|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
LinkBack | Thread Tools |
07-23-2009, 08:51 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jul 2009
Posts: 3
OS: xp
|
NTOSKRNL-Hook :(
Hi all,
My computer became infected with NTOSKRNL-Hook last night. Macafee finds it but cannot get rid of it. It kept rerouting my pages on the internet and giving me memory failure notices. Before coming to this forum I read around and downloaded malwarebytes and used it. It got some of it, but not all. Then I downloaded combofix (I apologise for doing that without seeking professional opinions first. I didn't know until I came here just now that this wasn't a good idea. I was desperate and did not read the whole write up, I just followed someone elses advice. I know better now however and will come to professionals first from now on.) Anyhow I ran it, after turning off my antivirus, registry software, and antispyware. Everything seems to be working fine now. The symptoms are gone but I would like to be sure that it hasn't hidden itself anywhere on my PC, and crop back up later. Here is the log from combofix: ComboFix 09-07-23.02 - Kay 07/23/2009 19:17.1.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1494 [GMT -7:00] Running from: c:\documents and settings\Kay\Desktop\Combo-Fix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-2369461160-35945199-3371764974-1003 c:\windows\system32\drivers\vsfocetklnkxuo.sys c:\windows\system32\vsfocemkxfhmxe.dll c:\windows\system32\vsfoceqjixoncv.dll c:\windows\system32\vsfocetdojerhp.dat c:\windows\system32\vsfoceytawqtyp.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_vsfocepjnatudx ((((((((((((((((((((((((( Files Created from 2009-06-24 to 2009-07-24 ))))))))))))))))))))))))))))))) . 2009-07-24 00:40 . 2009-07-24 00:40 -------- d-----w- c:\docume~1\Kay\APPLIC~1\Malwarebytes 2009-07-24 00:40 . 2009-07-13 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-24 00:40 . 2009-07-24 00:40 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes 2009-07-24 00:40 . 2009-07-24 00:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-24 00:40 . 2009-07-13 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-23 23:42 . 2009-07-23 23:42 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2009-07-23 23:42 . 2009-07-23 23:42 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-07-23 23:42 . 2009-07-23 23:42 -------- d-----w- c:\docume~1\Kay\APPLIC~1\SUPERAntiSpyware.com 2009-07-23 23:42 . 2009-07-23 23:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-06-28 01:21 . 2009-06-28 01:21 -------- d-----w- c:\docume~1\Kay\APPLIC~1\AdobeUM 2009-06-26 11:47 . 2009-07-12 09:14 -------- d-----w- c:\program files\Sims2Pack Clean Installer 2009-06-24 21:43 . 2009-06-24 21:43 -------- d-----w- c:\windows\system32\LogFiles . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-24 01:50 . 2009-06-17 12:26 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP 2009-07-21 14:26 . 2009-06-19 10:46 -------- d-----w- c:\docume~1\Kay\APPLIC~1\gtk-2.0 2009-06-23 06:34 . 2009-06-23 06:34 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-06-19 10:38 . 2009-06-19 10:38 -------- d-----w- c:\program files\GIMP-2.0 2009-06-18 13:08 . 2009-06-16 06:07 -------- d-----w- c:\program files\McAfee 2009-06-18 05:22 . 2009-06-15 06:54 71224 ----a-w- c:\documents and settings\Kay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-18 05:08 . 2009-06-18 05:07 -------- d-----w- c:\program files\SimPE 2009-06-17 05:14 . 2009-06-16 12:49 -------- d-----w- c:\program files\EA GAMES 2009-06-16 06:15 . 2009-06-16 04:19 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\McAfee 2009-06-16 06:08 . 2009-06-16 05:52 -------- d-----w- c:\program files\Common Files\McAfee 2009-06-16 06:07 . 2009-06-16 06:07 -------- d-----w- c:\program files\McAfee.com 2009-06-16 04:14 . 2005-11-05 04:11 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\McAfee.com 2009-06-15 13:56 . 2009-06-15 13:36 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft Help 2009-06-15 13:43 . 2005-12-01 18:33 -------- d-----w- c:\program files\Microsoft Works 2009-06-15 13:43 . 2009-06-15 13:43 -------- d-----w- c:\program files\MSBuild 2009-06-15 13:41 . 2009-06-15 13:41 -------- d-----w- c:\program files\Microsoft.NET 2009-06-15 12:06 . 2005-11-05 02:29 77607 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-06-15 11:20 . 2009-06-15 11:20 -------- d-----w- c:\program files\MSXML 4.0 2009-06-15 06:49 . 2009-06-15 06:49 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys 2009-06-15 06:49 . 2009-06-15 06:49 -------- d-----w- c:\program files\Atheros 2009-06-15 06:49 . 2005-11-05 02:56 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-15 06:38 . 2005-11-29 23:08 -------- d-----w- c:\program files\Sonic 2009-06-15 06:37 . 2009-06-15 06:37 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Yahoo! 2009-06-15 06:37 . 2005-11-05 04:13 -------- d-----w- c:\program files\Yahoo! 2009-06-15 06:37 . 2009-06-15 06:37 -------- d-----w- c:\docume~1\Kay\APPLIC~1\Yahoo! 2009-06-15 06:37 . 2009-06-15 06:37 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Yahoo! Companion 2009-06-15 06:35 . 2009-06-15 06:35 -------- d-----w- c:\program files\ArcSoft 2009-05-13 05:15 . 2005-11-05 00:53 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-07 15:32 . 2005-11-05 00:52 345600 ----a-w- c:\windows\system32\localspl.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-07-23 2836376] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2005-11-25 352256] "Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-10 73728] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-05-19 188416] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940] "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-07-15 1077322] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-11-05 98304] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2005-11-10 15473664] "NDSTray.exe"="NDSTray.exe" [BU] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-15 88203] "TFncKy"="TFncKy.exe" [BU] "TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624] c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\ RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-11-4 155648] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "c:\\Program Files\\Common Files\\AOL\\1131163763\\EE\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"= "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8 IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-23 19:29 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(572) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll c:\documents and settings\Kay\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL c:\windows\system32\Ati2evxx.dll . Completion time: 2009-07-24 19:34 ComboFix-quarantined-files.txt 2009-07-24 02:34 Pre-Run: 72,411,910,144 bytes free Post-Run: 72,792,682,496 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 178 --- E O F --- 2009-06-16 04:57 |
|
     
|
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
07-23-2009, 10:00 PM
|
#2 (permalink) |
|
Registered User
Join Date: Jul 2009
Posts: 3
OS: xp
|
Re: NTOSKRNL-Hook :(
Oh, here are my DDS txt
DDS (Ver_09-06-26.01) - NTFSx86 Run by Kay at 20:55:13.31 on Thu 07/23/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1470 [GMT -7:00] AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe svchost.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\system32\Ati2evxx.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Kay\Local Settings\Temporary Internet Files\Content.IE5\RJVOTXT9\dds[1].scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8 uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe mRun: [NDSTray.exe] NDSTray.exe mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [TFncKy] TFncKy.exe mRun: [TPSMain] TPSMain.exe mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: AtiExtEvent - Ati2evxx.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ============= SERVICES / DRIVERS =============== R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-6-15 201320] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-6-15 359248] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-6-15 144704] R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-6-15 79304] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-6-15 35240] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-6-15 33832] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-6-15 40488] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408] S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-6-15 695624] =============== Created Last 30 ================ 2009-07-23 19:30 <DIR> -cd----- c:\windows\system32\dllcache\cache 2009-07-23 19:00 <DIR> a-dshr-- C:\cmdcons 2009-07-23 18:56 219,648 a------- c:\windows\PEV.exe 2009-07-23 18:56 161,792 a------- c:\windows\SWREG.exe 2009-07-23 18:56 98,816 a------- c:\windows\sed.exe 2009-07-23 17:40 <DIR> --d----- c:\docume~1\kay\applic~1\Malwarebytes 2009-07-23 17:40 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-23 17:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-07-23 17:40 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-07-23 17:40 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-07-23 16:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2009-07-23 16:42 <DIR> --d----- c:\program files\SUPERAntiSpyware 2009-07-23 16:42 <DIR> --d----- c:\docume~1\kay\applic~1\SUPERAntiSpyware.com 2009-07-23 16:42 <DIR> --d----- c:\program files\common files\Wise Installation Wizard 2009-07-20 16:20 3,248 a------- c:\windows\system32\wbem\Outlook_01ca09909f6811fe.mof 2009-06-28 02:36 54,156 a---h--- c:\windows\QTFont.qfn 2009-06-28 02:36 1,409 a------- c:\windows\QTFont.for 2009-06-26 04:47 <DIR> --d----- c:\program files\Sims2Pack Clean Installer 2009-06-24 14:43 <DIR> --d----- c:\windows\system32\LogFiles 2009-06-23 21:33 3,833 a------- c:\windows\machine.ver ==================== Find3M ==================== 2009-06-22 23:34 107,888 a------- c:\windows\system32\CmdLineExt.dll 2009-06-15 05:06 77,607 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-06-14 23:49 17,801 a------- c:\windows\system32\drivers\AegisP.sys 2009-05-12 22:15 915,456 a------- c:\windows\system32\wininet.dll 2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll ============= FINISH: 20:56:14.46 =============== |
|
|
|
|
| Thread Tools | |
|
|
