Jump to content

Malinois

Members
 View Profile  See their activity

  • Posts

    7

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Malinois
    Thank you once again for all your help. Here are the eset and checkup files: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=40267c01574d5147a62127dd9aa0c6bd # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-07-02 10:00:02 # local_time=2011-07-02 06:00:03 (-0500, Eastern Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=144807 # found=1 # cleaned=1 # scan_time=18399 C:\Documents and Settings\Ian\Application Data\Sun\Java\Deployment\cache\6.0\9\404cf589-6159ad31 Java/TrojanDownloader.OpenStream.NCA trojan (deleted - quarantined) 00000000000000000000000000000000 C Results of screen317's Security Check version 0.99.17 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! McAfee VirusScan Enterprise McAfee Agent Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Ad-Aware Malwarebytes' Anti-Malware Java 6 Update 21 Java SE Runtime Environment 6 Update 1 Java 6 Update 2 Java 6 Update 3 Java 6 Update 5 Java 6 Update 7 Out of date Java installed! Adobe Flash Player 10.3.181.26 Mozilla Firefox (x86 en-US..) ```````````````````````````````` Process Check: objlist.exe by Laurent Ad-Aware AAWService.exe is disabled! Ad-Aware AAWTray.exe is disabled! Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe McAfee VirusScan Enterprise EngineServer.exe McAfee VirusScan Enterprise VsTskMgr.exe McAfee VirusScan Enterprise Mcshield.exe ``````````End of Log````````````
  2. Malinois
    I've been avoiding google for that reason, however, now that I try it, that problem seems to have gone away. I don't know if I'm still getting the miscellaneous incoming and outgoing ip's traffic because my trial MWB Pro expired. Guess I'll have to pony up. I'll run scans and send files as soon as I can.
  3. Malinois
    Do you also need another Combofix?
  4. Malinois
    Great, here's dds, attach and a new malwarebytes log attached: . DDS (Ver_2011-06-12.02) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21 Run by Ian at 20:53:56 on 2011-06-25 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1151.256 [GMT -4:00] . AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\ACS.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\system32\E_S00RP1.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\mfevtps.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\Explorer.EXE C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe C:\Program Files\BusinessCards\bcards.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bmw-online.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll uRun: [\\Teh-6\EPSON Stylus C88 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaba.exe /p31 "\\teh-6\EPSON Stylus C88 Series" /M "Stylus C88" /EF "HKCU" mRun: [TPNF] c:\program files\toshiba\touchpad\TPTray.exe mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [\\TEH-6\EPSON Stylus C88 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaba.exe /p31 "\\teh-6\epson stylus c88 series" /o17 "\\teh-6\EPSON_C88" /M "Stylus C88" mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [\\TEH-6.SaratogaDirect.local\EPSON Stylus C88 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaba.exe /p52 "\\teh-6.saratogadirect.local\EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88" mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [\\Teh-1\EPSON Stylus C88 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaba.exe /p31 "\\teh-1\EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm IE: Download Link Using Mega Manager... - c:\program files\megaupload\mega manager\mm_file.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://active.macromedia.com/flash4/cabs/swflash.cab TCP: DhcpNameServer = 192.168.1.1 71.242.0.12 TCP: Interfaces\{C9484E05-C1E7-4D2F-ACE3-60F4A9B8DEF3} : DhcpNameServer = 192.168.1.1 71.242.0.12 Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\ian\application data\mozilla\firefox\profiles\xmzcy18e.default\ FF - prefs.js: browser.startup.homepage - hxxp://nytimes.com/|http://www.reuters.com/finance/markets FF - plugin: c:\documents and settings\ian\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-11-18 340592] R1 SafDskNT;SafDskNT;c:\windows\system32\drivers\SafDskNT.sys [2002-2-12 77824] R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-3-24 118784] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-9 366640] R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2008-9-29 19456] R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744] R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-9-29 143088] R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-9-29 62800] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-11-18 67904] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-9 22712] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-11-18 90360] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-11-18 42424] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-11-18 64432] S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-1-13 1251720] . =============== Created Last 30 ================ . 2011-06-25 22:45:06 -------- d-----w- C:\WinXP 2011-06-22 21:32:36 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2011-06-22 21:32:35 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll 2011-06-22 19:54:00 -------- d-----w- c:\documents and settings\all users\application data\Auslogics 2011-06-22 19:49:57 -------- d-----w- C:\Downloads 2011-06-17 14:36:58 -------- d-sha-r- C:\cmdcons 2011-06-17 14:31:38 208896 ----a-w- c:\windows\MBR.exe 2011-06-17 14:31:37 98816 ----a-w- c:\windows\sed.exe 2011-06-17 14:31:37 518144 ----a-w- c:\windows\SWREG.exe 2011-06-17 14:31:37 256512 ----a-w- c:\windows\PEV.exe 2011-06-10 02:23:54 138 ----a-w- c:\documents and settings\ian\application data\um0unx4ss.bat 2011-06-10 02:23:37 0 ----a-w- c:\windows\Hlazu.bin 2011-06-10 02:23:28 -------- d-----w- c:\documents and settings\ian\local settings\application data\{1BD52215-9420-41B1-8B5D-04239F014C59} 2011-06-10 02:21:30 86528 --sha-r- c:\windows\system32\rdsaddint.dll 2011-06-10 02:21:30 86528 --sha-r- c:\windows\system32\odbc32M.dll 2011-06-10 02:21:30 86528 --sha-r- c:\windows\system32\btw_cif.dll 2011-06-07 16:35:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll 2011-06-07 16:35:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll 2011-06-05 04:27:55 -------- d-----w- c:\documents and settings\ian\application data\Auslogics 2011-06-02 18:20:50 -------- d-----w- c:\program files\MSECache . ==================== Find3M ==================== . 2011-06-22 21:24:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-22 20:30:09 61264 ----a-w- c:\windows\system32\GlyphInfo.bin 2011-06-22 20:30:09 210244 ----a-w- c:\windows\system32\FontInfo.bin 2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-09 02:28:05 7734240 ----a-w- C:\mbam-setup.exe 2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11:11 43520 ------w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01:22 385024 ------w- c:\windows\system32\html.iec 2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2011-04-21 01:19:45 45 ----a-w- c:\windows\system32\stopSvc.bat 2011-04-21 01:19:45 260 ----a-w- c:\windows\system32\cmdVBS.vbs 2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll 2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe . ============= FINISH: 20:56:04.83 =============== attach_6-25-11.zip mbam-log-2011-06-25 (16-54-54).zip
  5. Malinois
    Can I resubmit without uTorrent?
  6. Malinois
    Mea Culpa. I know I'm not supposed to install anything while we're doing this but ComboFix blue screened the first time I tried it and windows automatically applied its June updates in the course of the reboot. I then re-ran everything, so here are all the ComboFix/DDS files from after the windows update was applied. Thanks for all your help. DDS: . DDS (Ver_2011-06-12.02) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21 Run by Ian at 15:49:26 on 2011-06-17 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1151.272 [GMT -4:00] . AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\ACS.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\system32\E_S00RP1.EXE C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\mfevtps.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bmw-online.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch_1.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll uRun: [\\Teh-6\EPSON Stylus C88 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaba.exe /p31 "\\teh-6\EPSON Stylus C88 Series" /M "Stylus C88" /EF "HKCU" uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" mRun: [TPNF] c:\program files\toshiba\touchpad\TPTray.exe mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN mRun: [\\TEH-6\EPSON Stylus C88 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaba.exe /p31 "\\teh-6\epson stylus c88 series" /o17 "\\teh-6\EPSON_C88" /M "Stylus C88" mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [\\TEH-6.SaratogaDirect.local\EPSON Stylus C88 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaba.exe /p52 "\\teh-6.saratogadirect.local\EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88" mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe mRun: [CeEKEY] c:\program files\toshiba\e-key\CeEKey.exe mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [\\Teh-1\EPSON Stylus C88 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaba.exe /p31 "\\teh-1\EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm IE: Download Link Using Mega Manager... - c:\program files\megaupload\mega manager\mm_file.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://active.macromedia.com/flash4/cabs/swflash.cab TCP: DhcpNameServer = 192.168.1.1 71.242.0.12 TCP: Interfaces\{C9484E05-C1E7-4D2F-ACE3-60F4A9B8DEF3} : DhcpNameServer = 192.168.1.1 71.242.0.12 Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\ian\application data\mozilla\firefox\profiles\xmzcy18e.default\ FF - prefs.js: browser.startup.homepage - hxxp://nytimes.com/|http://www.reuters.com/finance/markets FF - plugin: c:\documents and settings\ian\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll FF - plugin: c:\program files\opera\program\plugins\NPFgc1.dll FF - plugin: c:\program files\opera\program\plugins\NPFgc2.dll FF - plugin: c:\program files\opera\program\plugins\NPFgc3.dll FF - plugin: c:\program files\opera\program\plugins\npmmaud.dll FF - plugin: c:\program files\opera\program\plugins\npmmprog.dll FF - plugin: c:\program files\opera\program\plugins\npmmvid.dll FF - plugin: c:\program files\opera\program\plugins\npmmzip.dll . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-11-18 340592] R1 SafDskNT;SafDskNT;c:\windows\system32\drivers\SafDskNT.sys [2002-2-12 77824] R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-3-24 118784] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-9 366640] R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2008-9-29 19456] R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744] R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-9-29 143088] R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-9-29 62800] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-11-18 67904] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-9 22712] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-11-18 90360] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-11-18 42424] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-11-18 64432] S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-1-13 1251720] . =============== Created Last 30 ================ . 2011-06-17 14:36:58 -------- d-sha-r- C:\cmdcons 2011-06-17 14:31:38 208896 ----a-w- c:\windows\MBR.exe 2011-06-17 14:31:37 98816 ----a-w- c:\windows\sed.exe 2011-06-17 14:31:37 518144 ----a-w- c:\windows\SWREG.exe 2011-06-17 14:31:37 256512 ----a-w- c:\windows\PEV.exe 2011-06-10 02:23:54 138 ----a-w- c:\documents and settings\ian\application data\um0unx4ss.bat 2011-06-10 02:23:37 0 ----a-w- c:\windows\Hlazu.bin 2011-06-10 02:23:28 -------- d-----w- c:\documents and settings\ian\local settings\application data\{1BD52215-9420-41B1-8B5D-04239F014C59} 2011-06-10 02:21:30 86528 --sha-r- c:\windows\system32\rdsaddint.dll 2011-06-10 02:21:30 86528 --sha-r- c:\windows\system32\odbc32M.dll 2011-06-10 02:21:30 86528 --sha-r- c:\windows\system32\btw_cif.dll 2011-06-07 16:35:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll 2011-06-07 16:35:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll 2011-06-05 04:27:55 -------- d-----w- c:\documents and settings\ian\application data\Auslogics 2011-06-02 18:20:50 -------- d-----w- c:\program files\MSECache . ==================== Find3M ==================== . 2011-06-17 19:32:53 61264 ----a-w- c:\windows\system32\GlyphInfo.bin 2011-06-17 19:32:52 210244 ----a-w- c:\windows\system32\FontInfo.bin 2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-18 15:59:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-09 02:28:05 7734240 ----a-w- C:\mbam-setup.exe 2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11:11 43520 ------w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01:22 385024 ------w- c:\windows\system32\html.iec 2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2011-04-21 01:19:45 45 ----a-w- c:\windows\system32\stopSvc.bat 2011-04-21 01:19:45 260 ----a-w- c:\windows\system32\cmdVBS.vbs 2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll 2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe . ============= FINISH: 15:51:59.45 =============== attach_6-17-11.zip combofixlog.zip mbam-log-2011-06-17 (13-22-15).zip
  7. Malinois
    I'm running Win XP Pro, SP3. Laptop has started running really hot, fans going all the time. There is one instance of SVCHOST.EXE that starts using more and more CPU cycles until it has virtually stopped the machine. MalwareBytes is reporting repeated blocked contact attempts for various IP addresses. Most are outgoing but some are incoming. Another strange thing, The selection to "Show all files and folders, including hidden and system" has disappeared from Explorer's Tools/Folder Options/View menu Yesterday, clicking links in google searches started redirecting too. Firefox 4 has also crashed a couple time, which is new behavior for it. Finally, not sure if this is relevant, SERVICES.EXE is in the right directory and file size is one of the know correct sizes but it is always using at least some CPU. I don't remember this being the case. Is it possible that some nasty is accessing it constantly? Profound thanks for taking the time to help with this. Here's the DDS file: . DDS (Ver_2011-06-12.02) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21 Run by Ian at 20:49:23 on 2011-06-14 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1151.202 [GMT -4:00] . AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\ACS.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\system32\E_S00RP1.EXE C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\mfevtps.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Auslogics\Auslogics BoostSpeed\TaskManager.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bmw-online.com/ uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch_1.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [\\Teh-6\EPSON Stylus C88 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaba.exe /p31 "\\teh-6\EPSON Stylus C88 Series" /M "Stylus C88" /EF "HKCU" uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [TPNF] c:\program files\toshiba\touchpad\TPTray.exe mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN mRun: [\\TEH-6\EPSON Stylus C88 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaba.exe /p31 "\\teh-6\epson stylus c88 series" /o17 "\\teh-6\EPSON_C88" /M "Stylus C88" mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [\\TEH-6.SaratogaDirect.local\EPSON Stylus C88 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaba.exe /p52 "\\teh-6.saratogadirect.local\EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88" mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe mRun: [CeEKEY] c:\program files\toshiba\e-key\CeEKey.exe mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [\\Teh-1\EPSON Stylus C88 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaba.exe /p31 "\\teh-1\EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm IE: Download Link Using Mega Manager... - c:\program files\megaupload\mega manager\mm_file.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://active.macromedia.com/flash4/cabs/swflash.cab TCP: DhcpNameServer = 192.168.1.66 4.2.2.1 4.2.2.2 TCP: Interfaces\{C9484E05-C1E7-4D2F-ACE3-60F4A9B8DEF3} : DhcpNameServer = 192.168.1.66 4.2.2.1 4.2.2.2 Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\ian\application data\mozilla\firefox\profiles\xmzcy18e.default\ FF - prefs.js: browser.startup.homepage - hxxp://nytimes.com/|http://www.reuters.com/finance/markets FF - plugin: c:\documents and settings\ian\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll FF - plugin: c:\program files\opera\program\plugins\NPFgc1.dll FF - plugin: c:\program files\opera\program\plugins\NPFgc2.dll FF - plugin: c:\program files\opera\program\plugins\NPFgc3.dll FF - plugin: c:\program files\opera\program\plugins\npmmaud.dll FF - plugin: c:\program files\opera\program\plugins\npmmprog.dll FF - plugin: c:\program files\opera\program\plugins\npmmvid.dll FF - plugin: c:\program files\opera\program\plugins\npmmzip.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint_03050024.dll . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-11-18 340592] R1 SafDskNT;SafDskNT;c:\windows\system32\drivers\SafDskNT.sys [2002-2-12 77824] R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-3-24 118784] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-9 366640] R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2008-9-29 19456] R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744] R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-9-29 143088] R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-9-29 62800] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-11-18 67904] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-9 22712] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-11-18 90360] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-11-18 42424] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-11-18 64432] S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-1-13 1251720] . =============== Created Last 30 ================ . 2011-06-10 02:23:54 138 ----a-w- c:\documents and settings\ian\application data\um0unx4ss.bat 2011-06-10 02:23:37 0 ----a-w- c:\windows\Hlazu.bin 2011-06-10 02:23:28 -------- d-----w- c:\documents and settings\ian\local settings\application data\{1BD52215-9420-41B1-8B5D-04239F014C59} 2011-06-10 02:21:30 86528 --sha-r- c:\windows\system32\rdsaddint.dll 2011-06-10 02:21:30 86528 --sha-r- c:\windows\system32\odbc32M.dll 2011-06-10 02:21:30 86528 --sha-r- c:\windows\system32\btw_cif.dll 2011-06-05 04:27:55 -------- d-----w- c:\documents and settings\ian\application data\Auslogics 2011-06-02 18:20:50 -------- d-----w- c:\program files\MSECache 2011-05-18 15:59:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-17 23:19:46 -------- d-----w- c:\program files\FFMPEG Core Files 2011-05-17 23:19:37 -------- d-----w- c:\program files\OpenSource AVI Splitter . ==================== Find3M ==================== . 2011-06-14 18:06:50 61264 ----a-w- c:\windows\system32\GlyphInfo.bin 2011-06-14 18:06:50 210244 ----a-w- c:\windows\system32\FontInfo.bin 2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-09 02:28:05 7734240 ----a-w- C:\mbam-setup.exe 2011-04-21 01:19:45 45 ----a-w- c:\windows\system32\stopSvc.bat 2011-04-21 01:19:45 260 ----a-w- c:\windows\system32\cmdVBS.vbs 2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll 2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe . ============= FINISH: 20:51:53.33 =============== attach_and_ark.zip mbam-log-2011-06-15 (12-37-51).zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.