Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect virus - all browsers


  • This topic is locked This topic is locked
41 replies to this topic

#1 PAFC

PAFC

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 02 June 2012 - 06:40 PM

I began getting "get answers fast" redirects on google chrome, followed by the same on Mozilla Firefox, then IE Explorer. I have explored this and other sites for answers and tried uninstalling browsers and reinstalling (except IE Explorer, which I "reset" via tools. Nothing has worked. I also noticed that replies on this site seem individualized to each user with publications of logs and whatnot, hence the new topic. I am a pretty savvy computer user - this virus likely infected my computer as a result of my kid playing online free games (grrr). Additionally, I am unable to enable Windows Firewall as instructed in the preparation guide.

Any assistance is much appreciated!

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:29 AM

Posted 02 June 2012 - 06:54 PM

Hi,

Please do the following:



Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 PAFC

PAFC
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 02 June 2012 - 07:40 PM

THX! Here it is in order by your reply:

DDS
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Owner at 20:06:10 on 2012-06-02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.991 [GMT -4:00]
.
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}
.
============== Running Processes ===============
.
C:\Program Files\Webroot\WRSA.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\VERIZONDM\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\VERIZONDM\bin\tgsrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Webroot\WRSA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\VERIZONDM\bin\sprtcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Rocketfish HD Webcam\Live! Central\RFLVCentral2.exe
C:\WINDOWS\V0650Mon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: MRI_DISABLED - No File
BHO: HP Smart BHO Class - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~2\VERIZO~1.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~2\VERIZO~1.DLL
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: MRI_DISABLED - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Adobe] rundll32.exe "c:\documents and settings\owner.notebook\local settings\application data\apple\adobe\ipemm.dll",DllRegisterServer
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe
mRun: [SigmatelSysTrayApp] "c:\windows\stsystra.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] "c:\windows\system32\dla\tfswctrl.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Broadcom Wireless Manager UI] "c:\windows\system32\WLTRAY.exe"
mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Rocket Live! Central 2] "c:\program files\rocketfish hd webcam\live! central\RFLVCentral2.exe" /mode2
mRun: [V0650Mon.exe] "c:\windows\V0650Mon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -ul
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [Adobe] rundll32.exe "c:\documents and settings\owner.notebook\local settings\application data\apple\adobe\ipemm.dll",DllRegisterServer
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mri_di~1\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mri_di~1\hotsyn~1.lnk - c:\program files\palm\HotSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mri_di~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mri_di~1\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1326655624093
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EB86B6E7-9AF2-4DA8-96B7-39037386F6E6} : DhcpNameServer = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner.notebook\application data\mozilla\firefox\profiles\8aahkil9.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\stamps.com web postage plug-in\npsdcwc.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2012-2-13 111184]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2010-10-13 290832]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2010-6-11 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2010-6-11 185640]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 WRSVC;WRSVC;c:\program files\webroot\WRSA.exe [2012-2-13 679672]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2012-1-14 144640]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-24 135664]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-24 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-2 129976]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\drivers\tascusb2.sys [2010-5-16 386560]
S3 TASCAM_US122L_MK2_MIDI;TASCAM US-122L mk2 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2010-5-16 20992]
S3 TASCAM_US122L_MK2_WDM;TASCAM US-122L mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys [2010-5-16 33792]
S3 V0650Afx;Rocketfish HD Webcam Audio Effects Driver;c:\windows\system32\drivers\V0650Afx.sys [2012-1-14 160256]
S3 V0650Vid;Rocketfish HD Webcam Driver;c:\windows\system32\drivers\V0650Vid.sys [2012-1-14 322176]
.
=============== Created Last 30 ================
.
2012-06-02 22:08:49 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-06-02 22:08:47 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-06-02 22:08:44 588728 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-06-02 22:08:44 43960 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-06-02 22:08:44 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-06-02 22:08:44 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-05-30 21:20:43 -------- d-----w- c:\documents and settings\owner.notebook\local settings\application data\PowerDVD
2012-05-30 11:41:26 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{b5f1cf54-565a-4c90-9baf-5d6ff052b5d8}\mpengine.dll
2012-05-23 23:18:55 -------- d-----w- c:\program files\CCleaner
2012-05-23 15:50:46 -------- d-----w- C:\ansfast
.
==================== Find3M ====================
.
2012-05-20 23:26:06 148216 ----a-w- c:\windows\system32\WRusr.dll
2012-05-20 23:26:06 111184 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2012-05-18 20:52:02 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys
2012-05-18 20:52:01 88 --sh--r- c:\windows\system32\892782CE4D.sys
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 20:07:11.37 ===============
Attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 7/18/2006 9:46:04 PM
System Uptime: 5/28/2012 9:14:17 AM (131 hours ago)
.
Motherboard: Dell Inc. | | 0XD720
Processor: Genuine Intel® CPU T1350 @ 1.86GHz | Microprocessor | 1862/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 39 GiB total, 3.284 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.887 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart Premium C309g-m
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart Premium C309g-m
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart Prem-Web C309n-s
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Photosmart Prem-Web C309n-s
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 9050
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: Hewlett-Packard
Name: hp LaserJet 9050
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet 2840
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet 2840
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 2430
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer: Hewlett-Packard
Name: hp LaserJet 2430
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet CP3525
Device ID: ROOT\MULTIFUNCTION\0005
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CP3525
PNP Device ID: ROOT\MULTIFUNCTION\0005
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet CM1312nfi MFP
Device ID: ROOT\MULTIFUNCTION\0006
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CM1312nfi MFP
PNP Device ID: ROOT\MULTIFUNCTION\0006
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 9050
Device ID: ROOT\MULTIFUNCTION\0007
Manufacturer: Hewlett-Packard
Name: hp LaserJet 9050
PNP Device ID: ROOT\MULTIFUNCTION\0007
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 2430
Device ID: ROOT\MULTIFUNCTION\0008
Manufacturer: Hewlett-Packard
Name: hp LaserJet 2430
PNP Device ID: ROOT\MULTIFUNCTION\0008
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet P3005
Device ID: ROOT\MULTIFUNCTION\0009
Manufacturer: Hewlett-Packard
Name: HP LaserJet P3005
PNP Device ID: ROOT\MULTIFUNCTION\0009
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 9050
Device ID: ROOT\MULTIFUNCTION\0010
Manufacturer: Hewlett-Packard
Name: hp LaserJet 9050
PNP Device ID: ROOT\MULTIFUNCTION\0010
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet P3005
Device ID: ROOT\MULTIFUNCTION\0011
Manufacturer: Hewlett-Packard
Name: HP LaserJet P3005
PNP Device ID: ROOT\MULTIFUNCTION\0011
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet CM1312nfi MFP
Device ID: ROOT\MULTIFUNCTION\0012
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CM1312nfi MFP
PNP Device ID: ROOT\MULTIFUNCTION\0012
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet CP3525
Device ID: ROOT\MULTIFUNCTION\0013
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CP3525
PNP Device ID: ROOT\MULTIFUNCTION\0013
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet P3005
Device ID: ROOT\MULTIFUNCTION\0014
Manufacturer: Hewlett-Packard
Name: HP LaserJet P3005
PNP Device ID: ROOT\MULTIFUNCTION\0014
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 2430
Device ID: ROOT\MULTIFUNCTION\0015
Manufacturer: Hewlett-Packard
Name: hp LaserJet 2430
PNP Device ID: ROOT\MULTIFUNCTION\0015
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 2430
Device ID: ROOT\MULTIFUNCTION\0016
Manufacturer: Hewlett-Packard
Name: hp LaserJet 2430
PNP Device ID: ROOT\MULTIFUNCTION\0016
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 2300 series
Device ID: ROOT\MULTIFUNCTION\0017
Manufacturer: Hewlett-Packard
Name: hp LaserJet 2300 series
PNP Device ID: ROOT\MULTIFUNCTION\0017
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 4050 Series
Device ID: ROOT\MULTIFUNCTION\0018
Manufacturer: Hewlett-Packard
Name: HP LaserJet 4050 Series
PNP Device ID: ROOT\MULTIFUNCTION\0018
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet CP4005
Device ID: ROOT\MULTIFUNCTION\0019
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CP4005
PNP Device ID: ROOT\MULTIFUNCTION\0019
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet CP4005
Device ID: ROOT\MULTIFUNCTION\0020
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CP4005
PNP Device ID: ROOT\MULTIFUNCTION\0020
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet 4700
Device ID: ROOT\MULTIFUNCTION\0021
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet 4700
PNP Device ID: ROOT\MULTIFUNCTION\0021
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet CP4005
Device ID: ROOT\MULTIFUNCTION\0022
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CP4005
PNP Device ID: ROOT\MULTIFUNCTION\0022
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet P3010 Series
Device ID: ROOT\MULTIFUNCTION\0023
Manufacturer: Hewlett-Packard
Name: HP LaserJet P3010 Series
PNP Device ID: ROOT\MULTIFUNCTION\0023
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 4100 Series
Device ID: ROOT\MULTIFUNCTION\0024
Manufacturer: Hewlett-Packard
Name: HP LaserJet 4100 Series
PNP Device ID: ROOT\MULTIFUNCTION\0024
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 4300
Device ID: ROOT\MULTIFUNCTION\0025
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4300
PNP Device ID: ROOT\MULTIFUNCTION\0025
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet CP3525
Device ID: ROOT\MULTIFUNCTION\0026
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CP3525
PNP Device ID: ROOT\MULTIFUNCTION\0026
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet CP3525
Device ID: ROOT\MULTIFUNCTION\0027
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CP3525
PNP Device ID: ROOT\MULTIFUNCTION\0027
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet P3010 Series
Device ID: ROOT\MULTIFUNCTION\0028
Manufacturer: Hewlett-Packard
Name: HP LaserJet P3010 Series
PNP Device ID: ROOT\MULTIFUNCTION\0028
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet CP3525
Device ID: ROOT\MULTIFUNCTION\0029
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CP3525
PNP Device ID: ROOT\MULTIFUNCTION\0029
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 5200
Device ID: ROOT\MULTIFUNCTION\0030
Manufacturer: Hewlett-Packard
Name: HP LaserJet 5200
PNP Device ID: ROOT\MULTIFUNCTION\0030
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet P3010 Series
Device ID: ROOT\MULTIFUNCTION\0031
Manufacturer: Hewlett-Packard
Name: HP LaserJet P3010 Series
PNP Device ID: ROOT\MULTIFUNCTION\0031
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet CP3525
Device ID: ROOT\MULTIFUNCTION\0032
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CP3525
PNP Device ID: ROOT\MULTIFUNCTION\0032
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet CP3525
Device ID: ROOT\MULTIFUNCTION\0033
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CP3525
PNP Device ID: ROOT\MULTIFUNCTION\0033
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet 4700
Device ID: ROOT\MULTIFUNCTION\0034
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet 4700
PNP Device ID: ROOT\MULTIFUNCTION\0034
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet CP4005
Device ID: ROOT\MULTIFUNCTION\0035
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CP4005
PNP Device ID: ROOT\MULTIFUNCTION\0035
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 2430
Device ID: ROOT\MULTIFUNCTION\0036
Manufacturer: Hewlett-Packard
Name: hp LaserJet 2430
PNP Device ID: ROOT\MULTIFUNCTION\0036
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet CP3525
Device ID: ROOT\MULTIFUNCTION\0037
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CP3525
PNP Device ID: ROOT\MULTIFUNCTION\0037
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 2430
Device ID: ROOT\MULTIFUNCTION\0038
Manufacturer: Hewlett-Packard
Name: hp LaserJet 2430
PNP Device ID: ROOT\MULTIFUNCTION\0038
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet P4515
Device ID: ROOT\MULTIFUNCTION\0039
Manufacturer: Hewlett-Packard
Name: HP LaserJet P4515
PNP Device ID: ROOT\MULTIFUNCTION\0039
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet P3010 Series
Device ID: ROOT\MULTIFUNCTION\0040
Manufacturer: Hewlett-Packard
Name: HP LaserJet P3010 Series
PNP Device ID: ROOT\MULTIFUNCTION\0040
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 4350
Device ID: ROOT\MULTIFUNCTION\0041
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4350
PNP Device ID: ROOT\MULTIFUNCTION\0041
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 4250
Device ID: ROOT\MULTIFUNCTION\0042
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4250
PNP Device ID: ROOT\MULTIFUNCTION\0042
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 4350
Device ID: ROOT\MULTIFUNCTION\0043
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4350
PNP Device ID: ROOT\MULTIFUNCTION\0043
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet P3010 Series
Device ID: ROOT\MULTIFUNCTION\0044
Manufacturer: Hewlett-Packard
Name: HP LaserJet P3010 Series
PNP Device ID: ROOT\MULTIFUNCTION\0044
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 1320 series
Device ID: ROOT\MULTIFUNCTION\0045
Manufacturer: Hewlett-Packard
Name: hp LaserJet 1320 series
PNP Device ID: ROOT\MULTIFUNCTION\0045
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 1320 series
Device ID: ROOT\MULTIFUNCTION\0046
Manufacturer: Hewlett-Packard
Name: hp LaserJet 1320 series
PNP Device ID: ROOT\MULTIFUNCTION\0046
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet P2015 Series
Device ID: ROOT\MULTIFUNCTION\0047
Manufacturer: Hewlett-Packard
Name: HP LaserJet P2015 Series
PNP Device ID: ROOT\MULTIFUNCTION\0047
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet CP1025nw
Device ID: ROOT\MULTIFUNCTION\0048
Manufacturer: Hewlett-Packard
Name: HP LaserJet CP1025nw
PNP Device ID: ROOT\MULTIFUNCTION\0048
Service:
.
==== System Restore Points ===================
.
RP313: 5/3/2012 2:20:04 PM - Software Distribution Service 3.0
RP314: 5/4/2012 7:01:19 PM - Software Distribution Service 3.0
RP315: 5/9/2012 7:00:32 PM - Software Distribution Service 3.0
RP316: 5/11/2012 6:40:55 AM - Software Distribution Service 3.0
RP317: 5/11/2012 5:14:52 PM - Software Distribution Service 3.0
RP318: 5/12/2012 10:03:57 AM - Software Distribution Service 3.0
RP319: 5/13/2012 7:26:55 AM - Software Distribution Service 3.0
RP320: 5/14/2012 1:43:59 PM - System Checkpoint
RP321: 5/15/2012 6:23:40 PM - Software Distribution Service 3.0
RP322: 5/16/2012 7:38:54 PM - System Checkpoint
RP323: 5/18/2012 11:02:30 AM - Software Distribution Service 3.0
RP324: 5/20/2012 4:15:30 PM - System Checkpoint
RP325: 5/22/2012 6:56:47 AM - Software Distribution Service 3.0
RP326: 5/22/2012 4:21:22 PM - Software Distribution Service 3.0
RP327: 5/23/2012 10:40:59 AM - Software Distribution Service 3.0
RP328: 5/24/2012 6:48:48 PM - System Checkpoint
RP329: 5/25/2012 6:31:15 AM - Software Distribution Service 3.0
RP330: 5/26/2012 2:57:02 PM - System Checkpoint
RP331: 5/27/2012 3:00:45 PM - System Checkpoint
RP332: 5/30/2012 7:41:23 AM - Software Distribution Service 3.0
RP333: 6/2/2012 7:02:04 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
3ivx MPEG-4 5.0.3 (remove only)
Acoustica Effects Pack
Acoustica Mixcraft 5
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0
Adobe Shockwave Player 11.6
Adobe® Photoshop® Album Starter Edition 3.2
Advanced Audio FX Engine
Alohabob PC Relocator Ultra Control
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Are You Smarter Than A 5th Grader?
ATI Catalyst Control Center
ATI Display Driver
AusLogics Disk Defrag
Bing Bar
Bonjour
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
BufferChm
C309g-m
Cakewalk Music Creator 3
Cakewalk VST Adapter 4.5.1.0
CCleaner
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Corel Photo Album 6
Critical Update for Windows Media Player 11 (KB959772)
Cyber Chess
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Media Experience
Dell Support Center (Support Software)
Dell System Restore
Dell Wireless WLAN Card
DellSupport
Destinations
DeviceDiscovery
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
DreamStation DXi2
EarthLink setup files
EducateU
ELIcon
Evolution software
FlipShare
Free M4a to MP3 Converter 7.0
Games, Music, & Photos Launcher
Geek Squad 24 Hour Computer Support
Get High Speed Internet!
getPlus®_ocx
Google Earth
Google Update Helper
GPBaseService2
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart Premium C309g-m All-In-One Driver Software 13.0 Rel .6
HP Print Projects 1.0
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
IHA_MessageCenter
InterActual Player
Internet Service Offers Launcher
iTunes
J2SE Runtime Environment 5.0 Update 7
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java™ 6 Update 2
Java™ 6 Update 23
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Kid Pix Deluxe 3
Leap Ahead Phonics Ages 4-7
Learn2 Player (Uninstall Only)
Lernout & Hauspie TruVoice American English TTS Engine
LiveUpdate 2.6 (Symantec Corporation)
Logitech Desktop Messenger
Logitech MouseWare 9.76
Logitech Resource Center
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Location Finder
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Standard for Students and Teachers
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Streets & Trips 2006 with GPS Locator
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Musicmatch for Windows Media Player
Musicmatch® Jukebox
NetWaiting
Network
NetZero For Cosmi
NetZeroInstallers
OpenOffice.org Installer 1.0
PFCMedia 2.0 by AT&W Technologies
PowerDVD 5.7
PS_AIO_06_C309g-m_SW_Min
QuickSet
QuickTime
RealPlayer Basic
Rocketfish HD Webcam (1.00.06.00)
Rocketfish Live! Central
Scan
Scholastic's I SPY Treasure Hunt
Search Assist
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
Skype Click to Call
Skype™ 5.5
SmartWebPrinting
SolutionCenter
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Stamps.com
Stamps.com Application Support for Microsoft Word 2000-2010
Stamps.com support for Microsoft Word 2000-2010
Stamps.com Web Postage Plug-in
Status
SUPERAntiSpyware
Support Actions Win2K,WinXP
swMSM
Synaptics Pointing Device Driver
Toolbox
TrayApp
Type to Learn 4 1.21
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
US-122 MKII / US-144 MKII
Verizon Broadband Toolbar (IE only)
Verizon Download Manager
Verizon Help and Support Tool
Viewpoint Media Player
Virtual Sound Canvas DXi
Vz In Home Agent
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
Webroot SecureAnywhere
Webroot Software
WildTangent Web Driver
Windows Defender
Windows Defender Signatures
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Video 9 Advanced Profile Codec
Windows PowerShell™ 1.0
Windows XP Service Pack 3
Wise Registry Cleaner 6.21
WordPerfect Office 12
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
5/30/2012 5:30:00 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
5/28/2012 9:15:04 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
5/27/2012 10:32:21 AM, error: Service Control Manager [7034] - The HP Network Devices Support service terminated unexpectedly. It has done this 1 time(s).
5/27/2012 10:23:44 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
5/27/2012 10:23:44 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
answr.MBR
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-02 20:12:30
-----------------------------
20:12:30.218 OS Version: Windows 5.1.2600 Service Pack 3
20:12:30.218 Number of processors: 1 586 0xE08
20:12:30.234 ComputerName: NOTEBOOK UserName: Owner
20:12:31.343 Initialize success
20:18:36.984 AVAST engine defs: 12060201
20:21:06.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:21:06.718 Disk 0 Vendor: FUJITSU_MHV2060BH 0085002A Size: 55796MB BusType: 3
20:21:06.750 Disk 0 MBR read successfully
20:21:06.750 Disk 0 MBR scan
20:21:06.796 Disk 0 Windows XP default MBR code
20:21:06.796 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
20:21:06.812 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 39660 MB offset 96390
20:21:06.843 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12637 MB offset 81321030
20:21:06.875 Disk 0 Partition 4 00 DB CP/M / CTOS MSWIN4.1 3443 MB offset 107201745
20:21:06.890 Disk 0 scanning sectors +114254280
20:21:06.968 Disk 0 scanning C:\WINDOWS\system32\drivers
20:21:26.359 Service scanning
20:21:56.421 Service WRkrn C:\WINDOWS\System32\drivers\WRkrn.sys **LOCKED** 32
20:21:58.015 Modules scanning
20:22:06.281 Disk 0 trace - called modules:
20:22:06.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:22:06.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a58bab8]
20:22:06.312 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000009a[0x8a56ff18]
20:22:06.312 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a56e940]
20:22:06.890 AVAST engine scan C:\WINDOWS
20:22:15.687 AVAST engine scan C:\WINDOWS\system32
20:26:15.250 AVAST engine scan C:\WINDOWS\system32\drivers
20:26:38.968 AVAST engine scan C:\Documents and Settings\Owner.NOTEBOOK
20:34:16.750 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner.NOTEBOOK\Desktop\MBR.dat"
20:34:16.750 The log file has been saved successfully to "C:\Documents and Settings\Owner.NOTEBOOK\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   536bytes   0 downloads


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:29 AM

Posted 02 June 2012 - 07:49 PM

Hi,

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Delete is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)



NEXT



Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 PAFC

PAFC
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 02 June 2012 - 08:12 PM

I received a message that says Threats Detected and inside that window it says TDSS File System Physical drive: \Device\Harddisk0\DR0, suspicious object medium risk. Choices are skip, copy to quarantine, Delete

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:29 AM

Posted 02 June 2012 - 08:14 PM

please "delete" that

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 PAFC

PAFC
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 02 June 2012 - 09:23 PM

Sorry - I had deleted as instructed, never got the reboot now continue message. I copied and pasted the tdss log to the reply, then started into the combofix instructions and had trouble stopping my virus protection - I thought I'd disabled everything but combofix said "it's still not disabled but we'll go anyway at your risk" or something to that effect. I went back through and disabled everything one by one in the virus protection program before clicking ok, it was grayed out in the system tray, so I clicked "ok" to that combofix message. Got the command prompt looking screen and it seemed to be scanning.

I had to walk away from the computer, came back to blue screen of death and turned the laptop off. I am on a different computer now. I will get back on the laptop tomorrow and continue with whatever you want me to do.

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:29 AM

Posted 02 June 2012 - 09:26 PM

is it rebooting or can you no longer boot that computer?

if it boots, see if you can find a ComboFix log at C:\combofix.txt

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 PAFC

PAFC
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 02 June 2012 - 09:40 PM

It boots, I checked My Computer for c:\ and in that there is a combofix folder with a computer icon (rather than a folder icon). In that folder is pretty much a mirror of My Computer - including another combofix folder and another "mirror" of My Computer. Does that make sense?

Edited by PAFC, 02 June 2012 - 09:46 PM.


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:29 AM

Posted 02 June 2012 - 10:45 PM

yes it does,

please re-run ComboFix

let me know if it gives any error messages

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 PAFC

PAFC
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 03 June 2012 - 09:53 AM

Hi - I restarted computer this morning, re-ran ComboFix but like an idiot forgot to disable Webroot virus protection. It ran through the extraction process, THEN gave me the message to disable virus protection. I did, clicked OK, then...nothing. I re-ran ComboFix again *cringing probably should have not* and got the error message "can't write to c:\327blahblah" so I clicked abort. The c:\327blahblah file is a mirror as described above.

Also, is it normal for combofix to shut down the browser during the re-direct process? I can't get back into firefox on that computer now.

Edited by PAFC, 03 June 2012 - 09:54 AM.


#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:29 AM

Posted 03 June 2012 - 09:58 AM

yes,

you just need to reboot and all should be OK again.

Please right click and delete the comboFix folder on your computer, it seems as though the AV may have corrupted the download and unpacking:

download a fresh copy, but rename it to svchost.exe

now boot into safe mode and run it from there

give it lots of time, more than you think it should take

it may appear to have stalled, but it may be working in the background

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 PAFC

PAFC
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 03 June 2012 - 11:08 AM

Quick question: I am trying to re-run it, it did the extraction bit, now it's warning me scanners are active - however, I am in safe mode, and from what I can tell, neither scanner is active. Should I go ahead and click ok?

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:29 AM

Posted 03 June 2012 - 12:35 PM

Hi,

Yes, go ahead and click OK

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 PAFC

PAFC
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 03 June 2012 - 02:06 PM

Here's the combofix log:
ComboFix 12-06-03.01 - Owner 06/03/2012 14:35:12.2.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1717 [GMT -4:00]
Running from: c:\documents and settings\Owner.NOTEBOOK\Desktop\svchost.exe.exe
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner.NOTEBOOK\Local Settings\Application Data\Apple\Adobe\ipemm.dll
c:\documents and settings\Visitor\My Documents\~WRL0282.tmp
c:\windows\system32\setb5.tmp
c:\windows\system32\SETC5.tmp
c:\windows\system32\SETD1.tmp
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.
.
((((((((((((((((((((((((( Files Created from 2012-05-03 to 2012-06-03 )))))))))))))))))))))))))))))))
.
.
2012-06-03 14:46 . 2012-06-03 14:46 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{60AB00AE-5449-470F-ABA3-AB06AB98FFCB}\offreg.dll
2012-06-03 02:38 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{60AB00AE-5449-470F-ABA3-AB06AB98FFCB}\mpengine.dll
2012-06-03 01:20 . 2012-06-03 01:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-02 22:08 . 2012-06-02 22:08 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-06-02 22:08 . 2012-04-21 01:19 97208 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-06-02 22:08 . 2012-04-21 01:19 43960 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-06-02 22:08 . 2012-04-21 01:19 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-02 22:08 . 2012-04-21 01:19 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-06-02 22:08 . 2012-04-21 01:18 588728 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-05-30 21:20 . 2012-05-30 21:20 -------- d-----w- c:\documents and settings\Owner.NOTEBOOK\Local Settings\Application Data\PowerDVD
2012-05-23 23:18 . 2012-05-26 23:44 -------- d-----w- c:\program files\CCleaner
2012-05-23 15:50 . 2012-05-23 15:50 -------- d-----w- C:\ansfast
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-20 23:26 . 2012-02-13 23:40 148216 ----a-w- c:\windows\system32\WRusr.dll
2012-05-20 23:26 . 2012-02-13 23:40 111184 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2012-05-08 16:40 . 2009-04-30 20:24 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-04-11 13:12 . 2004-08-10 17:51 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2004-08-10 17:51 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2004-08-04 03:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 19:56 . 2010-11-26 22:50 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-21 01:19 . 2012-06-02 22:08 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 19550344]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-03 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\windows\stsystra.exe" [2006-03-24 282624]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2010-06-11 206120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Rocket Live! Central 2"="c:\program files\Rocketfish HD Webcam\Live! Central\RFLVCentral2.exe" [2010-02-24 430247]
"V0650Mon.exe"="c:\windows\V0650Mon.exe" [2010-02-24 28672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-05-20 679672]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-09 110592]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-5-16 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\MRI_DISABLED
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-5-16 24576]
HotSync Manager.lnk - c:\program files\Palm\HotSync.exe [N/A]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-2-28 67128]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"=xgusb.cpl
"midi4"=xgusb.cpl
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2007-10-09 23:17 2183168 ----a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 20:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 23:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
2003-03-04 09:50 19968 ------w- c:\windows\LOGI_MWX.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 23:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Microsoft Plus! Photo Story 2 LE\\PS2Trial.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2351:UDP"= 2351:UDP:Windows Media Format SDK (wmplayer.exe)
"2350:UDP"= 2350:UDP:Windows Media Format SDK (wmplayer.exe)
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2/13/2012 7:40 PM 111184]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 6:33 PM 249648]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/24/2010 12:03 PM 135664]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 6:06 PM 290832]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [6/11/2010 9:37 AM 206120]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [6/11/2010 9:37 AM 185640]
S2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2/13/2012 7:39 PM 679672]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 8:31 PM 195336]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [1/14/2012 3:38 PM 144640]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/24/2010 12:03 PM 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/2/2012 6:08 PM 129976]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\drivers\tascusb2.sys [5/16/2010 5:16 PM 386560]
S3 TASCAM_US122L_MK2_MIDI;TASCAM US-122L mk2 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [5/16/2010 5:16 PM 20992]
S3 TASCAM_US122L_MK2_WDM;TASCAM US-122L mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys [5/16/2010 5:16 PM 33792]
S3 V0650Afx;Rocketfish HD Webcam Audio Effects Driver;c:\windows\system32\drivers\V0650Afx.sys [1/14/2012 3:42 PM 160256]
S3 V0650Vid;Rocketfish HD Webcam Driver;c:\windows\system32\drivers\V0650Vid.sys [1/14/2012 3:41 PM 322176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MDMXSDK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 16:03]
.
2012-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 16:03]
.
2012-06-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Owner.NOTEBOOK\Application Data\Mozilla\Firefox\Profiles\8aahkil9.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-Adobe - c:\documents and settings\Owner.NOTEBOOK\Local Settings\Application Data\Apple\Adobe\ipemm.dll
HKU-Default-Run-Adobe - c:\documents and settings\Owner.NOTEBOOK\Local Settings\Application Data\Apple\Adobe\ipemm.dll
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-Google Quick Search Box - c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
MSConfigStartUp-pccguide - c:\program files\Trend Micro\Internet Security 12\pccguide.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-03 14:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(288)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\MFC80.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
Completion time: 2012-06-03 14:55:17
ComboFix-quarantined-files.txt 2012-06-03 18:55
.
Pre-Run: 5,575,884,800 bytes free
Post-Run: 6,301,908,992 bytes free
.
- - End Of File - - 0DA5769DECB79090EAEE2512F069B242




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users