27 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-07-03 09:27 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-07-03 09:27 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-07-03 09:27 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-07-03 09:27 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-07-03 09:27 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr

2011-07-03 09:27 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-07-03 08:20 . 2011-07-03 08:27 -------- d-----w- c:\windows\SxsCaPendDel

2011-07-03 07:19 . 2008-08-26 04:56 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2011-07-03 07:19 . 2011-07-03 07:19 -------- d-----w- c:\program files\PC Connectivity Solution

2011-07-03 07:18 . 2011-05-18 04:42 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys

2011-07-03 07:18 . 2011-05-18 04:42 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys

2011-07-03 07:18 . 2011-05-18 04:42 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys

2011-07-03 07:18 . 2011-05-18 04:42 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys

2011-07-02 20:04 . 2011-07-02 20:04 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys

2011-07-02 20:04 . 2011-07-02 20:04 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2011-07-02 20:04 . 2011-07-02 20:04 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys

2011-07-02 20:04 . 2011-07-02 20:04 -------- d-----w- c:\program files\Sony Ericsson

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-09 17:50 . 2011-07-09 17:44 169119 ----a-w- C:\MGlogs.zip

2011-07-09 11:52 . 2010-06-26 10:13 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-05 17:33 . 2011-06-05 17:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-18 04:43 . 2011-05-14 19:01 123904 ----a-w- c:\windows\system32\ccdcmbwu.dll

2011-05-18 04:43 . 2011-05-14 19:01 605696 ----a-w- c:\windows\system32\nmwcdcocls.dll

2011-05-18 04:43 . 2010-04-12 15:34 75264 ----a-w- c:\windows\system32\nmwcdcls.dll

2009-09-12 17:35 . 2009-09-12 17:35 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll

2009-09-12 17:36 . 2009-09-12 17:36 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2009-09-12 17:36 . 2009-09-12 17:36 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2009-09-12 17:36 . 2009-09-12 17:36 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2009-09-12 17:36 . 2009-09-12 17:36 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2009-09-12 17:37 . 2009-09-12 17:37 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2009-09-12 17:36 . 2009-09-12 17:36 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2009-09-12 17:36 . 2009-09-12 17:36 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2009-08-14 08:03 . 2009-08-14 08:03 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2009-09-12 17:36 . 2009-09-12 17:36 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2011-04-14 16:26 . 2011-05-08 15:04 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2004-09-01 . 7B11118B078B88F87183FE69EDA43137 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys

.

.

c:\windows\System32\termsrv.dll ... is missing !!

.

((((((((((((((((((((((((((((( SnapShot@2011-07-16_08.16.41 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-07-16 10:34 . 2011-07-16 10:34 16384 c:\windows\temp\Perflib_Perfdata_57c.dat

+ 2011-07-16 08:56 . 2011-07-16 08:56 114176 c:\windows\Installer\5acf51.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2011-03-02 15:23 68216 ----a-w- c:\program files\IDM\IDMShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IDMan"="c:\program files\IDM\IDMan.exe" [2011-05-14 3294616]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-06-24 639352]

"Facebook Update"="c:\documents and settings\Amol\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2011-07-14 137536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]

"nwiz"="nwiz.exe" [2007-04-19 1626112]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\ApexDC++\\ApexDC.exe"=

"c:\\Documents and Settings\\Amol\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\Amol\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=

"c:\\Documents and Settings\\Amol\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/3/2011 2:57 PM 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/3/2011 2:57 PM 309848]

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 6:13 PM 65584]

R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [7/29/2010 6:37 PM 98160]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:55 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 12:11 AM 67656]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/3/2011 2:57 PM 19544]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/9/2011 9:17 PM 366640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/9/2011 9:17 PM 22712]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [12/4/2010 8:12 PM 31424]

S2 gtdrta;Microsoft Task;c:\windows\system32\svchost.exe -k netsvcs [9/1/2004 5:30 AM 14336]

S3 Apache2.2-Zend;Apache2.2-Zend;c:\program files\Zend\Apache2\bin\httpd.exe [2/23/2010 1:05 PM 27240]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [7/3/2011 1:34 AM 13224]

S3 PciCon;PciCon;\??\i:\pcicon.sys --> i:\PciCon.sys [?]

S3 Tomcat6;Apache Tomcat 6;c:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [1/19/2010 7:12 PM 57344]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [12/17/2009 3:02 PM 99152]

S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]

S3 ZendJavaBridge;Zend Java Bridge;c:\program files\Zend\ZendServer\bin\JavaServer.exe [2/23/2010 1:05 PM 23544]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

lokkl

gtdrta

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-436374069-1606980848-839522115-1003Core.job

- c:\documents and settings\Amol\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-09 05:47]

.

2011-07-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-436374069-1606980848-839522115-1003UA.job

- c:\documents and settings\Amol\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-09 05:47]

.

2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1606980848-839522115-1003Core.job

- c:\documents and settings\Amol\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-17 15:31]

.

2011-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1606980848-839522115-1003UA.job

- c:\documents and settings\Amol\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-17 15:31]

.

2011-07-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-436374069-1606980848-839522115-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 06:03]

.

2011-07-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-436374069-1606980848-839522115-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 06:03]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Download all links with IDM - c:\program files\IDM\IEGetAll.htm

IE: Download with IDM - c:\program files\IDM\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: Zend Studio - Debug current page - c:\program files\Zend\Zend Studio - 7.1.1\toolbars\ZendIEToolbar.dll/DebugCurrent.html

IE: Zend Studio - Debug next page - c:\program files\Zend\Zend Studio - 7.1.1\toolbars\ZendIEToolbar.dll/DebugNext.html

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\Amol\Application Data\Mozilla\Firefox\Profiles\olk8l1gc.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#search/malwarebytes/1311e1f30495758a|http://forums.malwarebytes.org/index.php?showtopic=89177&pid=451225&st=0entry451225|http://forums.whatthetech.com/index.php?autocom=downloads&req=download&code=confirm_download&id=17|https://www.facebook.com/

FF - prefs.js: keyword.URL - hxxp://eis.esnips.com/page/search_provider/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d&q=

FF - user.js: zend.ZDE_Path - c:\program files\Zend\Zend Studio - 7.1.1\ZendStudio.exe

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-16 16:04

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

"ImagePath"="\??\E:\150000 Universal Drivers 2009

[HIghly Compressed]\Portable UltraISO Premium Edition\App\UltraISO\drivers\ISODrive.sys"

.

.

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ISODrive]

"ImagePath"="\??\E:\150000 Universal Drivers 2009

.

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gtdrta]

"ServiceDll"="c:\windows\system32\vrdjcioj.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{561b2f79-c072-4f24-ac35-52bd90c955b9}]

@Denied: (Full) (Everyone)

"Model"=dword:0000002e

"Therad"=dword:00000012

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):ac,22,94,b7,31,2e,9f,f6,53,3f,4a,47,2a,9b,f6,38,65,a3,4c,14,49,

a3,ac,18,89,d3,24,8a,af,7b,aa,c6,35,9e,db,92,f3,b5,2e,73,00,00,00,00,00,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1052)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

- - - - - - - > 'explorer.exe'(3268)

c:\program files\IDM\IDMShellExt.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

g:\program files\Microsoft Virtual PC\VPCShExH.DLL

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\RTHDCPL.EXE

c:\program files\IDM\IEMonitor.exe

.

**************************************************************************

.

Completion time: 2011-07-16 16:11:49 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-16 10:41

ComboFix2.txt 2011-07-16 08:21

ComboFix3.txt 2011-07-09 16:42

ComboFix4.txt 2011-07-03 15:49

.

Pre-Run: 13,670,494,208 bytes free

Post-Run: 13,643,370,496 bytes free

.

- - End Of File - - 30CCE952A38894B0992113822F676A25

Link to post
Share on other sites

Please do the following to see if it resolves the issue: Post back and let us know please


  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here

    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Link to post
Share on other sites

You have a file I can't find any info on.

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:

c:\windows\system32\vrdjcioj.dll

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

If virustotal is too busy you can try these.

http://virusscan.jotti.org

http://www.kaspersky.com/scanforvirus.html

Link to post
Share on other sites

I recollected that when I ran Avast Boot-time scan it deleted that file with this log:

File C:\WINDOWS\system32\inseng.dll Error 0xC000009C {STATUS_DEVICE_DATA_ERROR}

File C:\WINDOWS\system32\intl.cpl Error 0xC000009C {STATUS_DEVICE_DATA_ERROR}

File C:\WINDOWS\system32\vrdjcioj.dll is infected by Win32:Rootkit-gen [Rtk], Deleted

Please tell me if I should put the entire log of the Avast scan-

---------------------------------------------------------------------------------------

ComboFix 11-07-15.03 - Amol 07/17/2011 23:45:05.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2557.2002 [GMT 5.5:30]

Running from: c:\documents and settings\Amol\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Amol\Application Data\facemoods.com

c:\program files\facemoods.com

c:\program files\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll

c:\program files\facemoods.com\facemoods\1.4.17.7\facemoods.crx

c:\program files\facemoods.com\facemoods\1.4.17.7\facemoods.png

c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsApp.dll

c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsEng.dll

c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe

c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll

c:\program files\facemoods.com\facemoods\1.4.17.7\uninstall.exe

c:\program files\facemoods.com\sqlite3.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-06-17 to 2011-07-17 )))))))))))))))))))))))))))))))

.

.

2011-11-28 12:40 . 2011-11-28 12:40 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-11-27 13:29 . 2011-11-27 13:29 -------- d-----w- c:\documents and settings\Amol\Local Settings\Application Data\Netscape

2011-11-27 13:29 . 2011-11-27 13:29 -------- d-----w- c:\documents and settings\Amol\Application Data\Netscape

2011-11-27 13:29 . 2011-07-03 08:23 -------- d-----w- c:\program files\Netscape

2011-07-17 17:31 . 2011-07-17 17:31 -------- d-----w- c:\documents and settings\Amol\Application Data\Malwarebytes

2011-07-17 17:30 . 2011-07-06 14:22 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-17 17:30 . 2011-07-17 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-07-17 17:30 . 2011-07-17 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-17 17:30 . 2011-07-06 14:22 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-17 15:20 . 2011-07-17 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation

2011-07-17 15:20 . 2011-07-17 15:20 -------- d-----w- c:\documents and settings\UpdatusUser

2011-07-17 15:20 . 2011-07-17 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA

2011-07-17 15:19 . 2011-05-25 06:09 154728 ----a-w- c:\windows\system32\nvsvc32.exe

2011-07-17 15:19 . 2011-05-25 06:09 145000 ----a-w- c:\windows\system32\nvcolor.exe

2011-07-17 15:19 . 2011-05-25 06:09 111208 ----a-w- c:\windows\system32\nvmctray.dll

2011-07-17 15:19 . 2011-05-25 06:09 13895272 ----a-w- c:\windows\system32\nvcpl.dll

2011-07-17 15:19 . 2011-05-25 06:09 54272 ----a-w- c:\windows\system32\nvwddi.dll

2011-07-17 15:19 . 2011-05-25 06:09 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll

2011-07-17 15:19 . 2011-07-17 15:19 273344 ----a-w- c:\windows\system32\nvdrsdb0.bin

2011-07-17 15:19 . 2011-07-17 15:19 1 ----a-w- c:\windows\system32\nvdrssel.bin

2011-07-17 15:19 . 2011-07-17 15:19 273344 ----a-w- c:\windows\system32\nvdrsdb1.bin

2011-07-17 15:18 . 2011-05-25 06:09 61440 ----a-w- c:\windows\system32\OpenCL.dll

2011-07-17 15:18 . 2011-05-25 06:09 16068608 ----a-w- c:\windows\system32\nvoglnt.dll

2011-07-17 15:18 . 2011-05-25 06:09 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll

2011-07-17 15:18 . 2011-05-25 06:09 865896 ----a-w- c:\windows\system32\nvgenco322090.dll

2011-07-17 15:18 . 2011-05-25 06:09 2808936 ----a-w- c:\windows\system32\nvcuvid.dll

2011-07-17 15:18 . 2011-05-25 06:09 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-07-17 15:18 . 2011-05-25 06:09 5332992 ----a-w- c:\windows\system32\nvcuda.dll

2011-07-17 15:18 . 2011-05-25 06:09 2328576 ----a-w- c:\windows\system32\nvapi.dll

2011-07-17 15:18 . 2011-05-25 06:09 13004800 ----a-w- c:\windows\system32\nvcompiler.dll

2011-07-17 15:17 . 2011-07-17 15:20 -------- d-----w- c:\program files\NVIDIA Corporation

2011-07-17 15:16 . 2011-07-17 15:16 -------- d-----w- C:\NVIDIA

2011-07-17 15:09 . 2011-07-17 15:09 -------- d-----w- c:\program files\Seagate

2011-07-17 15:07 . 2011-07-17 15:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2011-07-09 17:57 . 2011-07-09 17:59 -------- d-----w- c:\program files\Softwin

2011-07-09 17:44 . 2011-07-09 17:50 -------- d-----w- C:\MGtools

2011-07-09 17:42 . 2011-07-09 17:43 -------- d-----w- c:\documents and settings\Amol\Local Settings\Application Data\Facebook

2011-07-09 13:19 . 2011-07-09 13:19 -------- d-----w- c:\documents and settings\Amol\Application Data\SUPERAntiSpyware.com

2011-07-09 13:19 . 2011-07-09 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-07-09 13:18 . 2011-07-09 13:19 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-07-09 11:53 . 2011-07-09 11:53 -------- d-----w- c:\program files\Common Files\Java

2011-07-09 11:53 . 2011-07-09 11:52 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-07-03 12:24 . 2011-07-09 10:43 -------- d-----w- c:\documents and settings\Administrator

2011-07-03 09:27 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-07-03 09:27 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-07-03 09:27 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-07-03 09:27 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-07-03 09:27 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-07-03 09:27 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-07-03 09:27 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-07-03 09:27 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-07-03 09:27 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr

2011-07-03 09:27 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-07-03 08:20 . 2011-07-03 08:27 -------- d-----w- c:\windows\SxsCaPendDel

2011-07-03 07:19 . 2008-08-26 04:56 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2011-07-03 07:19 . 2011-07-03 07:19 -------- d-----w- c:\program files\PC Connectivity Solution

2011-07-03 07:18 . 2011-05-18 04:42 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys

2011-07-03 07:18 . 2011-05-18 04:42 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys

2011-07-03 07:18 . 2011-05-18 04:42 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys

2011-07-03 07:18 . 2011-05-18 04:42 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys

2011-07-02 20:04 . 2011-07-02 20:04 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys

2011-07-02 20:04 . 2011-07-02 20:04 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2011-07-02 20:04 . 2011-07-02 20:04 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys

2011-07-02 20:04 . 2011-07-02 20:04 -------- d-----w- c:\program files\Sony Ericsson

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-09 17:50 . 2011-07-09 17:44 169119 ----a-w- C:\MGlogs.zip

2011-07-09 11:52 . 2010-06-26 10:13 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-05 17:33 . 2011-06-05 17:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-25 06:09 . 2007-04-19 04:26 4198272 ----a-w- c:\windows\system32\nv4_disp.dll

2011-05-25 06:09 . 2007-04-19 04:26 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2011-05-18 04:43 . 2011-05-14 19:01 123904 ----a-w- c:\windows\system32\ccdcmbwu.dll

2011-05-18 04:43 . 2011-05-14 19:01 605696 ----a-w- c:\windows\system32\nmwcdcocls.dll

2011-05-18 04:43 . 2010-04-12 15:34 75264 ----a-w- c:\windows\system32\nmwcdcls.dll

2009-09-12 17:35 . 2009-09-12 17:35 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll

2009-09-12 17:36 . 2009-09-12 17:36 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2009-09-12 17:36 . 2009-09-12 17:36 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2009-09-12 17:36 . 2009-09-12 17:36 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2009-09-12 17:36 . 2009-09-12 17:36 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2009-09-12 17:37 . 2009-09-12 17:37 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2009-09-12 17:36 . 2009-09-12 17:36 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2009-09-12 17:36 . 2009-09-12 17:36 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2009-08-14 08:03 . 2009-08-14 08:03 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2009-09-12 17:36 . 2009-09-12 17:36 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2011-04-14 16:26 . 2011-05-08 15:04 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2004-09-01 . 7B11118B078B88F87183FE69EDA43137 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys

.

.

c:\windows\System32\termsrv.dll ... is missing !!

.

((((((((((((((((((((((((((((( SnapShot@2011-07-16_08.16.41 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-11 15:24 . 2009-07-11 15:24 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll

+ 2009-07-11 15:02 . 2009-07-11 15:02 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll

+ 2009-07-11 15:02 . 2009-07-11 15:02 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll

+ 2009-07-11 15:02 . 2009-07-11 15:02 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll

+ 2009-07-11 15:02 . 2009-07-11 15:02 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll

+ 2009-07-11 15:02 . 2009-07-11 15:02 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll

+ 2009-07-11 15:02 . 2009-07-11 15:02 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll

+ 2009-07-11 15:02 . 2009-07-11 15:02 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll

+ 2009-07-11 15:02 . 2009-07-11 15:02 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll

+ 2009-07-11 15:02 . 2009-07-11 15:02 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll

+ 2011-07-17 17:25 . 2011-07-17 17:25 16384 c:\windows\temp\Perflib_Perfdata_628.dat

+ 2011-07-17 15:10 . 2011-07-17 15:10 11264 c:\windows\Installer\{98613C99-1399-416C-A07C-1EE1C585D872}\Icon98613C992.exe

+ 2011-07-17 15:10 . 2011-07-17 15:10 460288 c:\windows\Installer\d857a.msi

+ 2011-07-17 15:09 . 2011-07-17 15:09 424960 c:\windows\Installer\d8576.msi

+ 2011-07-16 08:56 . 2011-07-16 08:56 114176 c:\windows\Installer\5acf51.msi

+ 2007-04-19 04:26 . 2011-05-25 06:09 12753664 c:\windows\system32\dllcache\nv4_mini.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2011-03-02 15:23 68216 ----a-w- c:\program files\IDM\IDMShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IDMan"="c:\program files\IDM\IDMan.exe" [2011-05-14 3294616]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-06-24 639352]

"Facebook Update"="c:\documents and settings\Amol\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2011-07-14 137536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]

"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\ApexDC++\\ApexDC.exe"=

"c:\\Documents and Settings\\Amol\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\Amol\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=

"c:\\Documents and Settings\\Amol\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=

"c:\\Documents and Settings\\Amol\\My Documents\\Downloads\\Programs\\SweetImSetup.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/3/2011 2:57 PM 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/3/2011 2:57 PM 309848]

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 6:13 PM 65584]

R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [7/29/2010 6:37 PM 98160]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:55 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 12:11 AM 67656]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/3/2011 2:57 PM 19544]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [7/17/2011 8:50 PM 2214504]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [12/4/2010 8:12 PM 31424]

S2 gtdrta;Microsoft Task;c:\windows\system32\svchost.exe -k netsvcs [9/1/2004 5:30 AM 14336]

S3 Apache2.2-Zend;Apache2.2-Zend;c:\program files\Zend\Apache2\bin\httpd.exe [2/23/2010 1:05 PM 27240]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [7/3/2011 1:34 AM 13224]

S3 PciCon;PciCon;\??\i:\pcicon.sys --> i:\PciCon.sys [?]

S3 Tomcat6;Apache Tomcat 6;c:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [1/19/2010 7:12 PM 57344]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [12/17/2009 3:02 PM 99152]

S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]

S3 ZendJavaBridge;Zend Java Bridge;c:\program files\Zend\ZendServer\bin\JavaServer.exe [2/23/2010 1:05 PM 23544]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

lokkl

gtdrta

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-436374069-1606980848-839522115-1003Core.job

- c:\documents and settings\Amol\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-09 05:47]

.

2011-07-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-436374069-1606980848-839522115-1003UA.job

- c:\documents and settings\Amol\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-09 05:47]

.

2011-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1606980848-839522115-1003Core.job

- c:\documents and settings\Amol\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-17 15:31]

.

2011-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1606980848-839522115-1003UA.job

- c:\documents and settings\Amol\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-17 15:31]

.

2011-07-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-436374069-1606980848-839522115-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 06:03]

.

2011-07-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-436374069-1606980848-839522115-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 06:03]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://start.facemoods.com/?a=ddrnw

uInternet Settings,ProxyOverride = local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Download all links with IDM - c:\program files\IDM\IEGetAll.htm

IE: Download with IDM - c:\program files\IDM\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: Zend Studio - Debug current page - c:\program files\Zend\Zend Studio - 7.1.1\toolbars\ZendIEToolbar.dll/DebugCurrent.html

IE: Zend Studio - Debug next page - c:\program files\Zend\Zend Studio - 7.1.1\toolbars\ZendIEToolbar.dll/DebugNext.html

TCP: Interfaces\{C7503213-B6B4-46DB-B569-7B53AAE0BAED}: NameServer = 202.177.240.250 202.177.240.251

FF - ProfilePath - c:\documents and settings\Amol\Application Data\Mozilla\Firefox\Profiles\olk8l1gc.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddrnw

FF - prefs.js: keyword.URL - hxxp://eis.esnips.com/page/search_provider/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d&q=

FF - user.js: zend.ZDE_Path - c:\program files\Zend\Zend Studio - 7.1.1\ZendStudio.exe

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll

Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll

HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe

AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.7\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-17 23:59

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

"ImagePath"="\??\E:\150000 Universal Drivers 2009

[HIghly Compressed]\Portable UltraISO Premium Edition\App\UltraISO\drivers\ISODrive.sys"

.

.

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ISODrive]

"ImagePath"="\??\E:\150000 Universal Drivers 2009

.

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gtdrta]

"ServiceDll"="c:\windows\system32\vrdjcioj.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{561b2f79-c072-4f24-ac35-52bd90c955b9}]

@Denied: (Full) (Everyone)

"Model"=dword:0000002e

"Therad"=dword:00000012

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):ac,22,94,b7,31,2e,9f,f6,53,3f,4a,47,2a,9b,f6,38,65,a3,4c,14,49,

a3,ac,18,89,d3,24,8a,af,7b,aa,c6,35,9e,db,92,f3,b5,2e,73,00,00,00,00,00,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1052)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

Completion time: 2011-07-18 00:05:32

ComboFix-quarantined-files.txt 2011-07-17 18:35

ComboFix2.txt 2011-07-16 10:41

ComboFix3.txt 2011-07-16 08:21

ComboFix4.txt 2011-07-09 16:42

ComboFix5.txt 2011-07-17 18:13

.

Pre-Run: 11,309,473,792 bytes free

Post-Run: 11,310,432,256 bytes free

.

- - End Of File - - B60714FED1451CD689C32258EB856DD2

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.