Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Big Problems, but not sure what


  • This topic is locked This topic is locked
2 replies to this topic

#1 Greg Williams

Greg Williams

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 28 January 2010 - 12:31 AM

I ran malwarebytes in safe mode and was finally able to boot. No desktop items, no internet explorer. Was finally able to use firefox and ran super antispyware. Still did not fix the problem. Malwarebytes would not run out of safe mode.

Here are the logs. Thanks for your help.


DDS (Ver_09-12-01.01) - NTFSx86
Run by sall at 22:14:37.76 on Wed 01/27/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.168 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\1117244731\ee\AOLSoftware.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\MDV241\chk_mdv241.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
C:\Program Files\Movielink\MovielinkManager\Movielink User.exe
C:\Program Files\Common Files\AOL\1117244731\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\AOL\1117244731\EE\aolsoftware.exe
C:\Program Files\Common Files\AOL\1117244731\EE\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\sall\My Documents\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm450YYUS&fl=0&ptb=21DHMFNAg7FKRaKNg1esZA&url=http://www.ask.com/web&q={searchTerms}&l=zc&o=sb
uWindow Title = Windows Internet Explorer provided by Comcast
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.comcast.net/
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
mWindow Title = Windows Internet Explorer provided by Comcast
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant =
uURLSearchHooks: MapQuest Toolbar Search Class: {2731c719-b8c5-4282-993d-b5ad0e77531d} - c:\program files\mapquest toolbar\mqtb.dll
mURLSearchHooks: MapQuest Toolbar Search Class: {2731c719-b8c5-4282-993d-b5ad0e77531d} - c:\program files\mapquest toolbar\mqtb.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {0347C33E-8762-4905-BF09-768834316C61} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: MapQuest Toolbar Loader: {e34f0e11-ab79-487c-9773-36c594dff5aa} - c:\program files\mapquest toolbar\mqtb.dll
BHO: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No File
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: MapQuest Toolbar: {57abf0dd-577c-4ec6-855c-8dc29768c2b0} - c:\program files\mapquest toolbar\mqtb.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [AOL Fast Start] "c:\progra~1\aol9~1.1\AOL.EXE" -b
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [HostManager] c:\program files\common files\aol\1117244731\ee\AOLSoftware.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Dell Photo AIO Printer 922] "c:\program files\dell photo aio printer 922\dlbtbmgr.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBTtime.dll,_RunDLLEntry@16
mRun: [chk_mdv241] c:\program files\mdv241\chk_mdv241
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [sscRun] c:\program files\common files\aol\1117244731\ee\SSCRun.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [MsgCenterExe] "c:\program files\common files\real\update_ob\RealOneMessageCenter.exe" -osboot
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LoadMSvcmm] "c:\program files\movielink\movielinkmanager\Movielink User.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [AOLSPScheduler] c:\program files\common files\aol\1117244731\ee\services\safetycore\ver210_5_2_1\AOLSP Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: &MapQuest Toolbar Search - c:\documents and settings\all users\application data\mapquest toolbar\ietoolbar\resources\en-us\local\search.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
IE: {946B3E9E-E21A-49c8-9F63-900533FAFE15} - {580a1f3f-89b4-433b-bbdb-b97aeb13f3fc}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522}
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202318918125
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} - hxxps://www.cashcall.com/LoanStatus/x86/capicom.dll
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 89.149.210.123 www.google.no
Hosts: 89.149.210.123 www.google.nl
Hosts: 89.149.210.123 www.google.com
Hosts: 89.149.210.123 www.google.se
Hosts: 89.149.210.123 uk.search.yahoo.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sall\applic~1\mozilla\firefox\profiles\ozte4802.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CL-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - comcast.net
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: google.toolbar.linkdoctor.enabled - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\comcastantispyservice.exe --> c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [?]

=============== Created Last 30 ================

2010-01-28 04:26:26 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-28 04:26:15 0 d-----w- c:\program files\SUPERAntiSpyware
2010-01-28 04:26:15 0 d-----w- c:\docume~1\sall\applic~1\SUPERAntiSpyware.com
2010-01-28 04:05:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-28 04:05:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-28 04:05:22 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-28 04:04:52 0 dc----w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-28 03:43:32 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-01-28 03:20:34 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-01-28 02:04:28 0 d-----w- c:\program files\CCleaner
2010-01-27 23:33:24 0 d-----w- c:\docume~1\sall\applic~1\Malwarebytes
2010-01-27 23:33:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-27 23:32:48 4128 ----a-w- C:\INFCACHE.1
2010-01-26 01:28:42 24519 ----a-w- C:\webreg1.htm
2010-01-26 00:55:46 2645 ----a-w- C:\newTab.htm
2010-01-26 00:51:56 2645 ----a-w- C:\inernet exploer.htm
2010-01-24 22:19:41 0 d-----w- C:\Install ICQ
2010-01-24 22:19:32 0 d-----w- C:\Install iTunes
2010-01-24 22:19:30 0 d-----w- C:\AOL Instant Messenger
2010-01-24 22:16:40 0 d-----w- c:\program files\America Online 9.0
2010-01-24 21:40:55 0 d-----w- c:\windows\setup.pss
2010-01-23 20:58:52 0 d-----w- c:\program files\common files\Sonic
2010-01-23 20:29:39 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-23 18:55:38 0 d-----w- c:\docume~1\sall\applic~1\CallingID
2010-01-23 18:54:41 0 d-----w- c:\docume~1\sall\applic~1\comcasttb
2010-01-23 18:23:45 0 d-----w- c:\docume~1\alluse~1\applic~1\XoftSpySE
2010-01-23 16:54:55 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-23 16:54:54 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-23 15:37:11 53161 ----a-w- C:\VETlog.dmp
2010-01-23 06:19:45 586 ------w- c:\windows\hpomdl44.dat.temp
2010-01-23 06:19:45 162799 ------w- c:\windows\hpoins44.dat.temp
2010-01-23 05:55:36 0 d-----w- c:\windows\system32\wbem\Repository
2010-01-23 05:27:38 0 d--h--w- c:\windows\ie8
2010-01-23 04:26:18 0 dc----w- c:\windows\ie8(2)
2010-01-21 21:18:25 0 d-----w- c:\docume~1\alluse~1\applic~1\WEBREG
2010-01-21 21:11:14 0 d-----w- c:\program files\common files\Hewlett-Packard
2010-01-21 21:09:03 0 d-----w- c:\program files\HP
2010-01-21 21:06:45 586 ------w- c:\windows\hpomdl44.dat
2010-01-21 21:06:45 163048 ----a-w- c:\windows\hpoins44.dat
2010-01-16 03:15:23 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2009-12-31 03:41:38 0 d-----w- c:\program files\MDV241
2009-12-31 03:35:26 0 d-----w- c:\program files\MDV241_PCCAM
2009-12-31 03:34:41 0 d-----w- c:\program files\MP4Tool

==================== Find3M ====================

2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2006-02-04 06:02:50 848 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 22:16:11.68 ===============

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/27 22:20
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB41D8000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

SSDT
-------------------
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xece750b0

==EOF==

Attached Files



BC AdBot (Login to Remove)

 


#2 Greg Williams

Greg Williams
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 01 February 2010 - 05:03 PM

I was able to fix problems by using combofix and superantispyware

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:44 AM

Posted 03 February 2010 - 12:10 PM

Since the issue seems to be resolved, this topic will now be closed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users