Jump to content

Is my computer clean?


Recommended Posts

Okay, don't worry.

Please download PragmaFix and double click on it to run it.

A log will open, when scan is done.

Post the log.

Note: When you run PragmaFix you need an active internet connection!

Here is the PragmaFix log:

---------------------------------------------------

Sun 06/27/2010 5:49:38.04

No embedded null keys found

Link to post
Share on other sites

  • Replies 101
  • Created
  • Last Reply

Top Posters In This Topic

  1. Please download Dial-A-Fix from one of the following mirrors:

[*]Extract the zip file to your desktop.

[*]Double click Dial-a-Fix.exe to start the program.

[*]Press the green double checkmark box (Looks like this: checkmark.png)

[*]UNcheck "Empty Temp Folders", as well as "Adjust Time/Date" in the prep section. The prep section should then look like this:

toUncheck.png

[*]When the window looks like this, press the GO button in the bottom of the window.

mainWindow.png

[*]Exit/Close Dial-A-Fix

Link to post
Share on other sites

  1. Please download Dial-A-Fix from one of the following mirrors:

[*]Extract the zip file to your desktop.

[*]Double click Dial-a-Fix.exe to start the program.

[*]Press the green double checkmark box (Looks like this: checkmark.png)

[*]UNcheck "Empty Temp Folders", as well as "Adjust Time/Date" in the prep section. The prep section should then look like this:

toUncheck.png

[*]When the window looks like this, press the GO button in the bottom of the window.

mainWindow.png

[*]Exit/Close Dial-A-Fix

Hello -

Here's the Dial a Fix Log:

-----------------------------------------------------------------------------------

8:27:23 PM | Dial-a-fix was unable to determine your version of Internet Explorer

Notes about this log:

1) "->" denotes an external command being executed, and "-> (number)" indicates

the return code from the previous command

2) Not all external command return codes are accurate, or useful

3) Sometimes commands return 0 (no error) even when they fail or crash

4) If an error occurs while registering an object, please send an email to:

dial-a-fix@DjLizard.net and include a copy of this log

DAF version: v0.60.0.24

--- System info ---

OS: Microsoft Windows XP Service Pack 3

IE version: 8.0.6001.18702

MPC: 55277-OEM

CPU: Intel® Pentium® 4 CPU 2.20GHz (~2190MHz)

BIOS: 3/24/2003

Memory (approx): 1022MB

Uptime: 15 hour(s)

Current directory: C:\Documents and Settings\Linda Cross\Desktop\Dial-a-fix-v0.60.0.24

---

6/27/2010 8:27:23 PM -- Dial-a-fix : [v0.60.0.24] -- started

8:27:23 PM | Policy scan started

8:27:23 PM | Policy scan ended - no restrictive policies were found

--- MSI ---

8:28:37 PM | Registered: C:\WINDOWS\system32\msi.dll

--- Windows Update ---

--- Registration: Windows Update/Automatic Update DLLs ---

8:28:52 PM | Unregistered: C:\WINDOWS\system32\msxml.dll

8:28:52 PM | Registered: C:\WINDOWS\system32\msxml.dll

8:28:53 PM | Unregistered: C:\WINDOWS\system32\msxml2.dll

8:28:53 PM | Registered: C:\WINDOWS\system32\msxml2.dll

8:29:19 PM | Unregistered: C:\WINDOWS\system32\msxml3.dll

8:29:20 PM | Registered: C:\WINDOWS\system32\msxml3.dll

8:29:20 PM | Unregistered: C:\WINDOWS\system32\qmgr.dll

8:29:20 PM | Registered: C:\WINDOWS\system32\qmgr.dll

8:29:21 PM | Unregistered: C:\WINDOWS\system32\qmgrprxy.dll

8:29:21 PM | Registered: C:\WINDOWS\system32\qmgrprxy.dll

8:29:21 PM | Unregistered: C:\WINDOWS\system32\muweb.dll

8:29:21 PM | Registered: C:\WINDOWS\system32\muweb.dll

8:29:21 PM | Unregistered: C:\WINDOWS\system32\winhttp.dll

8:29:21 PM | Registered: C:\WINDOWS\system32\winhttp.dll

8:29:22 PM | Registered: C:\WINDOWS\system32\wuapi.dll

8:29:22 PM | Unregistered: C:\WINDOWS\system32\wuaueng.dll

8:29:23 PM | Registered: C:\WINDOWS\system32\wuaueng.dll

8:29:24 PM | Unregistered: C:\WINDOWS\system32\wuaueng1.dll

8:29:24 PM | Registered: C:\WINDOWS\system32\wuaueng1.dll

8:29:24 PM | Unregistered: C:\WINDOWS\system32\wucltui.dll

8:29:24 PM | Registered: C:\WINDOWS\system32\wucltui.dll

8:29:24 PM | Unregistered: C:\WINDOWS\system32\wups.dll

8:29:24 PM | Registered: C:\WINDOWS\system32\wups.dll

8:29:24 PM | Unregistered: C:\WINDOWS\system32\wups2.dll

8:29:24 PM | Registered: C:\WINDOWS\system32\wups2.dll

8:29:24 PM | Unregistered: C:\WINDOWS\system32\wuweb.dll

8:29:24 PM | Registered: C:\WINDOWS\system32\wuweb.dll

8:29:24 PM | Registered: C:\WINDOWS\system32\ole32.dll

--- SSL/HTTPS/Cryptography ---

8:29:38 PM | Executed 'cmd.exe /c rmdir /q /s C:\WINDOWS\system32\Catroot2'

--- Registration: SSL/HTTPS/Cryptography ---

8:29:43 PM | Unregistered: C:\WINDOWS\system32\cryptdlg.dll

8:29:43 PM | Registered: C:\WINDOWS\system32\cryptdlg.dll

8:29:43 PM | Unregistered: C:\WINDOWS\system32\cryptui.dll

8:29:43 PM | Registered: C:\WINDOWS\system32\cryptui.dll

8:29:43 PM | Unregistered: C:\WINDOWS\system32\cryptext.dll

8:29:43 PM | Registered: C:\WINDOWS\system32\cryptext.dll

8:29:43 PM | Unregistered: C:\WINDOWS\system32\dssenh.dll

8:29:43 PM | Registered: C:\WINDOWS\system32\dssenh.dll

8:29:44 PM | Unregistered: C:\WINDOWS\system32\gpkcsp.dll

8:29:44 PM | Registered: C:\WINDOWS\system32\gpkcsp.dll

8:29:44 PM | Unregistered: C:\WINDOWS\system32\initpki.dll

8:33:34 PM | Registered: C:\WINDOWS\system32\initpki.dll

8:33:35 PM | Unregistered: C:\WINDOWS\system32\licdll.dll

8:33:35 PM | Registered: C:\WINDOWS\system32\licdll.dll

8:33:35 PM | Unregistered: C:\WINDOWS\system32\mssign32.dll

8:33:35 PM | Registered: C:\WINDOWS\system32\mssign32.dll

8:33:35 PM | Unregistered: C:\WINDOWS\system32\mssip32.dll

8:33:35 PM | Registered: C:\WINDOWS\system32\mssip32.dll

8:33:37 PM | Unregistered: C:\WINDOWS\system32\scardssp.dll

8:33:37 PM | Registered: C:\WINDOWS\system32\scardssp.dll

8:33:37 PM | Unregistered: C:\WINDOWS\system32\sccbase.dll

8:33:37 PM | Registered: C:\WINDOWS\system32\sccbase.dll

8:33:37 PM | Unregistered: C:\WINDOWS\system32\scecli.dll

8:33:37 PM | Registered: C:\WINDOWS\system32\scecli.dll

8:33:38 PM | Unregistered: C:\WINDOWS\system32\softpub.dll

8:33:38 PM | Registered: C:\WINDOWS\system32\softpub.dll

8:33:38 PM | Unregistered: C:\WINDOWS\system32\slbcsp.dll

8:33:38 PM | Registered: C:\WINDOWS\system32\slbcsp.dll

8:33:38 PM | Unregistered: C:\WINDOWS\system32\regwizc.dll

8:33:38 PM | Registered: C:\WINDOWS\system32\regwizc.dll

8:33:38 PM | Unregistered: C:\WINDOWS\system32\rsaenh.dll

8:33:38 PM | Registered: C:\WINDOWS\system32\rsaenh.dll

8:33:39 PM | Unregistered: C:\WINDOWS\system32\winhttp.dll

8:33:39 PM | Registered: C:\WINDOWS\system32\winhttp.dll

8:33:39 PM | Unregistered: C:\WINDOWS\system32\wintrust.dll

8:33:39 PM | Registered: C:\WINDOWS\system32\wintrust.dll

--- Registration: ActiveX controls/codecs ---

8:33:40 PM | Registered: C:\WINDOWS\system32\acelpdec.ax

8:33:40 PM | Registered: C:\WINDOWS\system32\actxprxy.dll

8:33:40 PM | Registered: C:\WINDOWS\system32\asctrls.ocx

8:33:40 PM | Registered: C:\WINDOWS\system32\daxctle.ocx

8:33:41 PM | Registered: C:\WINDOWS\system32\hhctrl.ocx

8:33:41 PM | Registered: C:\WINDOWS\system32\l3codecx.ax

8:33:41 PM | Registered: C:\WINDOWS\system32\licmgr10.dll

8:33:41 PM | Registered: C:\WINDOWS\system32\mpg4ds32.ax

8:33:51 PM | Registered: C:\WINDOWS\system32\msdxm.ocx

8:33:51 PM | Registered: C:\WINDOWS\system32\proctexe.ocx

8:33:51 PM | Registered: C:\WINDOWS\system32\tdc.ocx

8:33:52 PM | Registered: C:\WINDOWS\system32\wshom.ocx

--- Registration: Control Panel applets ---

8:33:52 PM | DllInstalled: C:\WINDOWS\system32\inetcpl.cpl

8:33:52 PM | DllInstalled: C:\WINDOWS\system32\appwiz.cpl

8:33:52 PM | Registered: C:\WINDOWS\system32\appwiz.cpl

8:33:52 PM | DllInstalled: C:\WINDOWS\system32\nusrmgr.cpl

8:33:53 PM | Registered: C:\WINDOWS\system32\nusrmgr.cpl

--- Registration: Direct[X|Draw|Show|Media] ---

8:33:53 PM | Registered: C:\WINDOWS\system32\quartz.dll

8:33:54 PM | Registered: C:\WINDOWS\system32\danim.dll

8:33:54 PM | Registered: C:\WINDOWS\system32\dmscript.dll

8:33:54 PM | Registered: C:\WINDOWS\system32\dmstyle.dll

8:33:55 PM | Registered: C:\WINDOWS\system32\dxmasf.dll

8:33:55 PM | Registered: C:\WINDOWS\system32\dxtmsft.dll

8:33:55 PM | Registered: C:\WINDOWS\system32\dxtrans.dll

8:33:55 PM | Registered: C:\WINDOWS\system32\sbe.dll

--- Registration: Programming cores/runtimes ---

8:33:55 PM | Registered: C:\WINDOWS\system32\atl.dll

8:33:55 PM | Registered: C:\WINDOWS\system32\corpol.dll

8:33:55 PM | Registered: C:\WINDOWS\system32\jscript.dll

8:33:55 PM | Registered: C:\WINDOWS\system32\dispex.dll

8:33:55 PM | Registered: C:\WINDOWS\system32\scrrun.dll

8:33:55 PM | Registered: C:\WINDOWS\system32\scrobj.dll

8:33:56 PM | Registered: C:\WINDOWS\system32\vbscript.dll

8:33:56 PM | Registered: C:\WINDOWS\system32\wshext.dll

--- Registration: Explorer/IE/OE/shell/WMP ---

8:33:56 PM | Registered: C:\WINDOWS\system32\activeds.dll

8:33:56 PM | Registered: C:\WINDOWS\system32\audiodev.dll

8:33:57 PM | DllInstalled: C:\WINDOWS\system32\browseui.dll

8:33:57 PM | Registered: C:\WINDOWS\system32\browseui.dll

8:33:57 PM | Registered: C:\WINDOWS\system32\browsewm.dll

8:33:58 PM | Registered: C:\WINDOWS\system32\cabview.dll

8:33:58 PM | Registered: C:\WINDOWS\system32\cdfview.dll

8:33:58 PM | Registered: C:\WINDOWS\system32\clbcatex.dll

8:33:58 PM | Registered: C:\WINDOWS\system32\clbcatq.dll

8:33:58 PM | Registered: C:\WINDOWS\system32\comcat.dll

8:33:58 PM | Registered: C:\WINDOWS\system32\cscui.dll

8:33:58 PM | Registered: C:\WINDOWS\system32\credui.dll

8:33:58 PM | Registered: C:\WINDOWS\system32\datime.dll

8:33:58 PM | Registered: C:\WINDOWS\system32\devmgr.dll

8:33:59 PM | Registered: C:\WINDOWS\system32\dfsshlex.dll

8:33:59 PM | Registered: C:\WINDOWS\system32\dmdlgs.dll

8:33:59 PM | Registered: C:\WINDOWS\system32\dmdskmgr.dll

8:33:59 PM | Registered: C:\WINDOWS\system32\dmloader.dll

8:33:59 PM | Registered: C:\WINDOWS\system32\dmocx.dll

8:33:59 PM | Registered: C:\WINDOWS\system32\dmview.ocx

8:33:59 PM | DllInstalled: C:\WINDOWS\system32\dsuiext.dll

8:33:59 PM | Registered: C:\WINDOWS\system32\dsuiext.dll

8:33:59 PM | DllInstalled: C:\WINDOWS\system32\dsquery.dll

8:34:00 PM | Registered: C:\WINDOWS\system32\dsquery.dll

8:34:00 PM | Registered: C:\WINDOWS\system32\dskquoui.dll

8:34:00 PM | Registered: C:\WINDOWS\system32\els.dll

8:34:00 PM | Registered: C:\WINDOWS\system32\es.dll

8:34:00 PM | Registered: C:\WINDOWS\system32\fontext.dll

8:34:01 PM | Registered: C:\WINDOWS\system32\hlink.dll

8:34:01 PM | Registered: C:\WINDOWS\system32\hnetcfg.dll

8:34:01 PM | Registered: C:\WINDOWS\system32\iedkcs32.dll

8:34:01 PM | Registered: C:\WINDOWS\system32\iepeers.dll

8:34:01 PM | Error 127: C:\WINDOWS\system32\iesetup.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702

8:37:31 PM | Error 127: C:\WINDOWS\system32\iesetup.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702

8:38:38 PM | Registered: C:\WINDOWS\system32\ils.dll

8:38:38 PM | Error 127: C:\WINDOWS\system32\imgutil.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702

8:39:49 PM | Registered: C:\WINDOWS\system32\inetcfg.dll

8:39:50 PM | Registered: C:\WINDOWS\system32\inetcomm.dll

8:39:50 PM | Error 127: C:\WINDOWS\system32\inseng.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702

8:41:17 PM | Error 127: C:\WINDOWS\system32\inseng.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702

8:42:47 PM | Registered: C:\WINDOWS\system32\laprxy.dll

8:42:48 PM | Registered: C:\WINDOWS\system32\lmrt.dll

8:42:48 PM | Registered: C:\WINDOWS\system32\mlang.dll

8:42:49 PM | Registered: C:\WINDOWS\system32\mmcndmgr.dll

8:42:49 PM | Registered: C:\WINDOWS\system32\mmcshext.dll

8:42:50 PM | Registered: C:\WINDOWS\system32\mscoree.dll

8:42:50 PM | Error 127: C:\WINDOWS\system32\mshtml.dll is not registerable or the file is corrupted. Version: 8.00.6001.18928

8:44:46 PM | Error 127: C:\WINDOWS\system32\mshtml.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18928

8:46:26 PM | Registered: C:\WINDOWS\system32\mshtmled.dll

8:46:26 PM | Registered: C:\WINDOWS\system32\msieftp.dll

8:46:27 PM | Registered: C:\WINDOWS\system32\msoeacct.dll

8:46:27 PM | Registered: C:\WINDOWS\system32\msr2c.dll

8:46:27 PM | Error 127: C:\WINDOWS\system32\msrating.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702

8:48:17 PM | DllInstalled: C:\WINDOWS\system32\mydocs.dll

8:48:17 PM | Registered: C:\WINDOWS\system32\mydocs.dll

8:48:17 PM | Registered: C:\WINDOWS\system32\mstime.dll

8:48:18 PM | Registered: C:\WINDOWS\system32\netcfgx.dll

8:48:18 PM | DllInstalled: C:\WINDOWS\system32\netplwiz.dll

8:48:18 PM | Registered: C:\WINDOWS\system32\netplwiz.dll

8:48:18 PM | Registered: C:\WINDOWS\system32\netman.dll

8:48:19 PM | Registered: C:\WINDOWS\system32\netshell.dll

8:48:19 PM | Registered: C:\WINDOWS\system32\ntmsevt.dll

8:48:19 PM | Registered: C:\WINDOWS\system32\ntmsmgr.dll

8:48:19 PM | DllInstalled: C:\WINDOWS\system32\ntmssvc.dll

8:48:19 PM | Registered: C:\WINDOWS\system32\ntmssvc.dll

8:48:19 PM | Error 127: C:\WINDOWS\system32\occache.dll is not registerable or the file is corrupted. Version: 8.00.6001.18923

8:50:07 PM | Error 127: C:\WINDOWS\system32\occache.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18923

8:51:28 PM | Registered: C:\WINDOWS\system32\ole32.dll

8:51:28 PM | Registered: C:\WINDOWS\system32\oleaut32.dll

8:51:28 PM | Registered: C:\WINDOWS\system32\oleacc.dll

8:51:28 PM | Registered: C:\WINDOWS\system32\olepro32.dll

8:51:28 PM | DllInstalled: C:\WINDOWS\system32\photowiz.dll

8:51:28 PM | Registered: C:\WINDOWS\system32\photowiz.dll

8:51:28 PM | Error 127: C:\WINDOWS\system32\pngfilt.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702

8:53:26 PM | Registered: C:\WINDOWS\system32\remotepg.dll

8:53:26 PM | Registered: C:\WINDOWS\system32\rpcrt4.dll

8:53:26 PM | Registered: C:\WINDOWS\system32\rshx32.dll

8:53:26 PM | Registered: C:\WINDOWS\system32\sendmail.dll

8:53:26 PM | Registered: C:\WINDOWS\system32\slayerxp.dll

8:53:31 PM | DllInstalled: C:\WINDOWS\system32\shdocvw.dll

8:53:31 PM | Registered: C:\WINDOWS\system32\shdocvw.dll

8:53:31 PM | Registered: C:\WINDOWS\system32\shell32.dll

8:53:39 PM | DllInstalled: C:\WINDOWS\system32\shell32.dll

8:53:39 PM | Registered: C:\WINDOWS\system32\shmedia.dll

8:53:39 PM | DllInstalled: C:\WINDOWS\system32\shimgvw.dll

8:53:40 PM | Registered: C:\WINDOWS\system32\shimgvw.dll

8:53:40 PM | DllInstalled: C:\WINDOWS\system32\shsvcs.dll

8:53:41 PM | Registered: C:\WINDOWS\system32\shsvcs.dll

8:53:41 PM | Registered: C:\WINDOWS\system32\srclient.dll

8:53:41 PM | Unregistered: C:\WINDOWS\system32\stobject.dll

8:53:41 PM | Registered: C:\WINDOWS\system32\stobject.dll

8:53:41 PM | DllInstalled: C:\WINDOWS\system32\themeui.dll

8:53:42 PM | Registered: C:\WINDOWS\system32\themeui.dll

8:53:42 PM | Registered: C:\WINDOWS\system32\twext.dll

8:53:44 PM | DllInstalled: C:\WINDOWS\system32\urlmon.dll

8:53:45 PM | Registered: C:\WINDOWS\system32\urlmon.dll

8:53:45 PM | Registered: C:\WINDOWS\system32\userenv.dll

8:53:45 PM | Error 127: C:\WINDOWS\system32\webcheck.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702

8:55:50 PM | Error 127: C:\WINDOWS\system32\webcheck.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702

8:57:14 PM | Registered: C:\WINDOWS\system32\webvw.dll

8:57:15 PM | Registered: C:\WINDOWS\system32\winhttp.dll

8:57:15 PM | DllInstalled: C:\WINDOWS\system32\wininet.dll

8:57:15 PM | Registered: C:\WINDOWS\system32\zipfldr.dll

8:57:15 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdadc.dll

8:57:15 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaenum.dll

8:57:15 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaer.dll

8:57:18 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaipp.dll

8:57:19 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaora.dll

8:57:19 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaosp.dll

8:57:20 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaps.dll

8:57:20 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdasc.dll

8:57:20 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdasql.dll

8:57:20 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdatt.dll

8:57:21 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaurl.dll

8:57:23 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdmeng.dll

8:57:23 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdmine.dll

8:57:23 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msmdcb80.dll

8:57:26 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msmdgd80.dll

8:57:27 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msolap80.dll

8:57:27 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msolui80.dll

8:57:27 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msxactps.dll

8:57:27 PM | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32.dll

8:57:27 PM | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32r.dll

8:57:27 PM | Registered: C:\Program Files\Common Files\system\Ole DB\sqloledb.dll

8:57:28 PM | Registered: C:\Program Files\Common Files\system\Ole DB\sqlxmlx.dll

Link to post
Share on other sites

Thanks!

Please post a new fresh DDS log again.

Here is the new DDS log -

-----------------------------------------------

DDS (Ver_10-03-17.01) - NTFSx86

Run by Linda Cross at 5:31:08.12 on Mon 06/28/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.473 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Documents and Settings\Linda Cross\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://phoenix.cox.net/cci/home

uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

mURLSearchHooks: H - No File

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll

EB: {FE54FA40-D68C-11D2-98FA-00C0F0318AFE} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

StartupFolder: c:\docume~1\lindac~1\startm~1\programs\startup\setup_~1.lnk - c:\documents and settings\linda cross\desktop\virus removal tool\setup_9.0.0.722_27.06.2010_15-46\startup.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: alpineaccess.com

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: musicmatch.com\online

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238559981937

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5957/mcfscan.cab

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

LSA: Notification Packages = scecli

============= SERVICES / DRIVERS ===============

R0 93245022;93245022 Boot Guard Driver;c:\windows\system32\drivers\93245022.sys [2010-6-27 37392]

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-10-5 385536]

R1 93245021;93245021;c:\windows\system32\drivers\93245021.sys [2010-6-27 128016]

R1 bfbe;bfbe;c:\windows\system32\bfbe.sys [2010-4-21 75264]

R1 setup_9.0.0.722_27.06.2010_15-46drv;setup_9.0.0.722_27.06.2010_15-46drv;c:\windows\system32\drivers\9324502.sys [2010-6-27 315408]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-5-12 203280]

R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-5-12 359952]

R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-5-12 144704]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-5-12 606736]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-4-16 79816]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-10-5 35272]

R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-10-5 40552]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S1 MpKsla3c22b50;MpKsla3c22b50;\??\c:\windows\system32\mpenginestore\mpksla3c22b50.sys --> c:\windows\system32\mpenginestore\MpKsla3c22b50.sys [?]

S2 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" --> c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [?]

S3 diskchk;diskchk;\??\c:\windows\system32\diskchk.sys --> c:\windows\system32\diskchk.sys [?]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-10-5 34248]

S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]

S3 utqxodiy;AVZ Kernel Driver;c:\windows\system32\drivers\utqxodiy.sys [2010-6-1 7168]

=============== Created Last 30 ================

2010-06-28 03:29:54 0 d-----w- c:\windows\system32\CatRoot2

2010-06-27 12:47:01 162616 ----a-w- c:\windows\RegDelNull.exe

2010-06-27 12:25:44 37392 ----a-w- c:\windows\system32\drivers\93245022.sys

2010-06-27 12:25:44 315408 ----a-w- c:\windows\system32\drivers\9324502.sys

2010-06-27 12:25:44 128016 ----a-w- c:\windows\system32\drivers\93245021.sys

2010-06-24 14:06:58 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll

2010-06-24 14:05:59 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys

2010-06-24 14:04:58 12288 ----a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll

2010-06-24 14:03:59 75392 ----a-w- c:\windows\system32\dllcache\s3savmxm.sys

2010-06-24 14:02:58 83748 ----a-w- c:\windows\system32\dllcache\prcp.nls

2010-06-24 14:01:43 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys

2010-06-24 14:00:59 7168 ----a-w- c:\windows\system32\dllcache\mxport.dll

2010-06-24 14:00:59 19968 ----a-w- c:\windows\system32\dllcache\mxnic.sys

2010-06-24 14:00:58 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll

2010-06-24 14:00:57 21888 ----a-w- c:\windows\system32\dllcache\mxcard.sys

2010-06-24 14:00:56 229439 ----a-w- c:\windows\system32\dllcache\multibox.dll

2010-06-24 14:00:56 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys

2010-06-24 14:00:43 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys

2010-06-24 14:00:42 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys

2010-06-24 14:00:36 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys

2010-06-24 14:00:13 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys

2010-06-24 14:00:10 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys

2010-06-24 14:00:10 1875968 ----a-w- c:\windows\system32\dllcache\msir3jp.lex

2010-06-24 14:00:09 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll

2010-06-24 13:58:58 58368 ----a-w- c:\windows\system32\dllcache\m3091dc.dll

2010-06-24 13:57:58 45632 ----a-w- c:\windows\system32\dllcache\ip5515.sys

2010-06-24 13:56:59 165888 ----a-w- c:\windows\system32\dllcache\hpgt53.dll

2010-06-24 13:55:59 31744 ----a-w- c:\windows\system32\dllcache\esucmd.dll

2010-06-24 13:54:59 91305 ----a-w- c:\windows\system32\dllcache\dimaint.sys

2010-06-24 13:53:59 248064 ----a-w- c:\windows\system32\dllcache\cl546xm.sys

2010-06-24 13:52:59 180258 ----a-w- c:\windows\system32\dllcache\c_20000.nls

2010-06-24 13:51:59 26880 ----a-w- c:\windows\system32\dllcache\atirtsnd.sys

2010-06-24 13:50:40 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll

2010-06-19 14:13:27 0 d-----w- c:\documents and settings\linda cross\DoctorWeb

2010-06-15 05:26:32 0 d-sha-r- C:\cmdcons

2010-06-09 05:37:16 3247 ----a-w- c:\windows\system32\wbem\Outlook_01cb0795d19cf67c.mof

2010-06-08 22:39:42 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-02 23:04:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-02 23:04:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-01 12:34:50 0 ----a-w- c:\documents and settings\linda cross\defogger_reenable

2010-06-01 07:14:37 7168 ----a-w- c:\windows\system32\drivers\utqxodiy.sys

==================== Find3M ====================

2010-05-24 22:27:36 4224 ----a-w- c:\windows\system32\drivers\RDPCDD.SYS

2010-05-24 22:27:36 4224 ----a-w- c:\windows\system32\dllcache\rdpcdd.sys

2010-05-21 21:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-20 13:28:55 7304 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg

2010-05-20 01:55:10 7000064 ---ha-w- C:\SZKGFS.dat

2010-05-19 18:36:48 112 ----a-w- c:\docume~1\alluse~1\applic~1\JOJr2m.dat

2010-05-05 13:30:57 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\dllcache\win32k.sys

2010-04-26 22:58:12 256512 ----a-w- c:\windows\PEV.exe

2010-04-21 17:15:23 75264 ----a-w- c:\windows\system32\bfbe.sys

2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\dllcache\atmfd.dll

2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-06 11:52:46 2462720 ----a-w- c:\windows\system32\dllcache\wmvcore.dll

2008-07-26 20:59:27 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008072620080727\index.dat

============= FINISH: 5:33:21.78 ===============

Attach.zip

Link to post
Share on other sites

Step 1

Please, uninstall the following applications:

  1. Adobe Reader 8.2.2

You can read, how to this here:

Step 2

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it back when you reply
    Then look for the following Java folders and if found delete them.
    C:\Program Files\Java
    C:\Program Files\Common Files\Java
    C:\Windows\Sun
    C:\Documents and Settings\All Users\Application Data\Java
    C:\Documents and Settings\All Users\Application Data\Sun\Java
    C:\Documents and Settings\username\Application Data\Java
    C:\Documents and Settings\username\Application Data\Sun\Java

Step 3

Open Notepad and copy and paste the text in the code box below into it:

KillAll::

Driver::
93245022
9324502
93245021
lbd

File::
C:\SZKGFS.dat
c:\documents and settings\All Users\Application Data\JOJr2m.dat

Folder::
c:\program files\common files\symantec shared

DDS::
mURLSearchHooks: H - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {FE54FA40-D68C-11D2-98FA-00C0F0318AFE} - No File

Domains::

MBR::

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

Step 1

Please, uninstall the following applications:

  1. Adobe Reader 8.2.2

You can read, how to this here:

Step 2

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it back when you reply
    Then look for the following Java folders and if found delete them.
    C:\Program Files\Java
    C:\Program Files\Common Files\Java
    C:\Windows\Sun
    C:\Documents and Settings\All Users\Application Data\Java
    C:\Documents and Settings\All Users\Application Data\Sun\Java
    C:\Documents and Settings\username\Application Data\Java
    C:\Documents and Settings\username\Application Data\Sun\Java

Step 3

Open Notepad and copy and paste the text in the code box below into it:

KillAll::

Driver::
93245022
9324502
93245021
lbd

File::
C:\SZKGFS.dat
c:\documents and settings\All Users\Application Data\JOJr2m.dat

Folder::
c:\program files\common files\symantec shared

DDS::
mURLSearchHooks: H - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {FE54FA40-D68C-11D2-98FA-00C0F0318AFE} - No File

Domains::

MBR::

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

HELLO AGAIN -

Here are my logs - First the ComboFix then the JavaRa:

ComboFix 10-06-27.06 - Linda Cross 06/28/2010 22:05:20.4.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.586 [GMT -7:00]

Running from: c:\documents and settings\Linda Cross\Desktop\Combo-Fix.exe

Command switches used :: c:\documents and settings\Linda Cross\Desktop\CFScript.txt

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::

"c:\documents and settings\All Users\Application Data\JOJr2m.dat"

"C:\SZKGFS.dat"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\JOJr2m.dat

c:\program files\common files\symantec shared

c:\program files\common files\symantec shared\CCPD-LC\ez_log.html

c:\program files\common files\symantec shared\CCPD-LC\symlcnet.dll

c:\program files\common files\symantec shared\CCPD-LC\symlcrst.dll

c:\program files\common files\symantec shared\SPManifests\symcleng.grd

c:\program files\common files\symantec shared\SPManifests\symcleng.sig

c:\program files\common files\symantec shared\SPManifests\symcleng.spm

c:\program files\common files\symantec shared\VirusDefs\20070329.032\NAVEX15.VXD

c:\program files\common files\symantec shared\VirusDefs\20070329.032\NAVEX32A.DLL

c:\program files\common files\symantec shared\VirusDefs\20070329.032\NCSACERT.TXT

c:\program files\common files\symantec shared\VirusDefs\20070329.032\SCRAUTH.DAT

c:\program files\common files\symantec shared\VirusDefs\20070329.032\SYMAVENG.CAT

c:\program files\common files\symantec shared\VirusDefs\20070329.032\SYMAVENG.INF

c:\program files\common files\symantec shared\VirusDefs\20070329.032\SYMERASE.CAT

c:\program files\common files\symantec shared\VirusDefs\20070329.032\SYMERASE.INF

c:\program files\common files\symantec shared\VirusDefs\20070329.032\TCDEFS.DAT

c:\program files\common files\symantec shared\VirusDefs\20070329.032\TCSCAN7.DAT

c:\program files\common files\symantec shared\VirusDefs\20070329.032\TCSCAN8.DAT

c:\program files\common files\symantec shared\VirusDefs\20070329.032\TCSCAN9.DAT

c:\program files\common files\symantec shared\VirusDefs\20070329.032\TECHNOTE.TXT

c:\program files\common files\symantec shared\VirusDefs\20070329.032\TINF.DAT

c:\program files\common files\symantec shared\VirusDefs\20070329.032\TINFIDX.DAT

c:\program files\common files\symantec shared\VirusDefs\20070329.032\TINFL.DAT

c:\program files\common files\symantec shared\VirusDefs\20070329.032\TSCAN1.DAT

c:\program files\common files\symantec shared\VirusDefs\20070329.032\TSCAN1HD.DAT

c:\program files\common files\symantec shared\VirusDefs\20070329.032\V.GRD

c:\program files\common files\symantec shared\VirusDefs\20070329.032\V.SIG

c:\program files\common files\symantec shared\VirusDefs\20070329.032\VIRSCAN.INF

c:\program files\common files\symantec shared\VirusDefs\20070329.032\VIRSCAN1.DAT

c:\program files\common files\symantec shared\VirusDefs\20070329.032\VIRSCAN2.DAT

c:\program files\common files\symantec shared\VirusDefs\20070329.032\VIRSCAN3.DAT

c:\program files\common files\symantec shared\VirusDefs\20070329.032\VIRSCAN4.DAT

c:\program files\common files\symantec shared\VirusDefs\20070329.032\VIRSCAN5.DAT

c:\program files\common files\symantec shared\VirusDefs\20070329.032\VIRSCAN6.DAT

c:\program files\common files\symantec shared\VirusDefs\20070329.032\VIRSCAN7.DAT

c:\program files\common files\symantec shared\VirusDefs\20070329.032\VIRSCAN8.DAT

c:\program files\common files\symantec shared\VirusDefs\20070329.032\VIRSCAN9.DAT

c:\program files\common files\symantec shared\VirusDefs\20070329.032\VIRSCANT.DAT

c:\program files\common files\symantec shared\VirusDefs\20070329.032\WHATSNEW.TXT

c:\program files\common files\symantec shared\VirusDefs\20070329.032\ZDONE.DAT

C:\SZKGFS.dat

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_93245021

-------\Legacy_93245022

-------\Legacy_LBD

-------\Service_93245021

-------\Service_93245022

-------\Service_Lbd

((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-29 )))))))))))))))))))))))))))))))

.

2010-06-29 04:18 . 2010-06-29 05:28 -------- d-----w- c:\windows\SxsCaPendDel

2010-06-28 03:29 . 2010-06-29 05:27 -------- d-----w- c:\windows\system32\CatRoot2

2010-06-27 12:47 . 2006-11-01 13:06 162616 ----a-w- c:\windows\RegDelNull.exe

2010-06-27 12:25 . 2009-10-22 20:54 37392 ----a-w- c:\windows\system32\drivers\93245022.sys

2010-06-27 12:25 . 2009-10-10 06:31 315408 ----a-w- c:\windows\system32\drivers\9324502.sys

2010-06-27 12:25 . 2009-09-26 00:59 128016 ----a-w- c:\windows\system32\drivers\93245021.sys

2010-06-24 14:06 . 2001-08-18 05:36 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll

2010-06-24 14:05 . 2001-08-17 19:12 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys

2010-06-24 14:04 . 2001-08-18 05:36 12288 ----a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll

2010-06-24 14:03 . 2001-08-17 19:50 75392 ----a-w- c:\windows\system32\dllcache\s3savmxm.sys

2010-06-24 14:02 . 2008-04-13 18:41 17664 ----a-w- c:\windows\system32\dllcache\ppa3.sys

2010-06-24 14:01 . 2001-08-17 19:50 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys

2010-06-24 14:00 . 2001-08-18 05:36 7168 ----a-w- c:\windows\system32\dllcache\mxport.dll

2010-06-24 14:00 . 2001-08-17 20:49 19968 ----a-w- c:\windows\system32\dllcache\mxnic.sys

2010-06-24 14:00 . 2001-08-18 05:36 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll

2010-06-24 14:00 . 2001-08-17 20:50 21888 ----a-w- c:\windows\system32\dllcache\mxcard.sys

2010-06-24 14:00 . 2002-08-29 10:00 229439 ----a-w- c:\windows\system32\dllcache\multibox.dll

2010-06-24 14:00 . 2001-08-17 19:50 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys

2010-06-24 14:00 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys

2010-06-24 14:00 . 2008-04-13 18:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys

2010-06-24 14:00 . 2001-08-17 20:48 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys

2010-06-24 14:00 . 2001-08-17 21:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys

2010-06-24 14:00 . 2008-04-13 18:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys

2010-06-24 14:00 . 2002-08-29 10:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll

2010-06-24 13:58 . 2001-08-18 05:36 58368 ----a-w- c:\windows\system32\dllcache\m3091dc.dll

2010-06-24 13:57 . 2001-08-17 19:12 45632 ----a-w- c:\windows\system32\dllcache\ip5515.sys

2010-06-24 13:56 . 2001-08-18 05:36 165888 ----a-w- c:\windows\system32\dllcache\hpgt53.dll

2010-06-24 13:55 . 2002-08-29 10:00 31744 ----a-w- c:\windows\system32\dllcache\esucmd.dll

2010-06-24 13:54 . 2001-08-17 19:13 91305 ----a-w- c:\windows\system32\dllcache\dimaint.sys

2010-06-24 13:53 . 2001-08-17 20:57 248064 ----a-w- c:\windows\system32\dllcache\cl546xm.sys

2010-06-24 13:52 . 2001-08-17 20:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys

2010-06-24 13:51 . 2001-08-17 19:49 26880 ----a-w- c:\windows\system32\dllcache\atirtsnd.sys

2010-06-24 13:50 . 2001-08-17 21:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll

2010-06-19 14:13 . 2010-06-19 15:06 -------- d-----w- c:\documents and settings\Linda Cross\DoctorWeb

2010-06-08 22:39 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-02 23:04 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-02 23:04 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-01 07:14 . 2010-06-02 05:23 7168 ----a-w- c:\windows\system32\drivers\utqxodiy.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-29 04:17 . 2003-05-28 23:31 -------- d-----w- c:\program files\Common Files\Adobe

2010-06-29 02:43 . 2009-10-06 05:33 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore

2010-06-28 12:20 . 2009-10-06 03:46 -------- d-----w- c:\program files\McAfee

2010-06-19 04:34 . 2007-10-02 20:17 -------- d-----w- c:\program files\My Kazaa Gold

2010-06-17 13:22 . 2009-10-20 21:09 -------- d-----w- c:\program files\Windows Defender

2010-06-17 13:22 . 2004-03-25 01:45 -------- d-----w- c:\program files\Lexmark X1100 Series

2010-06-15 05:20 . 2007-12-09 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-06-02 23:04 . 2010-04-29 03:23 -------- d-----w- c:\documents and settings\Linda Cross\Application Data\Malwarebytes

2010-06-02 23:04 . 2010-04-30 22:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-02 23:04 . 2010-04-29 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-05-24 22:27 . 2010-05-24 22:27 4224 ----a-w- c:\windows\system32\drivers\RDPCDD.SYS

2010-05-21 21:14 . 2009-10-20 21:18 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-20 17:09 . 2010-05-15 19:13 -------- d-----w- c:\program files\RegWork

2010-05-20 13:28 . 2010-05-20 12:47 7304 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg

2010-05-20 01:55 . 2010-05-20 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard

2010-05-20 01:53 . 2010-05-20 01:53 -------- d-----w- c:\program files\Common Files\iS3

2010-05-13 12:57 . 2009-12-21 14:13 -------- d-----w- c:\program files\VoiceScribe

2010-05-12 17:15 . 2009-10-06 03:36 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-05-12 16:28 . 2010-05-12 16:28 -------- d-----w- c:\program files\Common Files\McAfee

2010-05-12 16:28 . 2003-04-30 15:31 -------- d-----w- c:\program files\McAfee.com

2010-05-12 05:27 . 2003-05-12 01:18 105656 -c--a-w- c:\documents and settings\Linda Cross\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-05-11 06:01 . 2008-05-10 05:47 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2010-05-06 10:41 . 2004-08-24 03:32 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22 . 2002-08-29 10:00 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-30 22:18 . 2003-12-31 00:10 -------- d-----w- c:\program files\Watchtower

2010-04-25 23:39 . 2010-04-16 23:43 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-04-21 17:15 . 2010-04-21 17:15 75264 ----a-w- c:\windows\system32\bfbe.sys

2010-04-20 05:30 . 2002-08-29 10:00 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-16 23:43 . 2010-04-16 23:43 552 ----a-w- c:\windows\system32\d3d8caps.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\Linda Cross\Start Menu\Programs\Startup\

setup_9.0.0.722_27.06.2010_15-46.lnk - c:\documents and settings\Linda Cross\Desktop\Virus Removal Tool\setup_9.0.0.722_27.06.2010_15-46\startup.exe [2010-6-27 72208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=

"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=

"c:\\Program Files\\360Share\\Gui\\360Share.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R1 bfbe;bfbe;c:\windows\SYSTEM32\bfbe.sys [4/21/2010 10:15 AM 75264]

R1 setup_9.0.0.722_27.06.2010_15-46drv;setup_9.0.0.722_27.06.2010_15-46drv;c:\windows\SYSTEM32\DRIVERS\9324502.sys [6/27/2010 5:25 AM 315408]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/12/2010 9:33 AM 203280]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

S1 MpKsla3c22b50;MpKsla3c22b50;\??\c:\windows\system32\MpEngineStore\MpKsla3c22b50.sys --> c:\windows\system32\MpEngineStore\MpKsla3c22b50.sys [?]

S3 diskchk;diskchk;\??\c:\windows\system32\diskchk.sys --> c:\windows\system32\diskchk.sys [?]

S3 utqxodiy;AVZ Kernel Driver;c:\windows\SYSTEM32\DRIVERS\utqxodiy.sys [6/1/2010 12:14 AM 7168]

.

Contents of the 'Scheduled Tasks' folder

2010-06-12 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-12 19:22]

2010-06-01 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-12 19:22]

2010-06-29 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]

2010-06-28 c:\windows\Tasks\User_Feed_Synchronization-{0BF8426D-E159-4E88-8E75-FD433358A530}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://phoenix.cox.net/cci/home

uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-28 22:30

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1241913026-665132261-2367862541-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3576)

c:\windows\system32\WININET.dll

c:\program files\McAfee\SiteAdvisor\saHook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\IME\SPGRMR.DLL

c:\program files\Common Files\Microsoft Shared\Ink\SKCHUI.DLL

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\LEXBCES.EXE

c:\windows\system32\LEXPPS.EXE

c:\progra~1\McAfee\MSC\mcmscsvc.exe

c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\progra~1\McAfee\VIRUSS~1\mcshield.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\McAfee\MPF\MPFSrv.exe

c:\program files\McAfee\MSK\MskSrver.exe

c:\progra~1\mcafee.com\agent\mcagent.exe

.

**************************************************************************

.

Completion time: 2010-06-28 22:41:57 - machine was rebooted

ComboFix-quarantined-files.txt 2010-06-29 05:41

ComboFix2.txt 2010-06-17 13:57

ComboFix3.txt 2010-06-15 06:00

ComboFix4.txt 2010-04-29 05:12

Pre-Run: 41,202,360,320 bytes free

Post-Run: 41,352,388,608 bytes free

- - End Of File - - B92074B0B77A309DF6BDC94EB8A309EC

--------------------------------------------------------------------------------------------------

Here's my JavaRa Log -

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Jun 28 21:34:47 2010

Found and removed: Software\JavaSoft\Java2D\1.5.0_02

Found and removed: Software\JavaSoft\Java2D\1.5.0_04

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: Software\JavaSoft\Java2D\1.5.0_09

Found and removed: Software\JavaSoft\Java2D\1.5.0_10

Found and removed: Software\JavaSoft\Java2D\1.5.0_11

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\JavaPlugin.150_09

Found and removed: SOFTWARE\Classes\JavaPlugin.150_10

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip

------------------------------------

Finished reporting.

Link to post
Share on other sites

Good work! :)

Last steps:

Step 1

* Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Step 2

To enable CD Emulation programs using DeFogger please perform these steps:

  1. Please download DeFogger to your desktop.
  2. Once downloaded, double-click on the DeFogger icon to start the tool.
  3. The application window will now appear. You should now click on the Enable button to enable your CD Emulation drivers
  4. When it prompts you whether or not you want to continue, please click on the Yes button to continue
  5. When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  6. If CD Emulation programs are present and have been enabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

Step 3

Please manually delete Defogger, DDS, GMER, mbam-clean, mbam-setup, TDSSKiller, Dr.Web CureIt, RootRepeal, OTL and Dial-A-Fix.

Step 4

Please uninstall your ESET Online Scanner.

Step 5

Please download and install the latest version of Adobe Reader from:

www.adobe.com

About Java:

www.java.com/en

Step 6

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=9365

Safe surfing! :)

Link to post
Share on other sites

Good work! :)

Last steps:

Step 1

* Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Step 2

To enable CD Emulation programs using DeFogger please perform these steps:

  1. Please download DeFogger to your desktop.
  2. Once downloaded, double-click on the DeFogger icon to start the tool.
  3. The application window will now appear. You should now click on the Enable button to enable your CD Emulation drivers
  4. When it prompts you whether or not you want to continue, please click on the Yes button to continue
  5. When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  6. If CD Emulation programs are present and have been enabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

Step 3

Please manually delete Defogger, DDS, GMER, mbam-clean, mbam-setup, TDSSKiller, Dr.Web CureIt, RootRepeal, OTL and Dial-A-Fix.

Step 4

Please uninstall your ESET Online Scanner.

Step 5

Please download and install the latest version of Adobe Reader from:

www.adobe.com

About Java:

www.java.com/en

Step 6

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=9365

Safe surfing! ;)

thanks - will do these steps now!!!

Link to post
Share on other sites

You're welcome! :)

Hello Again Borislav -

Just ran an Mbam scan - here is the log. Are my problems starting again? I'm not a big web surfer and definitely don't visit "weird" websites that might harbor these "bugs". Any recommendations besides running frequent scans?

Thanks!

-------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4266

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

7/1/2010 8:10:02 PM

mbam-log-2010-07-01 (20-10-02).txt

Scan type: Full scan (C:\|)

Objects scanned: 217595

Time elapsed: 2 hour(s), 3 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\SYSTEM32\DRIVERS\87839422.sys (Rootkit.Agent.H) -> Quarantined and deleted successfully.

Link to post
Share on other sites

You kidding me...

Do you perform step 6?

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

You kidding me...

Do you perform step 6?

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

I did everything you instructed previously. I'm going to run ComboFix again and post the log when finished.

Thanks!

Link to post
Share on other sites

You kidding me...

Do you perform step 6?

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Here is the comboFix log:

-----------------------------------------------------------------------------

ComboFix 10-07-01.02 - Linda Cross 07/02/2010 5:29.5.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.601 [GMT -7:00]

Running from: c:\documents and settings\Linda Cross\Desktop\Combo-Fix.exe

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

((((((((((((((((((((((((( Files Created from 2010-06-02 to 2010-07-02 )))))))))))))))))))))))))))))))

.

2010-07-01 23:51 . 2009-09-26 00:59 128016 ----a-w- c:\windows\system32\drivers\87839421.sys

2010-07-01 23:51 . 2009-10-10 06:31 315408 ----a-w- c:\windows\system32\drivers\8783942.sys

2010-06-29 14:52 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-29 14:52 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-29 14:24 . 2010-06-29 14:24 -------- d-----w- c:\windows\Sun

2010-06-29 14:22 . 2010-06-29 14:22 503808 ----a-w- c:\documents and settings\Linda Cross\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7bbc936b-n\msvcp71.dll

2010-06-29 14:22 . 2010-06-29 14:22 499712 ----a-w- c:\documents and settings\Linda Cross\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7bbc936b-n\jmc.dll

2010-06-29 14:22 . 2010-06-29 14:22 -------- d-----w- c:\program files\Common Files\Java

2010-06-29 14:22 . 2010-06-29 14:22 348160 ----a-w- c:\documents and settings\Linda Cross\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7bbc936b-n\msvcr71.dll

2010-06-29 14:22 . 2010-06-29 14:22 12800 ----a-w- c:\documents and settings\Linda Cross\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3acd0449-n\decora-d3d.dll

2010-06-29 14:22 . 2010-06-29 14:22 61440 ----a-w- c:\documents and settings\Linda Cross\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3acd0449-n\decora-sse.dll

2010-06-29 14:21 . 2010-06-29 14:20 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-29 14:20 . 2010-06-29 14:20 -------- d-----w- c:\program files\Java

2010-06-29 14:04 . 2010-06-29 14:04 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-06-29 14:02 . 2010-06-29 14:02 71680 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

2010-06-29 14:02 . 2010-06-29 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-06-29 13:48 . 2010-06-29 13:48 -------- d-----w- C:\Combo-Fix

2010-06-29 04:18 . 2010-06-29 05:28 -------- d-----w- c:\windows\SxsCaPendDel

2010-06-28 03:29 . 2010-07-02 12:28 -------- d-----w- c:\windows\system32\CatRoot2

2010-06-27 12:47 . 2006-11-01 13:06 162616 ----a-w- c:\windows\RegDelNull.exe

2010-06-24 14:06 . 2001-08-18 05:36 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll

2010-06-24 14:05 . 2001-08-17 19:12 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys

2010-06-24 14:04 . 2001-08-18 05:36 12288 ----a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll

2010-06-24 14:03 . 2001-08-17 19:50 75392 ----a-w- c:\windows\system32\dllcache\s3savmxm.sys

2010-06-24 14:02 . 2008-04-13 18:41 17664 ----a-w- c:\windows\system32\dllcache\ppa3.sys

2010-06-24 14:01 . 2001-08-17 19:50 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys

2010-06-24 14:00 . 2001-08-18 05:36 7168 ----a-w- c:\windows\system32\dllcache\mxport.dll

2010-06-24 14:00 . 2001-08-17 20:49 19968 ----a-w- c:\windows\system32\dllcache\mxnic.sys

2010-06-24 14:00 . 2001-08-18 05:36 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll

2010-06-24 14:00 . 2001-08-17 20:50 21888 ----a-w- c:\windows\system32\dllcache\mxcard.sys

2010-06-24 14:00 . 2002-08-29 10:00 229439 ----a-w- c:\windows\system32\dllcache\multibox.dll

2010-06-24 14:00 . 2001-08-17 19:50 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys

2010-06-24 14:00 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys

2010-06-24 14:00 . 2008-04-13 18:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys

2010-06-24 14:00 . 2001-08-17 20:48 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys

2010-06-24 14:00 . 2001-08-17 21:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys

2010-06-24 14:00 . 2008-04-13 18:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys

2010-06-24 14:00 . 2002-08-29 10:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll

2010-06-24 13:58 . 2001-08-18 05:36 58368 ----a-w- c:\windows\system32\dllcache\m3091dc.dll

2010-06-24 13:57 . 2001-08-17 19:12 45632 ----a-w- c:\windows\system32\dllcache\ip5515.sys

2010-06-24 13:56 . 2001-08-18 05:36 165888 ----a-w- c:\windows\system32\dllcache\hpgt53.dll

2010-06-24 13:55 . 2002-08-29 10:00 31744 ----a-w- c:\windows\system32\dllcache\esucmd.dll

2010-06-24 13:54 . 2001-08-17 19:13 91305 ----a-w- c:\windows\system32\dllcache\dimaint.sys

2010-06-24 13:53 . 2001-08-17 20:57 248064 ----a-w- c:\windows\system32\dllcache\cl546xm.sys

2010-06-24 13:52 . 2001-08-17 20:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys

2010-06-24 13:51 . 2001-08-17 19:49 26880 ----a-w- c:\windows\system32\dllcache\atirtsnd.sys

2010-06-24 13:50 . 2001-08-17 21:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll

2010-06-19 14:13 . 2010-06-19 15:06 -------- d-----w- c:\documents and settings\Linda Cross\DoctorWeb

2010-06-08 22:39 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-02 12:15 . 2007-10-02 20:17 -------- d-----w- c:\program files\My Kazaa Gold

2010-07-01 14:31 . 2009-10-06 03:46 -------- d-----w- c:\program files\McAfee

2010-06-29 15:02 . 2009-10-06 05:33 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore

2010-06-29 14:52 . 2010-04-30 22:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-29 14:05 . 2003-05-28 23:31 -------- d-----w- c:\program files\Common Files\Adobe

2010-06-17 13:22 . 2009-10-20 21:09 -------- d-----w- c:\program files\Windows Defender

2010-06-17 13:22 . 2004-03-25 01:45 -------- d-----w- c:\program files\Lexmark X1100 Series

2010-06-15 05:20 . 2007-12-09 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-06-02 23:04 . 2010-04-29 03:23 -------- d-----w- c:\documents and settings\Linda Cross\Application Data\Malwarebytes

2010-06-02 23:04 . 2010-04-29 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-06-02 05:23 . 2010-06-01 07:14 7168 ----a-w- c:\windows\system32\drivers\utqxodiy.sys

2010-05-24 22:27 . 2010-05-24 22:27 4224 ----a-w- c:\windows\system32\drivers\RDPCDD.SYS

2010-05-21 21:14 . 2009-10-20 21:18 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-20 17:09 . 2010-05-15 19:13 -------- d-----w- c:\program files\RegWork

2010-05-20 13:28 . 2010-05-20 12:47 7304 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg

2010-05-20 01:55 . 2010-05-20 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard

2010-05-20 01:53 . 2010-05-20 01:53 -------- d-----w- c:\program files\Common Files\iS3

2010-05-13 12:57 . 2009-12-21 14:13 -------- d-----w- c:\program files\VoiceScribe

2010-05-12 17:15 . 2009-10-06 03:36 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-05-12 16:28 . 2010-05-12 16:28 -------- d-----w- c:\program files\Common Files\McAfee

2010-05-12 16:28 . 2003-04-30 15:31 -------- d-----w- c:\program files\McAfee.com

2010-05-12 05:27 . 2003-05-12 01:18 105656 -c--a-w- c:\documents and settings\Linda Cross\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-05-11 06:01 . 2008-05-10 05:47 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2010-05-06 10:41 . 2004-08-24 03:32 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22 . 2002-08-29 10:00 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-25 23:39 . 2010-04-16 23:43 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-04-21 17:15 . 2010-04-21 17:15 75264 ----a-w- c:\windows\system32\bfbe.sys

2010-04-20 05:30 . 2002-08-29 10:00 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-17 06:29 . 2010-04-17 06:29 49152 ----a-r- c:\documents and settings\Linda Cross\Application Data\Microsoft\Installer\{166E180E-9A3F-41AE-8B40-22D8FFF4AF87}\Icon49FA793C.exe

2010-04-16 23:43 . 2010-04-16 23:43 552 ----a-w- c:\windows\system32\d3d8caps.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Linda Cross\Start Menu\Programs\Startup\

setup_9.0.0.722_01.07.2010_23-49.lnk - c:\documents and settings\Linda Cross\Desktop\Virus Removal Tool\setup_9.0.0.722_01.07.2010_23-49\startup.exe [2010-7-1 72208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=

"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=

"c:\\Program Files\\360Share\\Gui\\360Share.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R1 87839421;87839421;c:\windows\SYSTEM32\DRIVERS\87839421.sys [7/1/2010 4:51 PM 128016]

R1 bfbe;bfbe;c:\windows\SYSTEM32\bfbe.sys [4/21/2010 10:15 AM 75264]

R1 setup_9.0.0.722_01.07.2010_23-49drv;setup_9.0.0.722_01.07.2010_23-49drv;c:\windows\SYSTEM32\DRIVERS\8783942.sys [7/1/2010 4:51 PM 315408]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/12/2010 9:33 AM 203280]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

S0 87839422;87839422 Boot Guard Driver;c:\windows\system32\DRIVERS\87839422.sys --> c:\windows\system32\DRIVERS\87839422.sys [?]

S1 MpKsla3c22b50;MpKsla3c22b50;\??\c:\windows\system32\MpEngineStore\MpKsla3c22b50.sys --> c:\windows\system32\MpEngineStore\MpKsla3c22b50.sys [?]

S3 diskchk;diskchk;\??\c:\windows\system32\diskchk.sys --> c:\windows\system32\diskchk.sys [?]

S3 utqxodiy;AVZ Kernel Driver;c:\windows\SYSTEM32\DRIVERS\utqxodiy.sys [6/1/2010 12:14 AM 7168]

.

Contents of the 'Scheduled Tasks' folder

2010-06-12 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-12 19:22]

2010-06-01 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-12 19:22]

2010-07-02 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]

2010-07-01 c:\windows\Tasks\User_Feed_Synchronization-{0BF8426D-E159-4E88-8E75-FD433358A530}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://phoenix.cox.net/cci/home

uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-02 05:46

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1241913026-665132261-2367862541-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1168)

c:\windows\system32\WININET.dll

c:\program files\McAfee\SiteAdvisor\saHook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\IME\SPGRMR.DLL

c:\program files\Common Files\Microsoft Shared\Ink\SKCHUI.DLL

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-07-02 05:51:11

ComboFix-quarantined-files.txt 2010-07-02 12:51

ComboFix2.txt 2010-06-29 05:41

Pre-Run: 43,510,812,672 bytes free

Post-Run: 43,549,306,880 bytes free

- - End Of File - - AD1EEA83CA5D1DFE4D88C0F2F69A7FB0

Link to post
Share on other sites

Open Notepad and copy and paste the text in the code box below into it:

KillAll::

Driver::
87839421

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

Open Notepad and copy and paste the text in the code box below into it:

KillAll::

Driver::
87839421

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Borislav:

The last few times I've run combo fix I've received the following message soon after it started running: "PEV.cfxxe has encountered a problems and need to close." Don't know what effect this may have had on the results.

Here's the newest log:

ComboFix 10-07-01.02 - Linda Cross 07/02/2010 6:40.6.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.425 [GMT -7:00]

Running from: c:\documents and settings\Linda Cross\Desktop\Combo-Fix.exe

Command switches used :: c:\documents and settings\Linda Cross\Desktop\CFScript.txt

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_87839421

-------\Service_87839421

((((((((((((((((((((((((( Files Created from 2010-06-02 to 2010-07-02 )))))))))))))))))))))))))))))))

.

2010-07-02 12:25 . 2010-07-02 12:51 -------- d-----w- C:\Combo-Fix6515C

2010-07-01 23:51 . 2009-09-26 00:59 128016 ----a-w- c:\windows\system32\drivers\87839421.sys

2010-07-01 23:51 . 2009-10-10 06:31 315408 ----a-w- c:\windows\system32\drivers\8783942.sys

2010-06-29 14:52 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-29 14:52 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-29 14:24 . 2010-06-29 14:24 -------- d-----w- c:\windows\Sun

2010-06-29 14:22 . 2010-06-29 14:22 -------- d-----w- c:\program files\Common Files\Java

2010-06-29 14:21 . 2010-06-29 14:20 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-29 14:20 . 2010-06-29 14:20 -------- d-----w- c:\program files\Java

2010-06-29 14:04 . 2010-06-29 14:04 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-06-29 14:02 . 2010-06-29 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-06-29 13:48 . 2010-06-29 13:48 -------- d-----w- C:\Combo-Fix

2010-06-29 04:18 . 2010-06-29 05:28 -------- d-----w- c:\windows\SxsCaPendDel

2010-06-28 03:29 . 2010-07-02 13:39 -------- d-----w- c:\windows\system32\CatRoot2

2010-06-27 12:47 . 2006-11-01 13:06 162616 ----a-w- c:\windows\RegDelNull.exe

2010-06-24 14:06 . 2001-08-18 05:36 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll

2010-06-24 14:05 . 2001-08-17 19:12 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys

2010-06-24 14:04 . 2001-08-18 05:36 12288 ----a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll

2010-06-24 14:03 . 2001-08-17 19:50 75392 ----a-w- c:\windows\system32\dllcache\s3savmxm.sys

2010-06-24 14:02 . 2008-04-13 18:41 17664 ----a-w- c:\windows\system32\dllcache\ppa3.sys

2010-06-24 14:01 . 2001-08-17 19:50 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys

2010-06-24 14:00 . 2001-08-18 05:36 7168 ----a-w- c:\windows\system32\dllcache\mxport.dll

2010-06-24 14:00 . 2001-08-17 20:49 19968 ----a-w- c:\windows\system32\dllcache\mxnic.sys

2010-06-24 14:00 . 2001-08-18 05:36 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll

2010-06-24 14:00 . 2001-08-17 20:50 21888 ----a-w- c:\windows\system32\dllcache\mxcard.sys

2010-06-24 14:00 . 2002-08-29 10:00 229439 ----a-w- c:\windows\system32\dllcache\multibox.dll

2010-06-24 14:00 . 2001-08-17 19:50 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys

2010-06-24 14:00 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys

2010-06-24 14:00 . 2008-04-13 18:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys

2010-06-24 14:00 . 2001-08-17 20:48 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys

2010-06-24 14:00 . 2001-08-17 21:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys

2010-06-24 14:00 . 2008-04-13 18:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys

2010-06-24 14:00 . 2002-08-29 10:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll

2010-06-24 13:58 . 2001-08-18 05:36 58368 ----a-w- c:\windows\system32\dllcache\m3091dc.dll

2010-06-24 13:57 . 2001-08-17 19:12 45632 ----a-w- c:\windows\system32\dllcache\ip5515.sys

2010-06-24 13:56 . 2001-08-18 05:36 165888 ----a-w- c:\windows\system32\dllcache\hpgt53.dll

2010-06-24 13:55 . 2002-08-29 10:00 31744 ----a-w- c:\windows\system32\dllcache\esucmd.dll

2010-06-24 13:54 . 2001-08-17 19:13 91305 ----a-w- c:\windows\system32\dllcache\dimaint.sys

2010-06-24 13:53 . 2001-08-17 20:57 248064 ----a-w- c:\windows\system32\dllcache\cl546xm.sys

2010-06-24 13:52 . 2001-08-17 20:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys

2010-06-24 13:51 . 2001-08-17 19:49 26880 ----a-w- c:\windows\system32\dllcache\atirtsnd.sys

2010-06-24 13:50 . 2001-08-17 21:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll

2010-06-19 14:13 . 2010-06-19 15:06 -------- d-----w- c:\documents and settings\Linda Cross\DoctorWeb

2010-06-08 22:39 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-02 13:14 . 2009-10-06 05:33 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore

2010-07-02 12:15 . 2007-10-02 20:17 -------- d-----w- c:\program files\My Kazaa Gold

2010-07-01 14:31 . 2009-10-06 03:46 -------- d-----w- c:\program files\McAfee

2010-06-29 14:52 . 2010-04-30 22:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-29 14:22 . 2010-06-29 14:22 503808 ----a-w- c:\documents and settings\Linda Cross\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7bbc936b-n\msvcp71.dll

2010-06-29 14:22 . 2010-06-29 14:22 499712 ----a-w- c:\documents and settings\Linda Cross\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7bbc936b-n\jmc.dll

2010-06-29 14:22 . 2010-06-29 14:22 348160 ----a-w- c:\documents and settings\Linda Cross\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7bbc936b-n\msvcr71.dll

2010-06-29 14:22 . 2010-06-29 14:22 12800 ----a-w- c:\documents and settings\Linda Cross\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3acd0449-n\decora-d3d.dll

2010-06-29 14:22 . 2010-06-29 14:22 61440 ----a-w- c:\documents and settings\Linda Cross\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3acd0449-n\decora-sse.dll

2010-06-29 14:05 . 2003-05-28 23:31 -------- d-----w- c:\program files\Common Files\Adobe

2010-06-29 14:02 . 2010-06-29 14:02 71680 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

2010-06-17 13:22 . 2009-10-20 21:09 -------- d-----w- c:\program files\Windows Defender

2010-06-17 13:22 . 2004-03-25 01:45 -------- d-----w- c:\program files\Lexmark X1100 Series

2010-06-15 05:20 . 2007-12-09 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-06-02 23:04 . 2010-04-29 03:23 -------- d-----w- c:\documents and settings\Linda Cross\Application Data\Malwarebytes

2010-06-02 23:04 . 2010-04-29 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-06-02 05:23 . 2010-06-01 07:14 7168 ----a-w- c:\windows\system32\drivers\utqxodiy.sys

2010-05-24 22:27 . 2010-05-24 22:27 4224 ----a-w- c:\windows\system32\drivers\RDPCDD.SYS

2010-05-21 21:14 . 2009-10-20 21:18 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-20 17:09 . 2010-05-15 19:13 -------- d-----w- c:\program files\RegWork

2010-05-20 13:28 . 2010-05-20 12:47 7304 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg

2010-05-20 01:55 . 2010-05-20 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard

2010-05-20 01:53 . 2010-05-20 01:53 -------- d-----w- c:\program files\Common Files\iS3

2010-05-13 12:57 . 2009-12-21 14:13 -------- d-----w- c:\program files\VoiceScribe

2010-05-12 17:15 . 2009-10-06 03:36 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-05-12 16:28 . 2010-05-12 16:28 -------- d-----w- c:\program files\Common Files\McAfee

2010-05-12 16:28 . 2003-04-30 15:31 -------- d-----w- c:\program files\McAfee.com

2010-05-12 05:27 . 2003-05-12 01:18 105656 -c--a-w- c:\documents and settings\Linda Cross\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-05-11 06:01 . 2008-05-10 05:47 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2010-05-06 10:41 . 2004-08-24 03:32 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22 . 2002-08-29 10:00 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-25 23:39 . 2010-04-16 23:43 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-04-21 17:15 . 2010-04-21 17:15 75264 ----a-w- c:\windows\system32\bfbe.sys

2010-04-20 05:30 . 2002-08-29 10:00 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-17 06:29 . 2010-04-17 06:29 49152 ----a-r- c:\documents and settings\Linda Cross\Application Data\Microsoft\Installer\{166E180E-9A3F-41AE-8B40-22D8FFF4AF87}\Icon49FA793C.exe

2010-04-16 23:43 . 2010-04-16 23:43 552 ----a-w- c:\windows\system32\d3d8caps.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Linda Cross\Start Menu\Programs\Startup\

setup_9.0.0.722_01.07.2010_23-49.lnk - c:\documents and settings\Linda Cross\Desktop\Virus Removal Tool\setup_9.0.0.722_01.07.2010_23-49\startup.exe [2010-7-1 72208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=

"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=

"c:\\Program Files\\360Share\\Gui\\360Share.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R1 bfbe;bfbe;c:\windows\SYSTEM32\bfbe.sys [4/21/2010 10:15 AM 75264]

R1 setup_9.0.0.722_01.07.2010_23-49drv;setup_9.0.0.722_01.07.2010_23-49drv;c:\windows\SYSTEM32\DRIVERS\8783942.sys [7/1/2010 4:51 PM 315408]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/12/2010 9:33 AM 203280]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

S0 87839422;87839422 Boot Guard Driver;c:\windows\system32\DRIVERS\87839422.sys --> c:\windows\system32\DRIVERS\87839422.sys [?]

S1 MpKsla3c22b50;MpKsla3c22b50;\??\c:\windows\system32\MpEngineStore\MpKsla3c22b50.sys --> c:\windows\system32\MpEngineStore\MpKsla3c22b50.sys [?]

S3 diskchk;diskchk;\??\c:\windows\system32\diskchk.sys --> c:\windows\system32\diskchk.sys [?]

S3 utqxodiy;AVZ Kernel Driver;c:\windows\SYSTEM32\DRIVERS\utqxodiy.sys [6/1/2010 12:14 AM 7168]

.

Contents of the 'Scheduled Tasks' folder

2010-06-12 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-12 19:22]

2010-06-01 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-12 19:22]

2010-07-02 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]

2010-07-01 c:\windows\Tasks\User_Feed_Synchronization-{0BF8426D-E159-4E88-8E75-FD433358A530}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://phoenix.cox.net/cci/home

uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-02 06:56

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1241913026-665132261-2367862541-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1140)

c:\windows\system32\WININET.dll

c:\program files\McAfee\SiteAdvisor\saHook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\IME\SPGRMR.DLL

c:\program files\Common Files\Microsoft Shared\Ink\SKCHUI.DLL

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\LEXBCES.EXE

c:\windows\system32\LEXPPS.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\progra~1\McAfee\MSC\mcmscsvc.exe

c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\progra~1\McAfee\VIRUSS~1\mcshield.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\McAfee\MPF\MPFSrv.exe

c:\program files\McAfee\MSK\MskSrver.exe

c:\progra~1\mcafee.com\agent\mcagent.exe

.

**************************************************************************

.

Completion time: 2010-07-02 07:07:37 - machine was rebooted

ComboFix-quarantined-files.txt 2010-07-02 14:07

ComboFix2.txt 2010-07-02 12:51

ComboFix3.txt 2010-06-29 05:41

Pre-Run: 43,536,715,776 bytes free

Post-Run: 43,497,336,832 bytes free

- - End Of File - - 6D3646539C7D2DCC7BE1B38855F55552

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.