Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus blocking Anti-Virus Updates


  • This topic is locked This topic is locked
31 replies to this topic

#1 marksb1

marksb1

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 03 August 2011 - 09:04 PM

I've been working with Broni to resolve a bad rootkit that redirected Google searches. Topic referenced is here: http://www.bleepingcomputer.com/forums/topic412203.html ~ OB These appear to have been resolved; however, my CA Internet Security Suite 2010 Anti-virus updates have failed to install since being infected (July 27th). My Anti-spyware updates without issue. Updates also fail for Spy-Bot Search & Destroy, and my Deltek Vision application that allows me to connect/access the network at my office. All worked fine prior to infection.

Sought solutions at the CA website, but all continue to display an error message that the installation had failed.

Need help fast.

Attached Files


Edited by Orange Blossom, 04 August 2011 - 06:26 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,933 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:11 PM

Posted 10 August 2011 - 04:27 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 marksb1

marksb1
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 10 August 2011 - 05:20 PM

Hi elise025,

The Google Redirect virus appears to have been resolved, but since being infected, my SpyBot and CA Internet Security Suite 2010 fail to update. Also, my Deltek Vision application used to connect to the network where I work no longer permits me access.

Here is the latest dds.log and attach.txt files I just ran:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Mark at 17:43:09 on 2011-08-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.469 [GMT -4:00]
.
AV: CA Anti-Virus *Enabled/Updated* {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.optimum.net/
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Run StartupMonitor] StartupMonitor.exe
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: &Translate English Word
IE: Backward Links
IE: Cached Snapshot of Page
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Similar Pages
IE: Translate Page into English
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} -
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
TCP: Interfaces\{6E8AB720-F6E1-4369-BFEB-ACB3098D818F} : DhcpNameServer = 167.206.245.129 167.206.245.130
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-12 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2010-12-27 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2010-12-27 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2010-12-27 746216]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2010-12-27 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2010-12-27 161008]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2010-12-27 144696]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2010-12-27 255312]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2010-12-27 185680]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2010-12-27 130280]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-2 136176]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-2 136176]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-11 14336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-11 14336]
S4 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-7-3 353168]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-6-6 90352]
.
=============== Created Last 30 ================
.
2011-08-03 23:29:40 -------- d-----w- c:\program files\WOT
2011-08-03 00:07:52 -------- d-----w- c:\documents and settings\mark\local settings\application data\Google
2011-07-30 15:52:48 -------- d-----w- c:\documents and settings\mark\application data\SUPERAntiSpyware.com
2011-07-30 15:52:48 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-07-30 15:52:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-29 02:07:36 -------- d-----w- c:\documents and settings\mark\application data\Malwarebytes
2011-07-29 02:07:24 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-29 02:07:23 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-07-29 02:07:16 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-29 02:07:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-29 00:34:25 -------- d-----w- c:\documents and settings\all users\application data\IObit
2011-07-28 23:22:33 -------- d-----w- c:\documents and settings\all users\application data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-07-28 23:09:24 -------- d-----w- c:\documents and settings\mark\local settings\application data\PackageAware
2011-07-28 03:57:51 -------- d-----w- c:\documents and settings\mark\application data\ElevatedDiagnostics
2011-07-28 02:08:19 -------- d-----w- c:\program files\ESET
2011-07-27 21:48:52 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-07-27 21:48:51 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2011-08-05 01:46:48 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2011-08-04 01:01:11 746216 ----a-w- c:\windows\system32\drivers\vetefile.sys
2011-08-04 01:01:11 130280 ----a-w- c:\windows\system32\drivers\veteboot.sys
2011-06-14 23:03:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-16 13:45:30 7040 ----a-w- c:\windows\system32\sabprocenum.sys
2003-05-02 01:06:38 127488 --shatw- c:\windows\system32\ltimg11n.dll
.
============= FINISH: 17:43:59.56 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/27/2006 10:27:18 PM
System Uptime: 8/6/2011 7:02:52 PM (94 hours ago)
.
Motherboard: Dell Inc. | | 0WG261
Processor: Intel® Pentium® 4 CPU 3.20GHz | Microprocessor | 3192/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 71 GiB total, 40.811 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: TI Technologies Inc.
Description: RADEON X300 SE 128MB HyperMemory Secondary
Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_06031002&REV_00\4&1603E009&0&0108
Manufacturer: ATI Technologies Inc.
Name: RADEON X300 SE 128MB HyperMemory Secondary
PNP Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_06031002&REV_00\4&1603E009&0&0108
Service: ati2mtag
.
==== System Restore Points ===================
.
RP1: 8/3/2011 6:33:00 AM - System Checkpoint
RP2: 8/3/2011 6:39:24 AM - Software Distribution Service 3.0
RP3: 8/3/2011 7:29:39 PM - Installed WOT for Internet Explorer
RP4: 8/4/2011 10:46:16 PM - System Checkpoint
RP5: 8/5/2011 10:55:38 PM - System Checkpoint
RP6: 8/7/2011 2:02:14 AM - System Checkpoint
RP7: 8/8/2011 2:07:26 AM - System Checkpoint
RP8: 8/9/2011 3:07:27 AM - System Checkpoint
RP9: 8/10/2011 4:07:26 AM - System Checkpoint
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.0)
Advanced SystemCare 4
Andrea VoiceCenter
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Atlas of World History
Bonjour
CA Anti-Spyware
CA Anti-Virus
CA Internet Security Suite
CA Pest Patrol Realtime Protection
Cablenut 4.08
Calculator Powertoy for Windows XP
CCleaner
CinepPlayer 30 Update
CleanCache 3.5
Conexant D850 56K V.9x DFVc Modem
Defraggler
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Resource CD
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
Driver Detective
Driver Genius Professional Edition 2007
DustBuster 2.9.5.1
EasyCleaner
EducateU
ELIcon
Error Messages for Windows
Free Registry Defrag
GeoGebra
getPlus® for Adobe
Google Toolbar for Internet Explorer
Google Update Helper
Graph 4.3
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
hp LaserJet 1160/1320 series
HP Product Detection
HP Software Update
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
iTunes
IZArc 3.81
Java™ 6 Update 26
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware version 1.51.1.1800
MCU
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Word Supplemental Templates and Wizards
Modem Helper
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
MSXML 6 Service Pack 2 (KB973686)
NetWaiting
OGA Notifier 2.0.0048.0
Passwords Plus
PB/CC 4.01
PB/CC 4.04
PC Pitstop Disk MD 2.0
PC Pitstop Optimize3 3.0
Photo Click
Photo Story 3 for Windows
PrintScreen
Registry Mechanic 5.2
Revo Uninstaller 1.92
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Task Manager 1.8d
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Sonic Activation Module
Sonic Advanced Decoder
Sonic MyDVD
Sonic Update Manager
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
StartupMonitor
SUPERAntiSpyware
System Requirements Lab for Intel
Tire Size Comparator
Uninstall Startup Inspector
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951978)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
URL Assistant
WebCyberCoach 3.2 Dell
WebFldrs XP
West Point Bridge Designer 2011 (2nd Edition) (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Service Pack 3
WinPcap 4.0.2
Wise Disk Cleaner 5.93
Wise Registry Cleaner 5.9.4
WOT for Internet Explorer
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
8/3/2011 6:39:57 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800704c7: Hewlett-Packard - Printing - hp LaserJet 1320 series (DOT4USB).
8/3/2011 1:23:49 AM, error: Dhcp [1002] - The IP address lease 192.168.100.2 for the Network Card with network address 00123FCE3C92 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
8/3/2011 1:10:48 AM, error: Dhcp [1002] - The IP address lease 173.3.0.115 for the Network Card with network address 00123FCE3C92 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,933 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:11 PM

Posted 11 August 2011 - 07:05 AM

Hi again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 marksb1

marksb1
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 11 August 2011 - 05:56 PM

elise025,

I downloaded Combofix and disabled my CA Internet Security Suite 2010, but when I ran Combofix, it would not continue because it's message said that I must uninstall CA Security Suite 2010. I don't want to have to completely uninstall it because it was such a headache to only install its Antivirus and AntiSpyware. The rest of the suite just slowed down my computer and I had to call CA to help me uninstall the rest of the suite. Since it is free from my ISP, I don't mind trying some other good free low resource antispyware/antivirus (AVIRA?, etc) that you recommend.

Another piece of information that may be useful:

My Windows automatic update tried and failed to install: Security Update NET.Framework 2.0 SP2 (KB2539631)

and

I previously ran Advanced SystemCare 4 (Iobit) "Security Holes Scanner" that failed to complete its scan due to an error (the message did specifically say what that erroe was).

Awaiting your reply.

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,933 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:11 PM

Posted 12 August 2011 - 04:12 AM

You need indeed to uninstall CA. Personally I recommend Avira over CA, even if Avira is free and CA not.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 marksb1

marksb1
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 12 August 2011 - 09:58 PM

elise025,

I uninstalled CA Internet Secirity Suite 2010 and installed Avira after I ran Combofix. Here is the log:

ComboFix 11-08-12.01 - Mark 08/12/2011 22:17:46.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.517 [GMT -4:00]
Running from: c:\documents and settings\Mark\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mark II\GoToAssistDownloadHelper.exe
c:\documents and settings\Mark\WINDOWS
c:\documents and settings\Steven\WINDOWS
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\Downloaded Program Files\Temp
c:\windows\iun6002.exe
c:\windows\system32\regobj.dll
c:\windows\UNWISE.EXE
.
.
((((((((((((((((((((((((( Files Created from 2011-07-13 to 2011-08-13 )))))))))))))))))))))))))))))))
.
.
2011-08-03 23:29 . 2011-08-03 23:29 -------- d-----w- c:\program files\WOT
2011-08-03 22:01 . 2011-08-03 22:02 -------- d-----w- c:\documents and settings\Mark II\Local Settings\Application Data\Google
2011-08-03 21:41 . 2011-08-03 21:41 -------- d-----w- c:\documents and settings\Steven\Local Settings\Application Data\Google
2011-08-03 00:07 . 2011-08-03 00:09 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\Google
2011-08-03 00:07 . 2011-08-03 00:08 -------- d-----w- c:\program files\Google
2011-07-30 15:52 . 2011-07-30 15:52 -------- d-----w- c:\documents and settings\Mark\Application Data\SUPERAntiSpyware.com
2011-07-30 15:52 . 2011-07-30 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-07-30 15:52 . 2011-07-30 19:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-29 02:07 . 2011-07-29 02:07 -------- d-----w- c:\documents and settings\Mark\Application Data\Malwarebytes
2011-07-29 02:07 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-29 02:07 . 2011-07-29 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-29 02:07 . 2011-07-31 12:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-29 02:07 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-29 00:34 . 2011-07-29 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-07-28 23:22 . 2011-07-28 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-07-28 23:09 . 2011-07-28 23:09 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\PackageAware
2011-07-28 03:57 . 2011-07-28 03:57 -------- d-----w- c:\documents and settings\Mark\Application Data\ElevatedDiagnostics
2011-07-28 02:08 . 2011-07-28 02:08 -------- d-----w- c:\program files\ESET
2011-07-27 21:48 . 2011-07-27 21:48 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-05 01:46 . 2008-11-09 16:00 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2011-07-15 13:29 . 2006-03-22 20:53 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-11 22:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2004-08-11 22:11 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-11 22:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-11 22:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-11 22:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-11 22:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-14 23:03 . 2011-05-15 10:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2004-08-11 22:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-16 13:45 . 2011-05-16 13:45 7040 ----a-w- c:\windows\system32\sabprocenum.sys
2003-05-02 01:06 127488 --shatw- c:\windows\system32\ltimg11n.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 86016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati HotKey Poller"=2 (0x2)
"AdvancedSystemCareService"=2 (0x2)
"Bonjour Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
"PC Pitstop Optimize2 Reminder"=c:\program files\PCPitstop\Disk MD\Reminder.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Adobe\\Acrobat.com\\Acrobat.com.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/12/2011 5:55 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/2/2011 8:08 PM 136176]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/2/2011 8:08 PM 136176]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/11/2004 6:00 PM 14336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 4:22 PM 34064]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/11/2004 6:00 PM 14336]
S4 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [7/3/2011 9:09 AM 353168]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [6/6/2009 1:01 PM 90352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-13 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-07-03 18:46]
.
2011-08-12 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2011-07-07 05:40]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-03 00:07]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-03 00:07]
.
2009-12-05 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2006-04-05 20:31]
.
2009-12-05 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-02-10 20:31]
.
2011-08-13 c:\windows\Tasks\User_Feed_Synchronization-{095830A3-1F16-479D-A487-5CE6F059282E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.optimum.net/
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
IE: &Translate English Word
IE: Backward Links
IE: Cached Snapshot of Page
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Similar Pages
IE: Translate Page into English
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-12 22:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1114449577-3290664318-2266792691-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(772)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-08-12 22:24:04
ComboFix-quarantined-files.txt 2011-08-13 02:24
.
Pre-Run: 43,258,060,800 bytes free
Post-Run: 43,232,591,872 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 6B62A05E3B1E70061EA441F38F92DC97



Awaiting your next reply.

Mark
Awaiting your next reply.

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,933 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:11 PM

Posted 13 August 2011 - 03:02 AM

Hi, how are things running at this point?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 marksb1

marksb1
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 13 August 2011 - 07:54 AM

elise025,

My Avira updates seem to work, but I still can not update my SpyBot-Search & Destroy and Windows Automatic Security Update NET.Framework 2.0 SP2 (KB2539631). They both fail to install. I also can not access my Deltek Vision application used to connect to the network where I work. The message says I need to install NET.Framework 3.5 SP1, but it's already installed. Does this mean that I should completely uninstall SpyBot and NET.Framework and try a fresh install?

Your guidance is appreciated.

Mark

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,933 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:11 PM

Posted 13 August 2011 - 08:07 AM

Can you please redownload and rerun TDSSkiller. Post me the new log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 marksb1

marksb1
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 13 August 2011 - 08:43 AM

elise025,

Here is the TDSSkiller log:

2011/08/13 09:37:36.0406 2844 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/13 09:37:36.0640 2844 ================================================================================
2011/08/13 09:37:36.0640 2844 SystemInfo:
2011/08/13 09:37:36.0640 2844
2011/08/13 09:37:36.0640 2844 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/13 09:37:36.0640 2844 Product type: Workstation
2011/08/13 09:37:36.0640 2844 ComputerName: MSBUJTAS-1
2011/08/13 09:37:36.0640 2844 UserName: Mark
2011/08/13 09:37:36.0640 2844 Windows directory: C:\WINDOWS
2011/08/13 09:37:36.0640 2844 System windows directory: C:\WINDOWS
2011/08/13 09:37:36.0640 2844 Processor architecture: Intel x86
2011/08/13 09:37:36.0640 2844 Number of processors: 2
2011/08/13 09:37:36.0640 2844 Page size: 0x1000
2011/08/13 09:37:36.0640 2844 Boot type: Normal boot
2011/08/13 09:37:36.0640 2844 ================================================================================
2011/08/13 09:37:37.0843 2844 Initialize success
2011/08/13 09:37:42.0312 1920 ================================================================================
2011/08/13 09:37:42.0312 1920 Scan started
2011/08/13 09:37:42.0312 1920 Mode: Manual;
2011/08/13 09:37:42.0312 1920 ================================================================================
2011/08/13 09:37:43.0531 1920 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/08/13 09:37:43.0593 1920 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/13 09:37:43.0625 1920 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/13 09:37:43.0687 1920 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/08/13 09:37:43.0734 1920 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/13 09:37:43.0812 1920 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/13 09:37:43.0859 1920 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/08/13 09:37:43.0875 1920 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/08/13 09:37:43.0906 1920 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/08/13 09:37:43.0937 1920 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/08/13 09:37:43.0953 1920 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/08/13 09:37:44.0000 1920 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/08/13 09:37:44.0046 1920 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/08/13 09:37:44.0062 1920 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/08/13 09:37:44.0109 1920 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/08/13 09:37:44.0156 1920 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/08/13 09:37:44.0187 1920 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/08/13 09:37:44.0203 1920 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/08/13 09:37:44.0265 1920 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/13 09:37:44.0281 1920 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/13 09:37:44.0375 1920 ati2mtag (a7dd7088e2c987dbcb3f4d6d56f723bd) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/08/13 09:37:44.0578 1920 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/13 09:37:44.0656 1920 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/13 09:37:44.0796 1920 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/08/13 09:37:44.0843 1920 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/08/13 09:37:44.0890 1920 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/08/13 09:37:44.0921 1920 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/13 09:37:45.0125 1920 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/08/13 09:37:45.0140 1920 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/13 09:37:45.0187 1920 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/08/13 09:37:45.0218 1920 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/13 09:37:45.0250 1920 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/13 09:37:45.0265 1920 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/13 09:37:45.0343 1920 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/08/13 09:37:45.0375 1920 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/08/13 09:37:45.0421 1920 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
2011/08/13 09:37:45.0468 1920 ctsfm2k (fcbb8ea6fe935d2c531d3a4dee9f985b) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2011/08/13 09:37:45.0531 1920 CTUSFSYN (12a7b253f9128b3b68a9979827047b76) C:\WINDOWS\system32\drivers\ctusfsyn.sys
2011/08/13 09:37:45.0562 1920 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/08/13 09:37:45.0625 1920 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/08/13 09:37:45.0671 1920 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/13 09:37:45.0718 1920 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/08/13 09:37:45.0734 1920 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/08/13 09:37:45.0750 1920 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/08/13 09:37:45.0765 1920 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/08/13 09:37:45.0796 1920 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/08/13 09:37:45.0812 1920 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/08/13 09:37:45.0828 1920 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/08/13 09:37:45.0843 1920 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/08/13 09:37:45.0859 1920 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/08/13 09:37:45.0906 1920 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/13 09:37:46.0078 1920 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/13 09:37:46.0109 1920 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/13 09:37:46.0171 1920 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/13 09:37:46.0234 1920 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/08/13 09:37:46.0296 1920 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/08/13 09:37:46.0359 1920 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2011/08/13 09:37:46.0406 1920 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/08/13 09:37:46.0453 1920 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/13 09:37:46.0468 1920 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/08/13 09:37:46.0484 1920 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/08/13 09:37:46.0625 1920 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/08/13 09:37:46.0687 1920 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/08/13 09:37:46.0750 1920 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/08/13 09:37:46.0796 1920 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/13 09:37:46.0843 1920 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/13 09:37:46.0859 1920 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/13 09:37:46.0890 1920 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/13 09:37:46.0921 1920 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/13 09:37:46.0953 1920 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/13 09:37:47.0000 1920 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/13 09:37:47.0031 1920 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/08/13 09:37:47.0093 1920 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/13 09:37:47.0156 1920 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/13 09:37:47.0218 1920 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/13 09:37:47.0250 1920 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/08/13 09:37:47.0281 1920 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/08/13 09:37:47.0375 1920 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/08/13 09:37:47.0625 1920 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/13 09:37:47.0687 1920 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/08/13 09:37:47.0734 1920 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/08/13 09:37:47.0750 1920 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/13 09:37:47.0828 1920 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/08/13 09:37:47.0921 1920 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/13 09:37:47.0984 1920 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/08/13 09:37:48.0031 1920 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/13 09:37:48.0078 1920 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/13 09:37:48.0109 1920 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/13 09:37:48.0156 1920 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/13 09:37:48.0187 1920 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/13 09:37:48.0234 1920 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/13 09:37:48.0312 1920 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/13 09:37:48.0359 1920 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/13 09:37:48.0390 1920 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/13 09:37:48.0453 1920 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/13 09:37:48.0484 1920 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/13 09:37:48.0546 1920 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/13 09:37:48.0593 1920 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/13 09:37:48.0656 1920 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/08/13 09:37:48.0671 1920 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/13 09:37:48.0718 1920 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/13 09:37:48.0734 1920 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/08/13 09:37:48.0750 1920 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/13 09:37:48.0812 1920 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/13 09:37:48.0921 1920 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/13 09:37:48.0968 1920 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/08/13 09:37:49.0015 1920 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/13 09:37:49.0046 1920 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/13 09:37:49.0093 1920 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/13 09:37:49.0125 1920 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/13 09:37:49.0156 1920 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/13 09:37:49.0171 1920 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/13 09:37:49.0203 1920 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/13 09:37:49.0234 1920 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/13 09:37:49.0250 1920 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/13 09:37:49.0296 1920 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/13 09:37:49.0312 1920 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/13 09:37:49.0328 1920 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/13 09:37:49.0375 1920 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/13 09:37:49.0375 1920 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/13 09:37:49.0421 1920 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/13 09:37:49.0484 1920 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/08/13 09:37:49.0531 1920 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
2011/08/13 09:37:49.0562 1920 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/13 09:37:49.0578 1920 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/13 09:37:49.0609 1920 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/13 09:37:49.0718 1920 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/13 09:37:49.0968 1920 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/13 09:37:50.0015 1920 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/13 09:37:50.0078 1920 ossrv (3649eefa90990249267dd6c7808cbc86) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2011/08/13 09:37:50.0140 1920 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/13 09:37:50.0203 1920 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/13 09:37:50.0250 1920 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/13 09:37:50.0281 1920 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/13 09:37:50.0312 1920 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/13 09:37:50.0343 1920 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/13 09:37:50.0437 1920 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/08/13 09:37:50.0453 1920 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/08/13 09:37:50.0515 1920 PfModNT (d9ed17ac15720096a9f92ff4ea587b09) C:\WINDOWS\system32\drivers\PfModNT.sys
2011/08/13 09:37:50.0562 1920 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/13 09:37:50.0578 1920 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/13 09:37:50.0593 1920 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/13 09:37:50.0625 1920 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/13 09:37:50.0671 1920 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/08/13 09:37:50.0687 1920 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/08/13 09:37:50.0718 1920 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/08/13 09:37:50.0734 1920 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/08/13 09:37:50.0765 1920 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/08/13 09:37:50.0828 1920 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/13 09:37:50.0859 1920 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/13 09:37:50.0875 1920 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/13 09:37:50.0890 1920 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/13 09:37:50.0921 1920 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/13 09:37:50.0937 1920 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/13 09:37:50.0968 1920 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/13 09:37:51.0093 1920 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/13 09:37:51.0171 1920 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/13 09:37:51.0343 1920 SASDIFSV (4bfbb868c869a4f8486d4c36849d59cf) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/13 09:37:51.0359 1920 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/13 09:37:51.0437 1920 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/13 09:37:51.0484 1920 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/13 09:37:51.0515 1920 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/13 09:37:51.0562 1920 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/13 09:37:51.0656 1920 sigfilt (6bd3976b881888ac9a0ed3eb94e7fd38) C:\WINDOWS\system32\drivers\sigfilt.sys
2011/08/13 09:37:51.0812 1920 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/08/13 09:37:51.0859 1920 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/08/13 09:37:51.0921 1920 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/13 09:37:51.0968 1920 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/13 09:37:52.0046 1920 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/13 09:37:52.0093 1920 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/08/13 09:37:52.0140 1920 STHDA (b95480c92c4c9c311be47b8a1ad73770) C:\WINDOWS\system32\drivers\sthda.sys
2011/08/13 09:37:52.0187 1920 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/13 09:37:52.0265 1920 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/13 09:37:52.0296 1920 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/08/13 09:37:52.0375 1920 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/08/13 09:37:52.0421 1920 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/08/13 09:37:52.0453 1920 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/08/13 09:37:52.0484 1920 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/13 09:37:52.0562 1920 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/13 09:37:52.0609 1920 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/13 09:37:52.0625 1920 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/13 09:37:52.0671 1920 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/13 09:37:52.0734 1920 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/08/13 09:37:52.0781 1920 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
2011/08/13 09:37:52.0828 1920 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/13 09:37:52.0859 1920 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/08/13 09:37:52.0921 1920 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/13 09:37:53.0015 1920 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/13 09:37:53.0046 1920 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/13 09:37:53.0093 1920 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/13 09:37:53.0156 1920 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/13 09:37:53.0171 1920 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/13 09:37:53.0218 1920 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/13 09:37:53.0250 1920 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/13 09:37:53.0296 1920 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/13 09:37:53.0343 1920 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/13 09:37:53.0390 1920 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/13 09:37:53.0453 1920 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/08/13 09:37:53.0484 1920 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/08/13 09:37:53.0578 1920 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/13 09:37:53.0609 1920 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/13 09:37:53.0687 1920 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/13 09:37:53.0750 1920 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/08/13 09:37:53.0875 1920 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/13 09:37:53.0921 1920 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/13 09:37:53.0937 1920 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/13 09:37:53.0984 1920 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
2011/08/13 09:37:54.0000 1920 Boot (0x1200) (91553ee5f485b5c3e5913db5349fc7ce) \Device\Harddisk0\DR0\Partition0
2011/08/13 09:37:54.0000 1920 ================================================================================
2011/08/13 09:37:54.0000 1920 Scan finished
2011/08/13 09:37:54.0000 1920 ================================================================================
2011/08/13 09:37:54.0015 0536 Detected object count: 0
2011/08/13 09:37:54.0015 0536 Actual detected object count: 0

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,933 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:11 PM

Posted 13 August 2011 - 09:01 AM

Can you also please rerun GMER and post me the new log?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 marksb1

marksb1
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 13 August 2011 - 11:47 AM

elise025,

Here is the GMER.log results:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-13 12:44:21
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD800JD-75MSA1 rev.10.01E01
Running: 04-Ghost Name.exe; Driver: C:\DOCUME~1\Mark\LOCALS~1\Temp\agryqpog.sys


---- System - GMER 1.0.15 ----

SSDT F7C6D1E6 ZwCreateKey
SSDT F7C6D1DC ZwCreateThread
SSDT F7C6D1EB ZwDeleteKey
SSDT F7C6D1F5 ZwDeleteValueKey
SSDT F7C6D1FA ZwLoadKey
SSDT F7C6D1C8 ZwOpenProcess
SSDT F7C6D1CD ZwOpenThread
SSDT F7C6D204 ZwReplaceKey
SSDT F7C6D1FF ZwRestoreKey
SSDT F7C6D1F0 ZwSetValueKey

Code \??\C:\DOCUME~1\Mark\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\sigfilt.sys entry point in "init" section [0xF4868F80]
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
? C:\DOCUME~1\Mark\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat B974CD20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,933 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:11 PM

Posted 13 August 2011 - 01:42 PM

Hi, that all looks good!

We need to scan the system with this special tool:

* Please download and save:

Junction.zip

* Unzip it and place Junction.exe in the Windows directory (C:\Windows).
* Go to Start => Run... => Copy and paste the following command in the Run box and click OK:

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system. Wait until a log file opens. Copy and paste the log in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 marksb1

marksb1
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 13 August 2011 - 08:38 PM

elise025,

I ran junction and here is the log:

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.

.. Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ff3d4533c1dd34f5c3ff79b42c4cbb1_50e417e0-e461-474b-96e2-077b80325612: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\27b8ffe93953a22911f5339050e8b703_50e417e0-e461-474b-96e2-077b80325612: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5ea0ad5998ae57c8dcb8ad3c89f71bbe_50e417e0-e461-474b-96e2-077b80325612: Access is denied.

. ... ... ... ... ... Failed to open \\?\c:\\Documents and Settings\Mark II\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db: Access is denied.

Failed to open \\?\c:\\Documents and Settings\Mark II\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db.shadow: Access is denied.

... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... Failed to open \\?\c:\\Qoobox\BackEnv: Access is denied.

... ... ... ... \\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

... ... ... ... ... ... ... ... ... ... ...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users