Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with sysguard, ran combo fix


  • Please log in to reply
9 replies to this topic

#1 green2000gt

green2000gt

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 08 January 2011 - 01:35 PM

I am infected with sysguard and it redirects searches I do (google,yahoo, ask) I have ran super anti spyware, malwarebytes, avg, hitman pro, spybot and they are not able to get rid of it, spybot and malware show it but they are not able to get rid of it. I ran combo fix and I know I was not suppose to but I was up all night trying to fix it. combo fix says it deleted it but I am still haveing the redirect problem. here is trhe combo fix log.

The fake malware removal tool does not seem to be poping up anymore.






ComboFix 11-01-07.01 - Stephen 01/08/2011 0:22.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1915.1193 [GMT -8:00]
Running from: c:\users\Stephen\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Search Settings
c:\users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Memory Fixer
c:\users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Memory Fixer\Memory Fixer.lnk
c:\users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Memory Fixer\Uninstall Memory Fixer.lnk
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\drivers\sst89CA.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_sst89CA
-------\Service_sst89CA


((((((((((((((((((((((((( Files Created from 2010-12-08 to 2011-01-08 )))))))))))))))))))))))))))))))
.

2011-01-08 08:48 . 2011-01-08 08:54 -------- d-----w- c:\users\Stephen\AppData\Local\temp
2011-01-08 08:48 . 2011-01-08 08:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-08 06:31 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{35A1751A-D60D-4C38-801E-1D3679765ACF}\mpengine.dll
2011-01-07 01:09 . 2011-01-07 01:09 -------- d-----w- c:\users\Stephen\AppData\Roaming\SUPERAntiSpyware.com
2011-01-07 01:09 . 2011-01-07 01:09 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-01-07 01:09 . 2011-01-07 01:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-06 22:55 . 2011-01-06 22:55 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-01-06 22:42 . 2011-01-08 06:45 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-01-06 22:42 . 2011-01-06 22:42 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-01-06 22:42 . 2011-01-06 22:55 -------- d-----w- c:\programdata\Hitman Pro
2011-01-06 06:07 . 2011-01-06 06:07 -------- d-----w- c:\users\Stephen\AppData\Roaming\AVG10
2011-01-06 06:04 . 2011-01-06 06:04 -------- d--h--w- c:\programdata\Common Files
2011-01-06 06:03 . 2011-01-08 06:19 -------- d-----w- c:\programdata\AVG10
2011-01-06 06:01 . 2011-01-06 06:01 -------- d-----w- c:\program files\AVG
2011-01-06 05:57 . 2011-01-06 06:02 -------- d-----w- c:\programdata\MFAData
2011-01-06 05:51 . 2011-01-06 05:51 -------- d-----w- c:\program files\CCleaner
2011-01-06 02:31 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-06 02:31 . 2011-01-06 02:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-06 02:31 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-05 06:53 . 2011-01-05 06:53 0 ----a-w- c:\windows\system32\drivers\sst89CA.tmp
2010-12-16 04:54 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-16 04:54 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-16 04:54 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-16 04:54 . 2010-10-18 13:31 2038272 ----a-w- c:\windows\system32\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 18:41 . 2009-10-03 16:12 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"cdloader"="c:\users\Stephen\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-14 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-21 30192]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-05 198160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-27 813584]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-2-5 495432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-21 30192]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-04-02 62776]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-08 00:53
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5620)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RtHDVCpl.exe
c:\program files\Toshiba\Power Saver\TPwrMain.exe
c:\program files\Toshiba\SmoothView\SmoothView.exe
c:\program files\Toshiba\FlashCards\TCrdMain.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Toshiba\TOSCDSPD\TOSCDSPD.exe
c:\windows\system32\igfxext.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-01-08 01:09:00 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-08 09:08

Pre-Run: 80,491,945,984 bytes free
Post-Run: 80,059,539,456 bytes free

- - End Of File - - 3F92923F2D0B89794CBD87B09754300C

Here are the logs




dds log




DDS (Ver_10-12-12.02) - NTFSx86
Run by Stephen at 15:44:00.79 on Sat 01/08/2011
Internet Explorer: 8.0.6001.18999
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1915.826 [GMT -8:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k wdisvc
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2B7LTHBP\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [cdloader] "c:\users\stephen\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://games.pogo.com/online2/pogo/astropop/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll

============= SERVICES / DRIVERS ===============

R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-5-11 20384]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-16 40960]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-19 1153368]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-9-30 62776]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-30 7168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-30 30192]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-5-11 954368]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-9-30 9216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-01-08 09:05:43 -------- d-sh--w- C:\$RECYCLE.BIN
2011-01-08 08:48:11 -------- d-----w- c:\users\stephen\appdata\local\temp
2011-01-08 08:14:09 98816 ----a-w- c:\windows\sed.exe
2011-01-08 08:14:09 89088 ----a-w- c:\windows\MBR.exe
2011-01-08 08:14:09 256512 ----a-w- c:\windows\PEV.exe
2011-01-08 08:14:09 161792 ----a-w- c:\windows\SWREG.exe
2011-01-08 08:09:11 -------- d-----w- C:\ComboFix
2011-01-08 06:31:23 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{35a1751a-d60d-4c38-801e-1d3679765acf}\mpengine.dll
2011-01-07 01:09:40 -------- d-----w- c:\users\stephen\appdata\roaming\SUPERAntiSpyware.com
2011-01-07 01:09:40 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-01-07 01:09:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-06 22:55:24 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-01-06 22:42:40 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-01-06 22:42:38 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-01-06 22:42:09 -------- d-----w- c:\progra~2\Hitman Pro
2011-01-06 06:07:18 -------- d-----w- c:\users\stephen\appdata\roaming\AVG10
2011-01-06 06:04:55 -------- d--h--w- c:\progra~2\Common Files
2011-01-06 06:03:02 -------- d-----w- c:\progra~2\AVG10
2011-01-06 06:01:50 -------- d-----w- c:\program files\AVG
2011-01-06 05:57:17 -------- d-----w- c:\progra~2\MFAData
2011-01-06 05:51:16 -------- d-----w- c:\program files\CCleaner
2011-01-06 02:31:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-06 02:31:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-06 02:31:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-05 06:53:47 0 ----a-w- c:\windows\system32\drivers\sst89CA.tmp
2010-12-16 04:54:03 66048 ----a-w- c:\program files\windows mail\wabmig.exe
2010-12-16 04:54:03 515584 ----a-w- c:\program files\windows mail\wab.exe
2010-12-16 04:54:03 33280 ----a-w- c:\program files\windows mail\wabfind.dll
2010-12-16 04:54:01 2038272 ----a-w- c:\windows\system32\win32k.sys

==================== Find3M ====================

2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20:12 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-19 18:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-18 13:37:35 81920 ----a-w- c:\windows\system32\consent.exe

============= FINISH: 15:50:20.35 ===============











GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-08 18:19:53
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.FG01
Running: gmer.exe; Driver: C:\Users\Stephen\AppData\Local\Temp\kxddrfog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8D341620]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 621 82CFCD84 4 Bytes [20, 16, 34, 8D] {AND [ESI], DL; XOR AL, 0x8d}
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8894F480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x88990900, 0x3CA, 0x48000040]
? C:\Users\Stephen\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!CreateDialogParamW 772072A2 5 Bytes JMP 6B08DED0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!GetAsyncKeyState 7720863C 5 Bytes JMP 6AFA8F1F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!SetWindowsHookExW 772087AD 5 Bytes JMP 6B089AE9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!CallNextHookEx 77208E3B 5 Bytes JMP 6B07D145 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!UnhookWindowsHookEx 772098DB 5 Bytes JMP 6AFF4696 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!EnableWindow 7720CD8B 5 Bytes JMP 6B08DD5D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!CreateWindowExW 77211305 5 Bytes JMP 6B08DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!GetKeyState 77218CB1 5 Bytes JMP 6B08D30B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!IsDialogMessageW 77220745 5 Bytes JMP 6AFB5A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!CreateDialogParamA 772217AA 5 Bytes JMP 6B185C74 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!IsDialogMessage 77221847 5 Bytes JMP 6B185510 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!CreateDialogIndirectParamA 772226F1 5 Bytes JMP 6B185CAB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!CreateDialogIndirectParamW 77229A62 5 Bytes JMP 6B185CE2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!SetKeyboardState 77230987 5 Bytes JMP 6B18587F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!DialogBoxParamW 772310B0 5 Bytes JMP 6AFB5501 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!DialogBoxIndirectParamW 77232EF5 5 Bytes JMP 6B184FEF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!SendInput 77232F75 5 Bytes JMP 6B18643B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!EndDialog 7723326E 5 Bytes JMP 6AFB7EBA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!SetCursorPos 77246FB2 5 Bytes JMP 6B18648F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!DialogBoxParamA 77248152 5 Bytes JMP 6B184F8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!DialogBoxIndirectParamA 7724847D 5 Bytes JMP 6B185052 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!MessageBoxIndirectA 7725D4D9 5 Bytes JMP 6B184F21 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!MessageBoxIndirectW 7725D5D3 5 Bytes JMP 6B184EB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!MessageBoxExA 7725D639 5 Bytes JMP 6B184E54 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!MessageBoxExW 7725D65D 5 Bytes JMP 6B184DF2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] USER32.dll!keybd_event 7725D972 5 Bytes JMP 6B1867BF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] SHELL32.dll!SHRestricted + D95 767789A8 4 Bytes [4D, 30, B9, 6A]
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] SHELL32.dll!SHRestricted + D9D 767789B0 8 Bytes [57, 2F, B9, 6A, 9C, 5B, B8, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] ole32.dll!OleLoadFromStream 76461E80 5 Bytes JMP 6B185370 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] ole32.dll!CoCreateInstance 76499F3E 5 Bytes JMP 6B08DBA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] WS2_32.dll!closesocket 773F330C 5 Bytes JMP 0270000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] WS2_32.dll!recv 773F343A 5 Bytes JMP 026E000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] WS2_32.dll!connect 773F40D9 5 Bytes JMP 026F000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] WS2_32.dll!getaddrinfo 773F418A 5 Bytes JMP 0273000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] WS2_32.dll!send 773F659B 5 Bytes JMP 0271000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] WS2_32.dll!gethostbyname 774062D4 5 Bytes JMP 0272000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] WININET.dll!HttpAddRequestHeadersA 7636CF4E 5 Bytes JMP 0268000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] WININET.dll!HttpOpenRequestA 7636D508 5 Bytes JMP 026B000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] WININET.dll!InternetConnectA 7636DEAE 5 Bytes JMP 026D000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] WININET.dll!InternetConnectW 7636F862 5 Bytes JMP 026C000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] WININET.dll!HttpOpenRequestW 7636FBFB 5 Bytes JMP 026A000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2172] WININET.dll!HttpAddRequestHeadersW 7636FE49 5 Bytes JMP 0269000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3484] USER32.dll!CreateWindowExW 77211305 5 Bytes JMP 6B08DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3484] USER32.dll!DialogBoxParamW 772310B0 5 Bytes JMP 6AFB5501 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3484] USER32.dll!DialogBoxIndirectParamW 77232EF5 5 Bytes JMP 6B184FEF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3484] USER32.dll!DialogBoxParamA 77248152 5 Bytes JMP 6B184F8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3484] USER32.dll!DialogBoxIndirectParamA 7724847D 5 Bytes JMP 6B185052 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3484] USER32.dll!MessageBoxIndirectA 7725D4D9 5 Bytes JMP 6B184F21 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3484] USER32.dll!MessageBoxIndirectW 7725D5D3 5 Bytes JMP 6B184EB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3484] USER32.dll!MessageBoxExA 7725D639 5 Bytes JMP 6B184E54 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3484] USER32.dll!MessageBoxExW 7725D65D 5 Bytes JMP 6B184DF2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3484] WININET.dll!HttpAddRequestHeadersA 7636CF4E 5 Bytes JMP 02C7000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3484] WININET.dll!HttpOpenRequestA 7636D508 5 Bytes JMP 02CA000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3484] WININET.dll!InternetConnectA 7636DEAE 5 Bytes JMP 02CC000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3484] WININET.dll!InternetConnectW 7636F862 5 Bytes JMP 02CB000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3484] WININET.dll!HttpOpenRequestW 7636FBFB 5 Bytes JMP 02C9000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3484] WININET.dll!HttpAddRequestHeadersW 7636FE49 5 Bytes JMP 02C8000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3484] ws2_32.dll!closesocket 773F330C 5 Bytes JMP 02ED000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3484] ws2_32.dll!recv 773F343A 5 Bytes JMP 02EA000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3484] ws2_32.dll!connect 773F40D9 5 Bytes JMP 02EC000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3484] ws2_32.dll!getaddrinfo 773F418A 5 Bytes JMP 02F0000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3484] ws2_32.dll!send 773F659B 5 Bytes JMP 02EE000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3484] ws2_32.dll!gethostbyname 774062D4 5 Bytes JMP 02EF000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4664] USER32.dll!CreateWindowExW 77211305 5 Bytes JMP 6B08DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4664] USER32.dll!DialogBoxParamW 772310B0 5 Bytes JMP 6AFB5501 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4664] USER32.dll!DialogBoxIndirectParamW 77232EF5 5 Bytes JMP 6B184FEF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4664] USER32.dll!DialogBoxParamA 77248152 5 Bytes JMP 6B184F8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4664] USER32.dll!DialogBoxIndirectParamA 7724847D 5 Bytes JMP 6B185052 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4664] USER32.dll!MessageBoxIndirectA 7725D4D9 5 Bytes JMP 6B184F21 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4664] USER32.dll!MessageBoxIndirectW 7725D5D3 5 Bytes JMP 6B184EB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4664] USER32.dll!MessageBoxExA 7725D639 5 Bytes JMP 6B184E54 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4664] USER32.dll!MessageBoxExW 7725D65D 5 Bytes JMP 6B184DF2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4664] WININET.dll!HttpAddRequestHeadersA 7636CF4E 5 Bytes JMP 01C5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4664] WININET.dll!HttpOpenRequestA 7636D508 5 Bytes JMP 01C8000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4664] WININET.dll!InternetConnectA 7636DEAE 5 Bytes JMP 01CA000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4664] WININET.dll!InternetConnectW 7636F862 5 Bytes JMP 01C9000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4664] WININET.dll!HttpOpenRequestW 7636FBFB 5 Bytes JMP 01C7000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4664] WININET.dll!HttpAddRequestHeadersW 7636FE49 5 Bytes JMP 01C6000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4664] ws2_32.dll!closesocket 773F330C 5 Bytes JMP 02EC000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4664] ws2_32.dll!recv 773F343A 5 Bytes JMP 02EA000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4664] ws2_32.dll!connect 773F40D9 5 Bytes JMP 02EB000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4664] ws2_32.dll!getaddrinfo 773F418A 5 Bytes JMP 02EF000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4664] ws2_32.dll!send 773F659B 5 Bytes JMP 02ED000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4664] ws2_32.dll!gethostbyname 774062D4 5 Bytes JMP 02EE000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] USER32.dll!CreateWindowExW 77211305 5 Bytes JMP 6B08DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] USER32.dll!DialogBoxParamW 772310B0 5 Bytes JMP 6AFB5501 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] USER32.dll!DialogBoxIndirectParamW 77232EF5 5 Bytes JMP 6B184FEF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] USER32.dll!DialogBoxParamA 77248152 5 Bytes JMP 6B184F8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] USER32.dll!DialogBoxIndirectParamA 7724847D 5 Bytes JMP 6B185052 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] USER32.dll!MessageBoxIndirectA 7725D4D9 5 Bytes JMP 6B184F21 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] USER32.dll!MessageBoxIndirectW 7725D5D3 5 Bytes JMP 6B184EB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] USER32.dll!MessageBoxExA 7725D639 5 Bytes JMP 6B184E54 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] USER32.dll!MessageBoxExW 7725D65D 5 Bytes JMP 6B184DF2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] WININET.dll!HttpAddRequestHeadersA 7636CF4E 5 Bytes JMP 00A8000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] WININET.dll!HttpOpenRequestA 7636D508 5 Bytes JMP 02EA000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] WININET.dll!InternetConnectA 7636DEAE 5 Bytes JMP 02EC000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] WININET.dll!InternetConnectW 7636F862 5 Bytes JMP 02EB000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] WININET.dll!HttpOpenRequestW 7636FBFB 5 Bytes JMP 02E9000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] WININET.dll!HttpAddRequestHeadersW 7636FE49 5 Bytes JMP 02C0000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] ws2_32.dll!closesocket 773F330C 5 Bytes JMP 02F2000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] ws2_32.dll!recv 773F343A 5 Bytes JMP 02F0000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] ws2_32.dll!connect 773F40D9 5 Bytes JMP 02F1000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] ws2_32.dll!getaddrinfo 773F418A 5 Bytes JMP 02F5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] ws2_32.dll!send 773F659B 5 Bytes JMP 02F3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] ws2_32.dll!gethostbyname 774062D4 5 Bytes JMP 02F4000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!CreateDialogParamW 772072A2 5 Bytes JMP 6B08DED0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!GetAsyncKeyState 7720863C 5 Bytes JMP 6AFA8F1F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!SetWindowsHookExW 772087AD 5 Bytes JMP 6B089AE9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!CallNextHookEx 77208E3B 5 Bytes JMP 6B07D145 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!UnhookWindowsHookEx 772098DB 5 Bytes JMP 6AFF4696 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!EnableWindow 7720CD8B 5 Bytes JMP 6B08DD5D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!CreateWindowExW 77211305 5 Bytes JMP 6B08DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!GetKeyState 77218CB1 5 Bytes JMP 6B08D30B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!IsDialogMessageW 77220745 5 Bytes JMP 6AFB5A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!CreateDialogParamA 772217AA 5 Bytes JMP 6B185C74 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!IsDialogMessage 77221847 5 Bytes JMP 6B185510 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!CreateDialogIndirectParamA 772226F1 5 Bytes JMP 6B185CAB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!CreateDialogIndirectParamW 77229A62 5 Bytes JMP 6B185CE2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!SetKeyboardState 77230987 5 Bytes JMP 6B18587F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!DialogBoxParamW 772310B0 5 Bytes JMP 6AFB5501 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!DialogBoxIndirectParamW 77232EF5 5 Bytes JMP 6B184FEF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!SendInput 77232F75 5 Bytes JMP 6B18643B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!EndDialog 7723326E 5 Bytes JMP 6AFB7EBA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!SetCursorPos 77246FB2 5 Bytes JMP 6B18648F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!DialogBoxParamA 77248152 5 Bytes JMP 6B184F8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!DialogBoxIndirectParamA 7724847D 5 Bytes JMP 6B185052 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!MessageBoxIndirectA 7725D4D9 5 Bytes JMP 6B184F21 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!MessageBoxIndirectW 7725D5D3 5 Bytes JMP 6B184EB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!MessageBoxExA 7725D639 5 Bytes JMP 6B184E54 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!MessageBoxExW 7725D65D 5 Bytes JMP 6B184DF2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] USER32.dll!keybd_event 7725D972 5 Bytes JMP 6B1867BF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] SHELL32.dll!SHRestricted + D95 767789A8 4 Bytes [4D, 30, B9, 6A]
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] SHELL32.dll!SHRestricted + D9D 767789B0 8 Bytes [57, 2F, B9, 6A, 9C, 5B, B8, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] ole32.dll!OleLoadFromStream 76461E80 5 Bytes JMP 6B185370 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] ole32.dll!CoCreateInstance 76499F3E 5 Bytes JMP 6B08DBA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] WS2_32.dll!closesocket 773F330C 5 Bytes JMP 0260000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] WS2_32.dll!recv 773F343A 5 Bytes JMP 025E000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] WS2_32.dll!connect 773F40D9 5 Bytes JMP 025F000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] WS2_32.dll!getaddrinfo 773F418A 5 Bytes JMP 0263000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] WS2_32.dll!send 773F659B 5 Bytes JMP 0261000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] WS2_32.dll!gethostbyname 774062D4 5 Bytes JMP 0262000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] WININET.dll!HttpAddRequestHeadersA 7636CF4E 5 Bytes JMP 0247000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] WININET.dll!HttpOpenRequestA 7636D508 5 Bytes JMP 025A000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] WININET.dll!InternetConnectA 7636DEAE 5 Bytes JMP 025D000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] WININET.dll!InternetConnectW 7636F862 5 Bytes JMP 025C000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] WININET.dll!HttpOpenRequestW 7636FBFB 5 Bytes JMP 0259000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5756] WININET.dll!HttpAddRequestHeadersW 7636FE49 5 Bytes JMP 0258000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] USER32.dll!CreateDialogParamW 772072A2 5 Bytes JMP 6B08DED0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] USER32.dll!GetAsyncKeyState 7720863C 5 Bytes JMP 6AFA8F1F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] USER32.dll!SetWindowsHookExW 772087AD 5 Bytes JMP 6B089AE9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] USER32.dll!CallNextHookEx 77208E3B 5 Bytes JMP 6B07D145 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] USER32.dll!UnhookWindowsHookEx 772098DB 5 Bytes JMP 6AFF4696 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] USER32.dll!EnableWindow 7720CD8B 5 Bytes JMP 6B08DD5D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] USER32.dll!CreateWindowExW 77211305 5 Bytes JMP 6B08DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] USER32.dll!GetKeyState 77218CB1 5 Bytes JMP 6B08D30B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] USER32.dll!IsDialogMessageW 77220745 5 Bytes JMP 6AFB5A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] USER32.dll!CreateDialogParamA 772217AA 5 Bytes JMP 6B185C74 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] USER32.dll!IsDialogMessage 77221847 5 Bytes JMP 6B185510 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] USER32.dll!CreateDialogIndirectParamA 772226F1 5 Bytes JMP 6B185CAB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] USER32.dll!CreateDialogIndirectParamW 77229A62 5 Bytes JMP 6B185CE2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] USER32.dll!SetKeyboardState 77230987 5 Bytes JMP 6B18587F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] USER32.dll!DialogBoxParamW 772310B0 5 Bytes JMP 6AFB5501 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] USER32.dll!DialogBoxIndirectParamW 77232EF5 5 Bytes JMP 6B184FEF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] USER32.dll!SendInput 77232F75 5 Bytes JMP 6B18643B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] USER32.dll!EndDialog 7723326E 5 Bytes JMP 6AFB7EBA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] USER32.dll!SetCursorPos 77246FB2 5 Bytes JMP 6B18648F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] USER32.dll!DialogBoxParamA 77248152 5 Bytes JMP 6B184F8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] USER32.dll!DialogBoxIndirectParamA 7724847D 5 Bytes JMP 6B185052 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] USER32.dll!MessageBoxIndirectA 7725D4D9 5 Bytes JMP 6B184F21 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] USER32.dll!MessageBoxIndirectW 7725D5D3 5 Bytes JMP 6B184EB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] USER32.dll!MessageBoxExA 7725D639 5 Bytes JMP 6B184E54 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] USER32.dll!MessageBoxExW 7725D65D 5 Bytes JMP 6B184DF2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] USER32.dll!keybd_event 7725D972 5 Bytes JMP 6B1867BF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] SHELL32.dll!SHRestricted + D95 767789A8 4 Bytes [4D, 30, B9, 6A]
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] SHELL32.dll!SHRestricted + D9D 767789B0 8 Bytes [57, 2F, B9, 6A, 9C, 5B, B8, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] ole32.dll!OleLoadFromStream 76461E80 5 Bytes JMP 6B185370 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] ole32.dll!CoCreateInstance 76499F3E 5 Bytes JMP 6B08DBA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] WS2_32.dll!closesocket 773F330C 5 Bytes JMP 01DC000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] WS2_32.dll!recv 773F343A 5 Bytes JMP 01DA000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] WS2_32.dll!connect 773F40D9 5 Bytes JMP 01DB000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] WS2_32.dll!getaddrinfo 773F418A 5 Bytes JMP 01DF000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] WS2_32.dll!send 773F659B 5 Bytes JMP 01DD000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] WS2_32.dll!gethostbyname 774062D4 5 Bytes JMP 01DE000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] WININET.dll!HttpAddRequestHeadersA 7636CF4E 5 Bytes JMP 01D4000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] WININET.dll!HttpOpenRequestA 7636D508 5 Bytes JMP 01D7000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] WININET.dll!InternetConnectA 7636DEAE 5 Bytes JMP 01D9000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] WININET.dll!InternetConnectW 7636F862 5 Bytes JMP 01D8000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] WININET.dll!HttpOpenRequestW 7636FBFB 5 Bytes JMP 01D6000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5884] WININET.dll!HttpAddRequestHeadersW 7636FE49 5 Bytes JMP 01D5000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\iaStor \Device\Ide\iaStor0 873031EB
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 873031EB
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 873031EB

---- Threads - GMER 1.0.15 ----

Thread System [4:284] 8730753C
Thread System [4:288] 8730952D

---- EOF - GMER 1.0.15 ----

Merged posts. ~ OB

Edited by Orange Blossom, 08 January 2011 - 09:47 PM.


BC AdBot (Login to Remove)

 


#2 green2000gt

green2000gt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 10 January 2011 - 02:40 AM

did my post get skipped over? did I not do somthing right with my post? please let me know, I am new and I am not sure if I did everything correct.

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our MRT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the MRT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 12 January 2011 - 06:08 PM.


#3 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:35 PM

Posted 13 January 2011 - 09:32 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks.

DR

#4 green2000gt

green2000gt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 13 January 2011 - 05:58 PM

Thank you for your help, I am very busy right now with a family matter but I plan on getting the logs on here later tonight. again thank you.

#5 green2000gt

green2000gt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 14 January 2011 - 01:41 PM

here are the new logs with cd emulation off.







DDS (Ver_10-12-12.02) - NTFSx86
Run by Stephen at 23:39:47.68 on Thu 01/13/2011
Internet Explorer: 8.0.6001.18999
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1915.1088 [GMT -8:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Stephen\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [cdloader] "c:\users\stephen\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://games.pogo.com/online2/pogo/astropop/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll

============= SERVICES / DRIVERS ===============

R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-5-11 20384]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-16 40960]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-19 1153368]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-9-30 62776]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-30 7168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-30 30192]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-5-11 954368]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-9-30 9216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-01-14 07:18:19 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{6d99c918-1420-4357-ae44-89ddbd614e21}\mpengine.dll
2011-01-12 04:56:05 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2011-01-12 04:56:05 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
2011-01-12 04:56:05 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 04:56:05 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
2011-01-12 04:56:05 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2011-01-12 04:56:05 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2011-01-12 00:46:39 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-08 09:05:43 -------- d-sh--w- C:\$RECYCLE.BIN
2011-01-08 08:48:11 -------- d-----w- c:\users\stephen\appdata\local\temp
2011-01-08 08:14:09 98816 ----a-w- c:\windows\sed.exe
2011-01-08 08:14:09 89088 ----a-w- c:\windows\MBR.exe
2011-01-08 08:14:09 256512 ----a-w- c:\windows\PEV.exe
2011-01-08 08:14:09 161792 ----a-w- c:\windows\SWREG.exe
2011-01-08 08:09:11 -------- d-----w- C:\ComboFix
2011-01-07 01:09:40 -------- d-----w- c:\users\stephen\appdata\roaming\SUPERAntiSpyware.com
2011-01-07 01:09:40 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-01-07 01:09:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-06 22:55:24 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-01-06 22:42:40 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-01-06 22:42:38 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-01-06 22:42:09 -------- d-----w- c:\progra~2\Hitman Pro
2011-01-06 06:07:18 -------- d-----w- c:\users\stephen\appdata\roaming\AVG10
2011-01-06 06:04:55 -------- d--h--w- c:\progra~2\Common Files
2011-01-06 06:03:02 -------- d-----w- c:\progra~2\AVG10
2011-01-06 06:01:50 -------- d-----w- c:\program files\AVG
2011-01-06 05:57:17 -------- d-----w- c:\progra~2\MFAData
2011-01-06 05:51:16 -------- d-----w- c:\program files\CCleaner
2011-01-06 02:31:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-06 02:31:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-06 02:31:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-05 06:53:47 0 ----a-w- c:\windows\system32\drivers\sst89CA.tmp
2010-12-16 04:54:03 66048 ----a-w- c:\program files\windows mail\wabmig.exe
2010-12-16 04:54:03 515584 ----a-w- c:\program files\windows mail\wab.exe
2010-12-16 04:54:03 33280 ----a-w- c:\program files\windows mail\wabfind.dll
2010-12-16 04:54:01 2038272 ----a-w- c:\windows\system32\win32k.sys

==================== Find3M ====================

2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20:12 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-19 18:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-18 13:37:35 81920 ----a-w- c:\windows\system32\consent.exe

============= FINISH: 23:45:53.30 ===============

Attached Files



#6 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:35 PM

Posted 14 January 2011 - 07:31 PM

hi,

Based on your re-direction problem lets go with tdsskiller, and we will go from there. Right click the icon and "run as admin"

Please download TDSS Killer.exe and save it to your desktop
Double click to launch the utility. After it initializes click the start scan button.

Once the scan completes you can click the continue button.

"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."

"After clicking Next, the utility applies selected actions and outputs the result."

"A reboot might require after disinfection."

A report will be found in your Root drive Local Disk © as TDSSKiller.2.4.2.1_09.08.2010_17.32.21_log.txt (name, version, date, time)
Please post the log report

How Can I Reduce My Risk to Malware?


#7 green2000gt

green2000gt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 15 January 2011 - 01:07 AM

That seemed to do the trick, google is working now, I am still a little afraid to use my computer as I am worried about ID theft or some sort of keystroke logger that this malware could have installed, I am just scared to do any online banking or email and other stuff. Is their anything you guys see in these logs that indicate such? also before I ran combo fix I was having the fake virus/malware thing popping up but after combo fix that went away and the redirect stayed.

here is the tdds kill log





2011/01/14 21:48:42.0215 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11
2011/01/14 21:48:42.0215 ================================================================================
2011/01/14 21:48:42.0215 SystemInfo:
2011/01/14 21:48:42.0215
2011/01/14 21:48:42.0215 OS Version: 6.0.6002 ServicePack: 2.0
2011/01/14 21:48:42.0215 Product type: Workstation
2011/01/14 21:48:42.0215 ComputerName: STEPHEN-PC
2011/01/14 21:48:42.0215 UserName: Stephen
2011/01/14 21:48:42.0215 Windows directory: C:\Windows
2011/01/14 21:48:42.0215 System windows directory: C:\Windows
2011/01/14 21:48:42.0215 Processor architecture: Intel x86
2011/01/14 21:48:42.0215 Number of processors: 1
2011/01/14 21:48:42.0215 Page size: 0x1000
2011/01/14 21:48:42.0215 Boot type: Normal boot
2011/01/14 21:48:42.0215 ================================================================================
2011/01/14 21:48:42.0573 Initialize success
2011/01/14 21:48:47.0144 ================================================================================
2011/01/14 21:48:47.0144 Scan started
2011/01/14 21:48:47.0144 Mode: Manual;
2011/01/14 21:48:47.0144 ================================================================================
2011/01/14 21:48:48.0392 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/01/14 21:48:48.0439 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/01/14 21:48:48.0486 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/01/14 21:48:48.0595 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/01/14 21:48:48.0642 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/01/14 21:48:48.0813 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/01/14 21:48:48.0985 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/01/14 21:48:49.0141 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/01/14 21:48:49.0188 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/01/14 21:48:49.0328 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/01/14 21:48:49.0453 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/01/14 21:48:49.0515 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/01/14 21:48:49.0547 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/01/14 21:48:49.0593 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/01/14 21:48:49.0734 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/01/14 21:48:49.0859 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/01/14 21:48:49.0921 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/01/14 21:48:50.0015 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
2011/01/14 21:48:50.0139 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
2011/01/14 21:48:50.0327 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/01/14 21:48:50.0389 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/01/14 21:48:50.0514 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/01/14 21:48:50.0639 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/01/14 21:48:50.0685 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/01/14 21:48:50.0826 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/01/14 21:48:50.0857 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/01/14 21:48:50.0904 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/01/14 21:48:50.0919 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/01/14 21:48:51.0060 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/01/14 21:48:51.0403 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/01/14 21:48:51.0465 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/01/14 21:48:51.0543 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/01/14 21:48:51.0621 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/01/14 21:48:51.0777 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/01/14 21:48:51.0809 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/01/14 21:48:51.0902 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/01/14 21:48:52.0043 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/01/14 21:48:52.0074 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/01/14 21:48:52.0214 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/01/14 21:48:52.0370 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/01/14 21:48:52.0433 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/01/14 21:48:52.0589 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/01/14 21:48:52.0620 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/01/14 21:48:52.0776 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/01/14 21:48:52.0854 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2011/01/14 21:48:52.0979 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/01/14 21:48:53.0119 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/01/14 21:48:53.0244 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/01/14 21:48:53.0291 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/01/14 21:48:53.0447 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/01/14 21:48:53.0493 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/01/14 21:48:53.0618 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/01/14 21:48:53.0681 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/01/14 21:48:53.0696 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/01/14 21:48:53.0727 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/01/14 21:48:53.0837 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/01/14 21:48:53.0977 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/01/14 21:48:54.0024 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
2011/01/14 21:48:54.0102 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/01/14 21:48:54.0289 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/01/14 21:48:54.0367 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/01/14 21:48:54.0461 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/01/14 21:48:54.0507 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/01/14 21:48:54.0617 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/01/14 21:48:54.0663 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/01/14 21:48:54.0804 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2011/01/14 21:48:54.0866 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/01/14 21:48:54.0975 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/01/14 21:48:55.0053 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
2011/01/14 21:48:55.0163 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/01/14 21:48:55.0272 igfx (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/01/14 21:48:55.0381 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/01/14 21:48:55.0490 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
2011/01/14 21:48:55.0631 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/01/14 21:48:55.0662 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/01/14 21:48:55.0896 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/01/14 21:48:55.0958 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/01/14 21:48:55.0974 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/01/14 21:48:56.0067 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/01/14 21:48:56.0099 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/01/14 21:48:56.0208 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/01/14 21:48:56.0255 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/01/14 21:48:56.0333 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/01/14 21:48:56.0379 jswpslwf (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
2011/01/14 21:48:56.0442 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/01/14 21:48:56.0551 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/01/14 21:48:56.0598 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
2011/01/14 21:48:56.0723 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
2011/01/14 21:48:56.0785 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/01/14 21:48:56.0941 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/01/14 21:48:56.0988 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/01/14 21:48:57.0097 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/01/14 21:48:57.0159 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/01/14 21:48:57.0237 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/01/14 21:48:57.0284 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/01/14 21:48:57.0378 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/01/14 21:48:57.0487 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/01/14 21:48:57.0534 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/01/14 21:48:57.0643 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/01/14 21:48:57.0705 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/01/14 21:48:57.0783 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/01/14 21:48:57.0877 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/01/14 21:48:57.0908 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/01/14 21:48:58.0033 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/01/14 21:48:58.0064 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/01/14 21:48:58.0205 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/01/14 21:48:58.0236 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/01/14 21:48:58.0361 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/01/14 21:48:58.0392 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/01/14 21:48:58.0517 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/01/14 21:48:58.0563 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2011/01/14 21:48:58.0657 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/01/14 21:48:58.0797 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/01/14 21:48:58.0844 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/01/14 21:48:58.0969 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/01/14 21:48:59.0031 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/01/14 21:48:59.0094 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/01/14 21:48:59.0141 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/01/14 21:48:59.0281 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/01/14 21:48:59.0390 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/01/14 21:48:59.0437 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/01/14 21:48:59.0546 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/01/14 21:48:59.0671 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/01/14 21:48:59.0796 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/01/14 21:48:59.0827 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/01/14 21:48:59.0921 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/01/14 21:48:59.0967 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/01/14 21:49:00.0123 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/01/14 21:49:00.0170 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/01/14 21:49:00.0311 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/01/14 21:49:00.0420 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/01/14 21:49:00.0451 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/01/14 21:49:00.0576 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/01/14 21:49:00.0701 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/01/14 21:49:00.0732 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/01/14 21:49:00.0841 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/01/14 21:49:00.0872 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/01/14 21:49:00.0903 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/01/14 21:49:01.0059 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/01/14 21:49:01.0184 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/01/14 21:49:01.0293 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/01/14 21:49:01.0340 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/01/14 21:49:01.0449 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/01/14 21:49:01.0496 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
2011/01/14 21:49:01.0590 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/01/14 21:49:01.0730 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/01/14 21:49:01.0917 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/01/14 21:49:01.0949 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/01/14 21:49:02.0089 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/01/14 21:49:02.0183 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2011/01/14 21:49:02.0276 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/01/14 21:49:02.0370 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/01/14 21:49:02.0463 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/01/14 21:49:02.0495 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/01/14 21:49:02.0588 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/01/14 21:49:02.0713 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/01/14 21:49:02.0744 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/01/14 21:49:02.0853 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/01/14 21:49:02.0900 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/01/14 21:49:03.0025 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/01/14 21:49:03.0072 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/01/14 21:49:03.0165 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/01/14 21:49:03.0321 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/01/14 21:49:03.0431 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/01/14 21:49:03.0493 RTSTOR (f5825e41286556ddb8cc83a91d88f3c6) C:\Windows\system32\drivers\RTSTOR.SYS
2011/01/14 21:49:03.0618 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/01/14 21:49:03.0649 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/01/14 21:49:03.0743 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/01/14 21:49:03.0805 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/01/14 21:49:03.0852 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/01/14 21:49:03.0945 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/01/14 21:49:04.0055 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/01/14 21:49:04.0179 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/01/14 21:49:04.0211 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/01/14 21:49:04.0304 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/01/14 21:49:04.0398 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/01/14 21:49:04.0445 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/01/14 21:49:04.0554 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/01/14 21:49:04.0585 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/01/14 21:49:04.0710 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/01/14 21:49:04.0772 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/01/14 21:49:04.0881 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/01/14 21:49:04.0928 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/01/14 21:49:05.0037 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/01/14 21:49:05.0131 SVRPEDRV (3e4239b92139f7174a0da7d53fe5e1ab) C:\Windows\System32\sysprep\PEDrv.sys
2011/01/14 21:49:05.0256 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/01/14 21:49:05.0303 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/01/14 21:49:05.0396 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/01/14 21:49:05.0490 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/01/14 21:49:05.0630 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
2011/01/14 21:49:05.0802 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/01/14 21:49:05.0942 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/01/14 21:49:06.0036 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/01/14 21:49:06.0176 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/01/14 21:49:06.0285 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/01/14 21:49:06.0332 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/01/14 21:49:06.0457 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/01/14 21:49:06.0504 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/01/14 21:49:06.0707 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
2011/01/14 21:49:06.0785 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/01/14 21:49:06.0878 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/01/14 21:49:06.0925 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/01/14 21:49:06.0987 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/01/14 21:49:07.0097 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/01/14 21:49:07.0159 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/01/14 21:49:07.0315 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/01/14 21:49:07.0346 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/01/14 21:49:07.0471 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/01/14 21:49:07.0518 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/01/14 21:49:07.0611 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/01/14 21:49:07.0767 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/01/14 21:49:07.0814 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/01/14 21:49:07.0939 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/01/14 21:49:08.0033 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/01/14 21:49:08.0126 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/01/14 21:49:08.0189 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/01/14 21:49:08.0282 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/01/14 21:49:08.0329 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/01/14 21:49:08.0423 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/01/14 21:49:08.0485 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/01/14 21:49:08.0579 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/01/14 21:49:08.0641 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/01/14 21:49:08.0703 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/01/14 21:49:08.0797 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/01/14 21:49:08.0875 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/01/14 21:49:08.0953 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/01/14 21:49:09.0047 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/01/14 21:49:09.0156 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/01/14 21:49:09.0218 volsnap (006074d0c17c12a93b11e2777d4d4033) C:\Windows\system32\drivers\volsnap.sys
2011/01/14 21:49:09.0218 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: 006074d0c17c12a93b11e2777d4d4033, Fake md5: 147281c01fcb1df9252de2a10d5e7093
2011/01/14 21:49:09.0234 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/01/14 21:49:09.0327 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/01/14 21:49:09.0468 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/01/14 21:49:09.0499 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/14 21:49:09.0530 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/14 21:49:09.0671 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/01/14 21:49:09.0717 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/01/14 21:49:09.0889 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/01/14 21:49:10.0014 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/01/14 21:49:10.0107 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/01/14 21:49:10.0263 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/01/14 21:49:10.0341 ================================================================================
2011/01/14 21:49:10.0341 Scan finished
2011/01/14 21:49:10.0341 ================================================================================
2011/01/14 21:49:10.0357 Detected object count: 1
2011/01/14 21:49:33.0507 volsnap (006074d0c17c12a93b11e2777d4d4033) C:\Windows\system32\drivers\volsnap.sys
2011/01/14 21:49:33.0507 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: 006074d0c17c12a93b11e2777d4d4033, Fake md5: 147281c01fcb1df9252de2a10d5e7093
2011/01/14 21:49:33.0741 Backup copy found, using it..
2011/01/14 21:49:33.0757 C:\Windows\system32\drivers\volsnap.sys - will be cured after reboot
2011/01/14 21:49:33.0757 Rootkit.Win32.TDSS.tdl3(volsnap) - User select action: Cure
2011/01/14 21:49:51.0619 Deinitialize success

#8 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:35 PM

Posted 15 January 2011 - 02:06 PM

ok. good. Most likely any 'extra' malware, like a keylogger etc. would have been removed by a combonation of Malwarebyes, Spybot, combofix and Superantispyware. The rootkit component required another tool. The logs look ok. Note that the free version of malwarebytes must be updated manually and a scan started manually.
You can remove combofix like this;
start>run and type in;
combofix /uninstall
note the space after the x and before the /
You can delete the tdsskiller and gmer icon from your desktop.

my rootkit disclaimer;
You had a rootkit on your machine. Rootkits hide malicious files and components from traditional antivirus/antimalware software. They bury themselves deep in the operating system. Special software is needed to detect and remove them. Even if symptoms are gone and logs are clean its still not a 100% guarantee that your machine is clean once a rootkit has been detected and removed. You should consider a reformat/reinstall of Windows.
The best source for information on how to do this would be the computer manufacturers website.

If all is good on your end, some info for you;

10 Tips for Prevention and Avoidance of Malware:
There is no reason why your computer can not stay malware free.


No software can think for you. Help yourself. In no special order:

1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the Windows auto-update feature. Staying updated is also essential for other web based applications like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Use the auto-update features available in most software. Not sure if you are using the latest version of software? Check their version status and get the updates here.

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing Tricks.

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.

8) Install and understand the *limitations* of a software firewall.

9) A tool for automatically hardening and securing Internet Explorer 8.0. Requires site registration for downloading. Changes some of the default settings of IE 8.0, Read the FAQ's. Or see a slide show Here and do it yourself. How to harden FireFox. for safer surfing.

10) Warez, cracks etc are very popular for carrying malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks you will encounter malware. Can you really trust the source of the file?


More info/tips with pictures, links below

Happy Safe Surfing.

How Can I Reduce My Risk to Malware?


#9 green2000gt

green2000gt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 15 January 2011 - 06:17 PM

Ok, thank you for all your help, I was thinking about reinstalling windows, I have to have the windows cd that came with my computer to do so correct?
I am having a hard time finding mine

#10 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:35 PM

Posted 15 January 2011 - 08:36 PM

I have to have the windows cd

Not necessarily, your machine may have a recovery partition on the HD.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users