Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

continued~


  • This topic is locked This topic is locked
25 replies to this topic

#1 GKing

GKing

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SFBayArea
  • Local time:05:26 AM

Posted 29 September 2010 - 12:05 AM

Referred from here: http://www.bleepingcomputer.com/forums/topic346549.html ~ OB

Well the best thing I can thisnk of would be to post a DDS log and have the system reviewed.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.


ok here goes:

And:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 21:53:01.62 on Tue 09/28/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1757 [GMT -7:00]

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
c:Program FilesMicrosoft Security EssentialsMsMpEng.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesGoogleUpdateGoogleUpdate.exe
svchost.exe
C:WINDOWSsystem32netdde.exe
C:Program FilesCyberLinkPowerDVD DXPDVDDXSrv.exe
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesRoxioRoxio MyDVD DEInstallShieldDriver1050Intel 32IDriverT.exe
C:Program FilesCommon FilesAOL1268628771eeAOLSoftware.exe
C:Program FilesMultimedia Card Readerreadericon10.exe
C:Program FilesJavajre6binjqs.exe
C:PROGRA~1COMMON~1INSTAL~1UPDATE~1issch.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesMicrosoft Security Essentialsmsseces.exe
C:Program FilesCommon FilesMicrosoft SharedWorks SharedWkUFind.exe
C:Program FilesCommon FilesPure Networks SharedPlatformnmctxth.exe
C:Program FilesPure NetworksNetwork Magicnmapp.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesLogitechMouseWaresystemem_exec.exe
C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:WINDOWSsystem32MsPMSPSv.exe
C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe
C:Program FilesCommon FilesAOLACSAOLAcsd.exe
C:Program FilesAOL 9.5waol.exe
C:Program FilesAOL 9.5shellmon.exe
C:Program FilesCommon FilesAOLTopspeed3.0aoltpsd3.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSsystem32rundll32.exe
C:DOCUME~1OwnerDesktopdds.scr

============== Pseudo HJT Report ===============

uLocal Page =
uStart Page = hxxp://www.aol.com
uURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:program filesaol toolbaraoltb.dll
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:program filesaol toolbaraoltb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:program filesyahoo!companioninstallscpnyt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:program filesaol toolbaraoltb.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:program filesmicrosoftsearch enhancement packsearch helperSEPsearchhelperie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:program filesyahoo!companioninstallscpnYTSingleInstance.dll
TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:program filesyahoo!companioninstallscpnyt.dll
TB: RefresherBand Class: {b24ba06e-fb7b-4757-95c2-dc01125f750e} - c:progra~1yrefre~1YREFRE~1.DLL
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:program filesaol toolbaraoltb.dll
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [SUPERAntiSpyware] c:program filessuperantispywareSUPERAntiSpyware.exe
uRun: [AOL Fast Start] "c:program filesaol 9.5AOL.EXE" -b
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [PDVDDXSrv] "c:program filescyberlinkpowerdvd dxPDVDDXSrv.exe"
mRun: [SoundMAXPnP] c:program filesanalog devicescoresmax4pnp.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:windowssystem32NvMcTray.dll,NvTaskbarInit
mRun: [HostManager] c:program filescommon filesaol1268628771eeAOLSoftware.exe
mRun: [readericon10] c:program filesmultimedia card readerreadericon10.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup
mRun: [ISUSScheduler] "c:progra~1common~1instal~1update~1issch.exe" -start
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 9.0readerReader_sl.exe"
mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe"
mRun: [MSSE] "c:program filesmicrosoft security essentialsmsseces.exe" -hide -runkey
mRun: [Microsoft Works Update Detection] c:program filescommon filesmicrosoft sharedworks sharedWkUFind.exe
mRun: [nmctxth] "c:program filescommon filespure networks sharedplatformnmctxth.exe"
mRun: [nmapp] "c:program filespure networksnetwork magicnmapp.exe" -autorun -nosplash
mRun: [SunJavaUpdateSched] "c:program filescommon filesjavajava updatejusched.exe"
mRun: [ISUSPM Startup] c:progra~1common~1instal~1update~1ISUSPM.exe -startup
StartupFolder: c:docume~1ownerstartm~1programsstartuperunta~1.lnk - c:program fileseruntAUTOBACK.EXE
StartupFolder: c:docume~1alluse~1startm~1programsstartupmicros~1.lnk - c:program filesmicrosoft officeoffice10OSA.EXE
mPolicies-explorer: <NO NAME> =
Trusted Zone: download.com
Trusted Zone: motive.compattta.att
Trusted Zone: motive.compatttbc.att
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268735616718
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:program filesbelarcadvisorsystemBAVoilaX.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:program filescommon filespure networks sharedplatformpuresp4.dll
Notify: !SASWinLogon - c:program filessuperantispywareSASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:program filessuperantispywareSASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:windowssystem32driversMpFilter.sys [2009-12-2 151216]
R1 SASDIFSV;SASDIFSV;c:program filessuperantispywaresasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2010-5-10 67656]
R2 SBKUPNT;SBKUPNT;c:windowssystem32driversSBKUPNT.SYS [2010-3-25 14976]
S0 Lbd;Lbd;c:windowssystem32driverslbd.sys --> c:windowssystem32driversLbd.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;??c:program fileslavasoftad-awarekernexplorer.sys --> c:program fileslavasoftad-awareKernExplorer.sys [?]
S4 gupdate;Google Update Service (gupdate);c:program filesgoogleupdateGoogleUpdate.exe [2010-5-12 136176]
S4 MXKGQ;MXKGQ;c:docume~1ownerlocals~1tempmxkgq.exe --> c:docume~1ownerlocals~1tempMXKGQ.exe [?]
S4 WSKOYQIJDFSF;WSKOYQIJDFSF;c:docume~1ownerlocals~1tempwskoyqijdfsf.exe --> c:docume~1ownerlocals~1tempWSKOYQIJDFSF.exe [?]
S4 YXTZ;YXTZ;c:docume~1ownerlocals~1tempyxtz.exe --> c:docume~1ownerlocals~1tempYXTZ.exe [?]

=============== Created Last 30 ================

2010-09-29 04:51:13 0 ----a-w- c:documents and settingsownerdefogger_reenable
2010-09-27 22:13:35 0 d-----w- c:program filesWinUpdatesList
2010-09-26 04:08:48 33588 ----a-r- c:windowssystem32driverswanatw4.sys
2010-09-25 04:38:02 0 d-----w- c:docume~1ownerapplic~1SUPERAntiSpyware.com
2010-09-25 04:38:02 0 d-----w- c:docume~1alluse~1applic~1SUPERAntiSpyware.com
2010-09-25 04:37:50 0 d-----w- c:program filesSUPERAntiSpyware
2010-09-14 20:19:32 0 d-sh--w- c:documents and settingsownerUserData
2010-09-13 05:55:14 0 d-sha-r- C:autorun.inf
2010-09-11 00:55:58 0 d-----w- C:77a4d30b3ffd4af8b968483748f50e83
2010-09-06 19:50:31 42 ----a-w- c:windowssystem32scud.udf
2010-09-06 17:40:49 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-09-06 17:40:47 20952 ----a-w- c:windowssystem32driversmbam.sys
2010-09-06 17:40:47 0 d-----w- c:program filesMalwarebytes' Anti-Malware
2010-09-06 01:31:56 0 d-----w- c:program filesESET
2010-09-05 03:50:28 0 d-----w- C:SDFix
2010-09-05 02:53:49 0 ----a-w- c:windowssystem32lo2.txtt
2010-09-01 16:25:57 0 d-----w- c:program filesSpywareBlaster

==================== Find3M ====================

2010-09-27 22:13:35 39424 ----a-w- c:windowszipinst.exe
2010-09-26 05:45:49 25992 ----a-w- c:windowssystem32pgdfgsvc.exe
2010-08-17 13:17:06 58880 ----a-w- c:windowssystem32spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:windowssystem32rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:windowssystem32xpsp4res.dll
2010-07-17 12:00:04 423656 ----a-w- c:windowssystem32deployJava1.dll
2010-07-01 17:11:02 389120 ----a-w- c:windowssystem32cmd.exe
2010-06-01 00:47:59 16384 --sha-w- c:windowssystem32configsystemprofileietldcacheindex.dat
2010-06-01 00:47:00 32768 --sha-w- c:windowssystem32configsystemprofilelocal settingsapplication datamicrosoftfeeds cacheindex.dat
2010-06-01 00:47:00 32768 --sha-w- c:windowssystem32configsystemprofilelocal settingshistoryhistory.ie5mshist012010053120100601index.dat
2010-06-01 00:47:00 32768 --sha-w- c:windowssystem32configsystemprofileprivacieindex.dat

============= FINISH: 21:53:11.56 ===============


Sorry folks-the DDS would not go to upload for some reason.

EDIT: Posts merged ~BP

Oh,...and here's the GMERresults:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-29 00:36:22
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:DOCUME~1OwnerLOCALS~1Tempkwwoykog.sys


---- System - GMER 1.0.15 ----

SSDT ??C:Program FilesSUPERAntiSpywareSASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB4A00620]

---- Kernel code sections - GMER 1.0.15 ----

.text C:WINDOWSsystem32DRIVERSnv4_mini.sys section is writeable [0xB7459380, 0x550AF5, 0xE8000020]
init C:WINDOWSsystem32driverssenfilt.sys entry point in "init" section [0xB6E97F80]

---- Devices - GMER 1.0.15 ----

AttachedDevice FileSystemFastfat Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.1

Edited by Orange Blossom, 29 September 2010 - 10:24 PM.
Merged posts ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:26 PM

Posted 03 October 2010 - 11:35 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 GKing

GKing
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SFBayArea
  • Local time:05:26 AM

Posted 03 October 2010 - 01:11 PM

Still checking in mOle-thanks.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:26 PM

Posted 03 October 2010 - 06:45 PM

Please run Combofix for me. There are several bad drivers running

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#5 GKing

GKing
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SFBayArea
  • Local time:05:26 AM

Posted 03 October 2010 - 10:16 PM

Thanks again mOle.



#6 GKing

GKing
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SFBayArea
  • Local time:05:26 AM

Posted 03 October 2010 - 10:20 PM

And try again>>>

ComboFix 10-10-03.01 - Owner 10/03/2010 20:02:12.9.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1723 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\comfix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\lo2.txtt

.
((((((((((((((((((((((((( Files Created from 2010-09-04 to 2010-10-04 )))))))))))))))))))))))))))))))
.

2010-10-02 04:24 . 2009-06-30 17:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-10-01 03:04 . 2010-10-01 03:04 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2010-09-30 22:49 . 2008-04-14 00:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-09-30 22:49 . 2001-08-18 05:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-09-30 22:49 . 2008-04-14 00:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-09-30 22:49 . 2001-08-18 05:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-09-30 22:49 . 2001-08-18 05:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-09-30 22:49 . 2001-08-18 05:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-09-30 22:49 . 2001-08-17 19:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-09-30 22:49 . 2004-08-04 06:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-09-30 22:49 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-09-30 22:47 . 2001-08-17 19:13 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys
2010-09-30 22:46 . 2001-08-17 20:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2010-09-30 22:45 . 2001-08-17 19:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2010-09-30 22:44 . 2001-08-17 19:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2010-09-30 22:43 . 2001-08-18 05:36 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2010-09-30 22:42 . 2001-08-18 05:36 12288 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2010-09-30 22:41 . 2001-08-17 19:50 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2010-09-30 22:40 . 2001-08-17 20:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2010-09-30 22:39 . 2001-08-17 19:12 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys
2010-09-30 22:38 . 2001-08-17 20:52 40320 -c--a-w- c:\windows\system32\dllcache\ql1080.sys
2010-09-30 22:37 . 2008-04-14 00:10 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll
2010-09-30 22:36 . 2001-08-17 21:05 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2010-09-30 22:35 . 2008-04-13 18:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-09-30 22:34 . 2001-08-17 21:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-09-30 22:33 . 2001-08-17 20:58 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2010-09-30 22:32 . 2001-08-18 05:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2010-09-30 22:31 . 2001-08-17 20:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2010-09-30 22:22 . 2001-08-17 21:06 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2010-09-30 22:21 . 2001-08-17 20:28 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2010-09-30 22:20 . 2001-08-18 05:36 48128 -c--a-w- c:\windows\system32\dllcache\hpgt33tk.dll
2010-09-30 22:19 . 2004-08-04 06:31 34173 -c--a-w- c:\windows\system32\dllcache\forehe.sys
2010-09-30 22:18 . 2001-08-17 20:50 114944 -c--a-w- c:\windows\system32\dllcache\epstw2k.sys
2010-09-30 22:17 . 2001-08-18 05:36 38985 -c--a-w- c:\windows\system32\dllcache\disrvsu.dll
2010-09-30 22:16 . 2001-08-17 19:19 96256 -c--a-w- c:\windows\system32\dllcache\ctlsb16.sys
2010-09-30 22:15 . 2001-08-17 20:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-09-30 22:14 . 2001-08-18 05:36 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2010-09-30 19:02 . 2003-01-10 21:13 33588 ----a-r- c:\windows\system32\drivers\wanatw4.sys
2010-09-28 06:25 . 2010-09-28 06:25 -------- d-----w- c:\documents and settings\Administrator.HOME-001FAB13A0\Application Data\Safer Networking
2010-09-27 22:13 . 2010-09-27 22:13 -------- d-----w- c:\program files\WinUpdatesList
2010-09-25 04:50 . 2010-09-25 04:50 63488 ----a-w- c:\documents and settings\Administrator.HOME-001FAB13A0\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-25 04:50 . 2010-09-25 04:50 52224 ----a-w- c:\documents and settings\Administrator.HOME-001FAB13A0\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-25 04:50 . 2010-09-25 04:50 117760 ----a-w- c:\documents and settings\Administrator.HOME-001FAB13A0\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-25 04:49 . 2010-09-25 04:49 -------- d-----w- c:\documents and settings\Administrator.HOME-001FAB13A0\Application Data\SUPERAntiSpyware.com
2010-09-25 04:39 . 2010-10-02 15:53 63488 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-25 04:39 . 2010-09-25 04:39 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-25 04:39 . 2010-10-02 15:53 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-25 04:38 . 2010-09-25 04:38 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-09-25 04:38 . 2010-09-25 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-25 04:37 . 2010-09-30 19:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-14 20:19 . 2010-09-14 20:19 -------- d-sh--w- c:\documents and settings\Owner\UserData
2010-09-11 00:55 . 2010-09-11 00:56 -------- d-----w- C:\77a4d30b3ffd4af8b968483748f50e83
2010-09-06 17:40 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-06 17:40 . 2010-09-06 17:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-06 17:40 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-06 01:31 . 2010-09-06 01:31 -------- d-----w- c:\program files\ESET
2010-09-05 03:50 . 2010-09-30 16:36 -------- d-----w- C:\SDFix
2010-09-05 03:34 . 2010-09-05 03:43 -------- d-----w- c:\documents and settings\Administrator.HOME-001FAB13A0\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-04 02:52 . 2010-03-15 08:53 -------- d-----w- c:\documents and settings\All Users\Application Data\ATTYToolbar
2010-10-03 05:13 . 2010-05-25 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-02 19:22 . 2010-04-01 03:32 -------- d-----w- c:\program files\Windows Media Connect 2
2010-10-02 19:22 . 2010-04-05 02:35 -------- d-----w- c:\program files\Microsoft Works
2010-10-02 19:22 . 2010-05-11 19:12 -------- d-----w- c:\program files\AOL 9.5
2010-09-30 19:19 . 2010-05-11 19:12 -------- d-----w- c:\program files\Common Files\aolshare
2010-09-30 17:16 . 2004-08-04 10:00 389120 ----a-w- c:\windows\system32\cmd.exe
2010-09-29 04:32 . 2010-03-15 17:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-29 04:32 . 2010-09-01 16:25 -------- d-----w- c:\program files\SpywareBlaster
2010-09-28 06:30 . 2010-05-01 21:29 58864 ----a-w- c:\documents and settings\Administrator.HOME-001FAB13A0\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-27 22:13 . 2010-03-29 08:25 39424 ----a-w- c:\windows\zipinst.exe
2010-09-26 05:45 . 2010-05-28 02:02 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2010-09-20 12:29 . 2010-03-25 06:19 -------- d-----w- c:\program files\Google
2010-09-15 04:40 . 2010-04-30 21:16 58864 ----a-w- c:\documents and settings\Patty.HOME-001FAB13A0\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-11 00:50 . 2010-04-01 22:19 -------- d-----w- c:\program files\CCleaner
2010-09-06 17:16 . 2010-07-09 18:59 -------- d-----w- c:\program files\Mwbytes
2010-09-01 15:09 . 2010-03-14 19:39 58864 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-17 13:17 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 06:35 . 2010-03-15 04:54 -------- d-----w- c:\program files\AOL Toolbar
2010-08-16 06:35 . 2010-08-16 06:35 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-08-15 19:40 . 2010-08-15 19:40 -------- d-----w- c:\program files\Common Files\Java
2010-08-15 19:40 . 2010-04-26 07:29 -------- d-----w- c:\program files\Java
2010-08-15 18:38 . 2010-03-15 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-08-10 18:14 . 2010-08-10 18:14 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-22cb333e-n\msvcp71.dll
2010-08-10 18:14 . 2010-08-10 18:14 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-22cb333e-n\jmc.dll
2010-08-10 18:14 . 2010-08-10 18:14 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-22cb333e-n\msvcr71.dll
2010-08-10 18:14 . 2010-08-10 18:14 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2836dc01-n\decora-sse.dll
2010-08-10 18:14 . 2010-08-10 18:14 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2836dc01-n\decora-d3d.dll
2010-07-22 16:40 . 2010-07-22 16:40 380928 ----a-w- c:\documents and settings\All Users\Application Data\AOL Toolbar\ieToolbar\resources\en-US\aoltbres.dll
2010-07-22 15:49 . 2004-08-04 10:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2010-03-14 21:34 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 12:00 . 2010-04-26 07:29 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-17 06:22 . 2010-03-23 03:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\AOL 9.5\AOL.EXE" [2010-03-23 29520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2003-05-16 19968]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"HostManager"="c:\program files\Common Files\AOL\1268628771\ee\AOLSoftware.exe" [2010-02-10 41800]
"readericon10"="c:\program files\Multimedia Card Reader\readericon10.exe" [2007-05-03 131072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2006-10-03 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-17 28672]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-22 451896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1268628771\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\Microsoft Security Essentials\\msseces.exe"=
"c:\\Program Files\\SpywareBlaster\\spywareblaster.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\NirSoft\\WinUpdatesList\\wul.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowOutboundDestinationUnreachable"= 1 (0x1)

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/1/2010 9:24 PM 28552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [3/25/2010 10:18 AM 14976]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 PORTMON;PORTMON;\??\c:\documents and settings\Owner\My Documents\SysinternalsSuite\PORTMSYS.SYS --> c:\documents and settings\Owner\My Documents\SysinternalsSuite\PORTMSYS.SYS [?]
S3 SATND;SATND;c:\docume~1\Owner\LOCALS~1\Temp\SATND.exe --> c:\docume~1\Owner\LOCALS~1\Temp\SATND.exe [?]
S4 GSX;GSX;c:\docume~1\Owner\LOCALS~1\Temp\GSX.exe --> c:\docume~1\Owner\LOCALS~1\Temp\GSX.exe [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/12/2010 8:16 PM 136176]
S4 MXKGQ;MXKGQ;c:\docume~1\Owner\LOCALS~1\Temp\MXKGQ.exe --> c:\docume~1\Owner\LOCALS~1\Temp\MXKGQ.exe [?]
S4 WSKOYQIJDFSF;WSKOYQIJDFSF;c:\docume~1\Owner\LOCALS~1\Temp\WSKOYQIJDFSF.exe --> c:\docume~1\Owner\LOCALS~1\Temp\WSKOYQIJDFSF.exe [?]
S4 YXTZ;YXTZ;c:\docume~1\Owner\LOCALS~1\Temp\YXTZ.exe --> c:\docume~1\Owner\LOCALS~1\Temp\YXTZ.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2010-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 03:16]

2010-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 03:16]

2010-10-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 04:40]
.
.
------- Supplementary Scan -------
.
uLocal Page =
Trusted Zone: download.com
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
.
- - - - ORPHANS REMOVED - - - -

AddRemove-ActiveScan 2.0 - c:\program files\Panda Security\ActiveScan 2.0\as2uninst.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,41,32,ff,ee,e3,ce,64,47,81,0a,68,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,41,32,ff,ee,e3,ce,64,47,81,0a,68,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2010-10-03 20:08:45
ComboFix-quarantined-files.txt 2010-10-04 03:08

Pre-Run: 74,053,013,504 bytes free
Post-Run: 74,280,624,128 bytes free

- - End Of File - - A74FA348CE7CAB309719D4F7F4B50847


#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:26 PM

Posted 04 October 2010 - 03:48 PM

Let's clear up the problems now

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

QUOTE
File::
c:\docume~1\Owner\LOCALS~1\Temp\SATND.exe
c:\docume~1\Owner\LOCALS~1\Temp\GSX.exe
c:\docume~1\Owner\LOCALS~1\Temp\MXKGQ.exe
c:\docume~1\Owner\LOCALS~1\Temp\WSKOYQIJDFSF.exe
c:\docume~1\Owner\LOCALS~1\Temp\YXTZ.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"bdx"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\bdx]

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

Driver::
SATND
GSX
MXKGQ
WSKOYQIJDFSF
YXTZ
bdx


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)




Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Posted Image
m0le is a proud member of UNITE

#8 GKing

GKing
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SFBayArea
  • Local time:05:26 AM

Posted 04 October 2010 - 09:11 PM

Well I followed your instructions mOle but comboFix would not produce a log-I waited quit a while-I ran CF again (with the icon merging) and and after the Blue screen appeared a window came-up saying 'are you trying to run CFScript?' and stated how the script had spell errors???
Anyhow, I decided not to mess with CF any more and let a experienced tech like yourself deal with that-I believe messing with CF runs opens-up more problems without further instructions. Thanks for trying so far though. whistling.gif

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:26 PM

Posted 05 October 2010 - 02:18 PM

Just checking, do you know if you accidentally copied and pasted the word "Quote" at the top of the box?
Posted Image
m0le is a proud member of UNITE

#10 GKing

GKing
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SFBayArea
  • Local time:05:26 AM

Posted 05 October 2010 - 10:53 PM

The only time I remember using the 'quote' function in my whole BP history was a week and a half ago with boopme on post #2...I'll try anything again though just to make sure. Just give me the go ahead---but I have a funny feeling that I may end-up refomatting and saving my docs and pics to stick.
But still apreciate the help.

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:26 PM

Posted 06 October 2010 - 11:34 AM

Yes, retry but make sure that the word "quote" is not included in the copy and paste. Only from File:: to bdx

If this fails then don't worry, there are a few other ways to do what Combofix is attempting. thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#12 GKing

GKing
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SFBayArea
  • Local time:05:26 AM

Posted 06 October 2010 - 11:28 PM

Daaa...the word 'quote'-I get it...oh my... I must have been big time tired after work when I wrote this last reply...I was thinking something else.
poster_oops.gif

Well, here's what you requested mOle and thanks for latitude to side step my being a d.a. this time. dry.gif




ComboFix 10-10-06.02 - Owner 10/06/2010 20:43:52.11.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1874 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\comfix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FILE ::
"c:\docume~1\Owner\LOCALS~1\Temp\GSX.exe"
"c:\docume~1\Owner\LOCALS~1\Temp\MXKGQ.exe"
"c:\docume~1\Owner\LOCALS~1\Temp\SATND.exe"
"c:\docume~1\Owner\LOCALS~1\Temp\WSKOYQIJDFSF.exe"
"c:\docume~1\Owner\LOCALS~1\Temp\YXTZ.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GSX
-------\Legacy_MXKGQ
-------\Legacy_SATND
-------\Legacy_WSKOYQIJDFSF
-------\Legacy_YXTZ
-------\Service_GSX
-------\Service_MXKGQ
-------\Service_SATND
-------\Service_WSKOYQIJDFSF
-------\Service_YXTZ


((((((((((((((((((((((((( Files Created from 2010-09-07 to 2010-10-07 )))))))))))))))))))))))))))))))
.

2010-10-02 04:24 . 2009-06-30 17:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-10-01 03:04 . 2010-10-01 03:04 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2010-09-30 22:49 . 2008-04-14 00:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-09-30 22:49 . 2001-08-18 05:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-09-30 22:49 . 2008-04-14 00:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-09-30 22:49 . 2001-08-18 05:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-09-30 22:49 . 2001-08-18 05:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-09-30 22:49 . 2001-08-18 05:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-09-30 22:49 . 2001-08-17 19:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-09-30 22:49 . 2004-08-04 06:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-09-30 22:49 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-09-30 22:47 . 2001-08-17 19:13 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys
2010-09-30 22:46 . 2001-08-17 20:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2010-09-30 22:45 . 2001-08-17 19:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2010-09-30 22:44 . 2001-08-17 19:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2010-09-30 22:43 . 2001-08-18 05:36 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2010-09-30 22:42 . 2001-08-18 05:36 12288 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2010-09-30 22:41 . 2001-08-17 19:50 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2010-09-30 22:40 . 2001-08-17 20:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2010-09-30 22:39 . 2001-08-17 19:12 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys
2010-09-30 22:38 . 2001-08-17 20:52 40320 -c--a-w- c:\windows\system32\dllcache\ql1080.sys
2010-09-30 22:37 . 2008-04-14 00:10 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll
2010-09-30 22:36 . 2001-08-17 21:05 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2010-09-30 22:35 . 2008-04-13 18:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-09-30 22:34 . 2001-08-17 21:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-09-30 22:33 . 2001-08-17 20:58 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2010-09-30 22:32 . 2001-08-18 05:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2010-09-30 22:31 . 2001-08-17 20:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2010-09-30 22:22 . 2001-08-17 21:06 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2010-09-30 22:21 . 2001-08-17 20:28 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2010-09-30 22:20 . 2001-08-18 05:36 48128 -c--a-w- c:\windows\system32\dllcache\hpgt33tk.dll
2010-09-30 22:19 . 2004-08-04 06:31 34173 -c--a-w- c:\windows\system32\dllcache\forehe.sys
2010-09-30 22:18 . 2001-08-17 20:50 114944 -c--a-w- c:\windows\system32\dllcache\epstw2k.sys
2010-09-30 22:17 . 2001-08-18 05:36 38985 -c--a-w- c:\windows\system32\dllcache\disrvsu.dll
2010-09-30 22:16 . 2001-08-17 19:19 96256 -c--a-w- c:\windows\system32\dllcache\ctlsb16.sys
2010-09-30 22:15 . 2001-08-17 20:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-09-30 22:14 . 2001-08-18 05:36 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2010-09-30 19:02 . 2003-01-10 21:13 33588 ----a-r- c:\windows\system32\drivers\wanatw4.sys
2010-09-28 06:25 . 2010-09-28 06:25 -------- d-----w- c:\documents and settings\Administrator.HOME-001FAB13A0\Application Data\Safer Networking
2010-09-27 22:13 . 2010-09-27 22:13 -------- d-----w- c:\program files\WinUpdatesList
2010-09-25 04:50 . 2010-09-25 04:50 63488 ----a-w- c:\documents and settings\Administrator.HOME-001FAB13A0\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-25 04:50 . 2010-09-25 04:50 52224 ----a-w- c:\documents and settings\Administrator.HOME-001FAB13A0\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-25 04:50 . 2010-09-25 04:50 117760 ----a-w- c:\documents and settings\Administrator.HOME-001FAB13A0\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-25 04:49 . 2010-09-25 04:49 -------- d-----w- c:\documents and settings\Administrator.HOME-001FAB13A0\Application Data\SUPERAntiSpyware.com
2010-09-25 04:38 . 2010-09-25 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-14 20:19 . 2010-09-14 20:19 -------- d-sh--w- c:\documents and settings\Owner\UserData
2010-09-11 00:55 . 2010-09-11 00:56 -------- d-----w- C:\77a4d30b3ffd4af8b968483748f50e83

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 05:24 . 2010-03-15 17:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-10-05 05:24 . 2010-09-01 16:25 -------- d-----w- c:\program files\SpywareBlaster
2010-10-05 01:55 . 2010-03-15 08:53 -------- d-----w- c:\documents and settings\All Users\Application Data\ATTYToolbar
2010-10-05 01:34 . 2010-09-06 17:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-05 01:19 . 2010-05-25 16:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-05 01:19 . 2010-05-25 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-02 19:22 . 2010-04-01 03:32 -------- d-----w- c:\program files\Windows Media Connect 2
2010-10-02 19:22 . 2010-04-05 02:35 -------- d-----w- c:\program files\Microsoft Works
2010-10-02 19:22 . 2010-05-11 19:12 -------- d-----w- c:\program files\AOL 9.5
2010-09-30 19:19 . 2010-05-11 19:12 -------- d-----w- c:\program files\Common Files\aolshare
2010-09-30 17:16 . 2004-08-04 10:00 389120 ----a-w- c:\windows\system32\cmd.exe
2010-09-28 06:30 . 2010-05-01 21:29 58864 ----a-w- c:\documents and settings\Administrator.HOME-001FAB13A0\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-27 22:13 . 2010-03-29 08:25 39424 ----a-w- c:\windows\zipinst.exe
2010-09-26 05:45 . 2010-05-28 02:02 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2010-09-20 12:29 . 2010-03-25 06:19 -------- d-----w- c:\program files\Google
2010-09-15 04:40 . 2010-04-30 21:16 58864 ----a-w- c:\documents and settings\Patty.HOME-001FAB13A0\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-11 00:50 . 2010-04-01 22:19 -------- d-----w- c:\program files\CCleaner
2010-09-06 17:16 . 2010-07-09 18:59 -------- d-----w- c:\program files\Mwbytes
2010-09-06 01:31 . 2010-09-06 01:31 -------- d-----w- c:\program files\ESET
2010-09-01 15:09 . 2010-03-14 19:39 58864 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-17 13:17 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 06:35 . 2010-03-15 04:54 -------- d-----w- c:\program files\AOL Toolbar
2010-08-16 06:35 . 2010-08-16 06:35 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-08-15 19:40 . 2010-08-15 19:40 -------- d-----w- c:\program files\Common Files\Java
2010-08-15 19:40 . 2010-04-26 07:29 -------- d-----w- c:\program files\Java
2010-08-15 18:38 . 2010-03-15 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-08-10 18:14 . 2010-08-10 18:14 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-22cb333e-n\msvcp71.dll
2010-08-10 18:14 . 2010-08-10 18:14 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-22cb333e-n\jmc.dll
2010-08-10 18:14 . 2010-08-10 18:14 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-22cb333e-n\msvcr71.dll
2010-08-10 18:14 . 2010-08-10 18:14 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2836dc01-n\decora-sse.dll
2010-08-10 18:14 . 2010-08-10 18:14 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2836dc01-n\decora-d3d.dll
2010-07-22 16:40 . 2010-07-22 16:40 380928 ----a-w- c:\documents and settings\All Users\Application Data\AOL Toolbar\ieToolbar\resources\en-US\aoltbres.dll
2010-07-22 15:49 . 2004-08-04 10:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2010-03-14 21:34 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 12:00 . 2010-04-26 07:29 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-17 06:22 . 2010-03-23 03:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-10-04_03.06.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-07 01:29 . 2010-10-07 01:29 16384 c:\windows\Temp\Perflib_Perfdata_13c.dat
- 2010-10-01 04:37 . 2010-10-03 17:58 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-01 04:37 . 2010-10-07 01:28 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-15 02:52 . 2010-10-07 01:28 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-03-15 02:52 . 2010-10-03 17:58 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-10-01 04:37 . 2010-10-07 01:28 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-10-01 04:37 . 2010-10-03 17:58 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-10-07 01:39 . 2010-10-07 01:40 1746 c:\windows\SoftwareDistribution\EventCache\{33BC6453-BCF4-48CD-8D8F-4CBEC2474FF9}.bin
+ 2010-10-07 01:31 . 2010-10-07 01:31 184320 c:\windows\ERDNT\AutoBackup\10-6-2010\Users\00000002\UsrClass.dat
+ 2010-10-07 01:31 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\10-6-2010\ERDNT.EXE
+ 2010-10-06 03:17 . 2010-10-06 03:17 184320 c:\windows\ERDNT\AutoBackup\10-5-2010\Users\00000002\UsrClass.dat
+ 2010-10-06 03:17 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\10-5-2010\ERDNT.EXE
+ 2010-10-04 16:17 . 2010-10-04 16:17 184320 c:\windows\ERDNT\AutoBackup\10-4-2010\Users\00000002\UsrClass.dat
+ 2010-10-04 16:17 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\10-4-2010\ERDNT.EXE
+ 2010-10-07 01:31 . 2010-10-07 01:31 3989504 c:\windows\ERDNT\AutoBackup\10-6-2010\Users\00000001\ntuser.dat
+ 2010-10-06 03:17 . 2010-10-06 03:17 3989504 c:\windows\ERDNT\AutoBackup\10-5-2010\Users\00000001\ntuser.dat
+ 2010-10-04 16:17 . 2010-10-04 16:17 3956736 c:\windows\ERDNT\AutoBackup\10-4-2010\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2003-05-16 19968]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"HostManager"="c:\program files\Common Files\AOL\1268628771\ee\AOLSoftware.exe" [2010-02-10 41800]
"readericon10"="c:\program files\Multimedia Card Reader\readericon10.exe" [2007-05-03 131072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2006-10-03 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-17 28672]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-22 451896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1268628771\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\Microsoft Security Essentials\\msseces.exe"=
"c:\\Program Files\\SpywareBlaster\\spywareblaster.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\NirSoft\\WinUpdatesList\\wul.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowOutboundDestinationUnreachable"= 1 (0x1)

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/1/2010 9:24 PM 28552]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [3/25/2010 10:18 AM 14976]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 PORTMON;PORTMON;\??\c:\documents and settings\Owner\My Documents\SysinternalsSuite\PORTMSYS.SYS --> c:\documents and settings\Owner\My Documents\SysinternalsSuite\PORTMSYS.SYS [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/12/2010 8:16 PM 136176]
.
Contents of the 'Scheduled Tasks' folder

2010-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 03:16]

2010-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 03:16]

2010-10-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 04:40]
.
.
------- Supplementary Scan -------
.
uLocal Page =
Trusted Zone: download.com
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)


.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2596)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-10-06 20:50:10
ComboFix-quarantined-files.txt 2010-10-07 03:50
ComboFix2.txt 2010-10-04 03:08

Pre-Run: 74,270,445,568 bytes free
Post-Run: 74,274,107,392 bytes free

- - End Of File - - 88073F0F85E6FE00C65A6195F44083E1






#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:26 PM

Posted 07 October 2010 - 05:29 PM

That's more like it! thumbup2.gif

You are not a d.a., Google the error message and take a look at how many people have done that before you. Easy mistake to make.

Please run ESET's online scanner next
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Leave the top box checked and then check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#14 GKing

GKing
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SFBayArea
  • Local time:05:26 AM

Posted 08 October 2010 - 12:41 PM

No online eset log to report mOle.

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:26 PM

Posted 08 October 2010 - 07:07 PM

Bingo!

How's the PC running?
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users