timradcliffe345
2010-08-01, 04:09
Knowledgeable users,
Our computer is being plagued with a Win32/Ramnit.A virus/malware/spyware.
Please advise us of how to clean our computer of this.
Many thanks in advance.
-Tim and Lisa
DDS (Ver_10-03-17.01) - NTFSx86
Run by Mattias at 21:26:13.70 on Sat 07/31/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.309 [GMT -5:00]
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Mattias\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1220651435&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&id=64855
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\microsoft\desktoplayer.exe,c:\windows\explorersrv.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0983.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0983.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [{A9CABE0E-FDC4-65FD-05A0-86DCD4A8F74C}] "c:\documents and settings\mattias\application data\qabu\kiazx.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\mattias\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} - hxxps://install.charter.com/diskless/bin/ssctlsma.dll
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - hxxps://mcrlink.mayo.edu/vdesk/terminal/f5opswati.cab#Version=6500,2010,331,1206
DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} - hxxps://mcrlink.mayo.edu/vdesk/cachecleaner.cab#version=6031,2010,0122,2102
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://mcrlink.mayo.edu/vdesk/terminal/urxvpn.cab#version=6031,2010,125,2117
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - hxxps://mcrlink.mayo.edu/vdesk/terminal/f5opswati.cab#Version=6500,2010,331,1206
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://mcrlink.mayo.edu/vdesk/terminal/f5tunsrv.cab#version=6031,2009,1204,1610
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://mcrlink.mayo.edu/vdesk/terminal/InstallerControl.cab#version=6031,2009,1204,1613
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - hxxps://mcrlink.mayo.edu/vdesk/terminal/f5opswati.cab#Version=6500,2010,331,1206
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} - hxxps://mcrlink.mayo.edu/vdesk/terminal/vdeskctrl.cab#Version=6031,2009,1212,1610
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://mcrlink.mayo.edu/vdesk/terminal/urxshost.cab#version=6031,2009,1204,1608
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://mcrlink.mayo.edu/vdesk/terminal/urxhost.cab#version=6031,2009,1204,1604
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - hxxps://mcrlink.mayo.edu/vdesk/terminal/f5opswati.cab#Version=6500,2010,331,1206
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-11 64288]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-1-22 214024]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 wsnm;VMware View Client Service;c:\program files\vmware\vmware view\client\bin\wsnm.exe [2010-2-10 151552]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-4-4 24344]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-1-13 38224]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [2009-10-9 33920]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-26 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-6 1352832]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [2010-1-3 10752]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-1-22 79880]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-1-22 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-1-22 34216]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-1-22 40552]
S3 scwatch;HP Smart Card Monitor Service;c:\program files\hewlett-packard\hp session allocation client\scwatch.exe [2008-2-29 200192]
=============== Created Last 30 ================
2010-08-01 02:13:37 0 dc----w- C:\f6bf697464a9754d2ad71ab6554f3d
2010-08-01 01:23:43 0 d-----w- c:\program files\Microsoft Security Essentials
2010-08-01 01:19:57 0 dc----w- C:\773fcb0da6bd302ddeebf882da21521a
2010-08-01 01:07:08 0 dc----w- C:\b75e99cc9ddc5c1558ae0226170bbfa0
2010-07-31 23:58:43 57344 ----a-w- c:\windows\ExplorerSrv.exe
2010-07-31 23:27:34 1872 ----a-w- c:\windows\system32\tmp.reg
2010-07-31 23:26:51 87552 ----a-w- c:\windows\system32\VACFix.exe
2010-07-31 23:26:51 82432 ----a-w- c:\windows\system32\404Fix.exe
2010-07-31 23:26:51 80384 ----a-w- c:\windows\system32\o4Patch.exe
2010-07-31 23:26:51 79360 ----a-w- c:\windows\system32\swxcacls.exe
2010-07-31 23:26:51 78336 ----a-w- c:\windows\system32\Agent.OMZ.Fix.exe
2010-07-31 23:26:51 75776 ----a-w- c:\windows\system32\WS2Fix.exe
2010-07-31 23:26:51 53248 ----a-w- c:\windows\system32\Process.exe
2010-07-31 23:26:51 51200 ----a-w- c:\windows\system32\dumphive.exe
2010-07-31 23:26:51 289144 ----a-w- c:\windows\system32\VCCLSID.exe
2010-07-31 23:26:51 288417 ----a-w- c:\windows\system32\SrchSTS.exe
2010-07-31 23:26:51 135168 ----a-w- c:\windows\system32\swreg.exe
2010-07-31 21:40:46 0 d-----w- c:\program files\riva
2010-07-31 21:40:41 0 d-----w- c:\program files\Microsoft
2010-07-14 23:10:05 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 22:39:28 0 dcsha-r- C:\cmdcons
2010-07-13 18:35:34 0 d-----w- c:\docume~1\mattias\applic~1\SUPERAntiSpyware.com
2010-07-13 18:35:34 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-07-13 18:35:10 0 d-----w- c:\program files\SUPERAntiSpyware
2010-07-12 04:58:38 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-12 02:01:51 64288 -c--a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-12 02:01:37 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-12 01:34:21 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{65893B95-F47B-4483-B883-86BA181E9B54}
==================== Find3M ====================
2010-08-01 00:55:26 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-08-01 00:55:25 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-08-01 00:12:59 364544 ----a-w- c:\windows\system32\dllcache\npdsplay.dll
2010-07-30 18:26:03 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-06-01 17:37:48 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2008-11-30 14:35:48 88 --sh--r- c:\windows\system32\580B4644DD.sys
============= FINISH: 21:28:07.89 ===============
Our computer is being plagued with a Win32/Ramnit.A virus/malware/spyware.
Please advise us of how to clean our computer of this.
Many thanks in advance.
-Tim and Lisa
DDS (Ver_10-03-17.01) - NTFSx86
Run by Mattias at 21:26:13.70 on Sat 07/31/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.309 [GMT -5:00]
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Mattias\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1220651435&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&id=64855
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\microsoft\desktoplayer.exe,c:\windows\explorersrv.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0983.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0983.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [{A9CABE0E-FDC4-65FD-05A0-86DCD4A8F74C}] "c:\documents and settings\mattias\application data\qabu\kiazx.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\mattias\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} - hxxps://install.charter.com/diskless/bin/ssctlsma.dll
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - hxxps://mcrlink.mayo.edu/vdesk/terminal/f5opswati.cab#Version=6500,2010,331,1206
DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} - hxxps://mcrlink.mayo.edu/vdesk/cachecleaner.cab#version=6031,2010,0122,2102
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://mcrlink.mayo.edu/vdesk/terminal/urxvpn.cab#version=6031,2010,125,2117
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - hxxps://mcrlink.mayo.edu/vdesk/terminal/f5opswati.cab#Version=6500,2010,331,1206
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://mcrlink.mayo.edu/vdesk/terminal/f5tunsrv.cab#version=6031,2009,1204,1610
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://mcrlink.mayo.edu/vdesk/terminal/InstallerControl.cab#version=6031,2009,1204,1613
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - hxxps://mcrlink.mayo.edu/vdesk/terminal/f5opswati.cab#Version=6500,2010,331,1206
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} - hxxps://mcrlink.mayo.edu/vdesk/terminal/vdeskctrl.cab#Version=6031,2009,1212,1610
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://mcrlink.mayo.edu/vdesk/terminal/urxshost.cab#version=6031,2009,1204,1608
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://mcrlink.mayo.edu/vdesk/terminal/urxhost.cab#version=6031,2009,1204,1604
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - hxxps://mcrlink.mayo.edu/vdesk/terminal/f5opswati.cab#Version=6500,2010,331,1206
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-11 64288]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-1-22 214024]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 wsnm;VMware View Client Service;c:\program files\vmware\vmware view\client\bin\wsnm.exe [2010-2-10 151552]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-4-4 24344]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-1-13 38224]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [2009-10-9 33920]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-26 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-6 1352832]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [2010-1-3 10752]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-1-22 79880]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-1-22 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-1-22 34216]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-1-22 40552]
S3 scwatch;HP Smart Card Monitor Service;c:\program files\hewlett-packard\hp session allocation client\scwatch.exe [2008-2-29 200192]
=============== Created Last 30 ================
2010-08-01 02:13:37 0 dc----w- C:\f6bf697464a9754d2ad71ab6554f3d
2010-08-01 01:23:43 0 d-----w- c:\program files\Microsoft Security Essentials
2010-08-01 01:19:57 0 dc----w- C:\773fcb0da6bd302ddeebf882da21521a
2010-08-01 01:07:08 0 dc----w- C:\b75e99cc9ddc5c1558ae0226170bbfa0
2010-07-31 23:58:43 57344 ----a-w- c:\windows\ExplorerSrv.exe
2010-07-31 23:27:34 1872 ----a-w- c:\windows\system32\tmp.reg
2010-07-31 23:26:51 87552 ----a-w- c:\windows\system32\VACFix.exe
2010-07-31 23:26:51 82432 ----a-w- c:\windows\system32\404Fix.exe
2010-07-31 23:26:51 80384 ----a-w- c:\windows\system32\o4Patch.exe
2010-07-31 23:26:51 79360 ----a-w- c:\windows\system32\swxcacls.exe
2010-07-31 23:26:51 78336 ----a-w- c:\windows\system32\Agent.OMZ.Fix.exe
2010-07-31 23:26:51 75776 ----a-w- c:\windows\system32\WS2Fix.exe
2010-07-31 23:26:51 53248 ----a-w- c:\windows\system32\Process.exe
2010-07-31 23:26:51 51200 ----a-w- c:\windows\system32\dumphive.exe
2010-07-31 23:26:51 289144 ----a-w- c:\windows\system32\VCCLSID.exe
2010-07-31 23:26:51 288417 ----a-w- c:\windows\system32\SrchSTS.exe
2010-07-31 23:26:51 135168 ----a-w- c:\windows\system32\swreg.exe
2010-07-31 21:40:46 0 d-----w- c:\program files\riva
2010-07-31 21:40:41 0 d-----w- c:\program files\Microsoft
2010-07-14 23:10:05 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 22:39:28 0 dcsha-r- C:\cmdcons
2010-07-13 18:35:34 0 d-----w- c:\docume~1\mattias\applic~1\SUPERAntiSpyware.com
2010-07-13 18:35:34 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-07-13 18:35:10 0 d-----w- c:\program files\SUPERAntiSpyware
2010-07-12 04:58:38 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-12 02:01:51 64288 -c--a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-12 02:01:37 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-12 01:34:21 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{65893B95-F47B-4483-B883-86BA181E9B54}
==================== Find3M ====================
2010-08-01 00:55:26 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-08-01 00:55:25 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-08-01 00:12:59 364544 ----a-w- c:\windows\system32\dllcache\npdsplay.dll
2010-07-30 18:26:03 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-06-01 17:37:48 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2008-11-30 14:35:48 88 --sh--r- c:\windows\system32\580B4644DD.sys
============= FINISH: 21:28:07.89 ===============