Jump to content

binovc

Honorary Members
  • Posts

    70
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I ran MSERT, when finished it reported no issues. I found msert.log, and it has a bunch of "scan errors." So not sure if it really gave me a clean bill of health or not... Log attached. msert.log
  2. Hello Maurice, thanks for the reply. Today this no longer appears in the notification area of my taskbar. Do you think that we should continue and assume it has "gone into hiding"? Or do you think it removed itself? Unfortunately I didn't take a screenshot while it was present. I downloaded FRST64 but have not installed it, waiting on your suggestion. -Eric
  3. This appeared on my desktop today, it's obviously malware. Can I get help to remove it? Latest scan using Malwarebytes does not detect it. WIN7 Professional. Thanks.
  4. Ok, thanks. I just booted this one up after quite a wile of not using it because my "good" computer left me unable to boot ("load needed dlls for kernel"), and I haven't figured THAT one out yet. Maybe if I update the browsers that will fix me up... I really hate computers.
  5. Could this be a virus? I use the "Cleanup!" utility from stevengould.org. However when I attempt to visit the website, my browser automatically changes "www.stevengould.org" to the following, and never completes loading (well after several moments I close the page because I'm worried about it). http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CCAQFjAA&url=http%3A%2F%2Fwww.stevengould.org%2F&ei=ALxwVLv1JIyaNvXygZgO&usg=AFQjCNFj15BnuXXyAV59UeyhZO9rKgHkvw&bvm=bv.80185997,d.eXY Can you tell me what's going on? I ran a malwarebyres scan which detected nothing. I can easily reach the website from my tablet. The problem occurs on my hp desktop pc running XP SP3, and happens in both IE 8.0 and Firefox 11.0. Thanks.
  6. The pc came with a version of windows installed, called "windows xp ultimate edition by johnny". However MBAM used to run just fine. Possibly something got tangled up during the previous malware removal, in which I was assisted by Mr Charlie. The steps we went through are here (http://forums.malwarebytes.org/index.php?showtopic=72192&st=0&p=371599entry371599). I thought that prior issue was resolved, until I discovered that MBAM would never finish running.
  7. I hope I did what you asked. This pc has something called TugZip pre-installed. I think I zipped the startup folder. Untitled.zip
  8. I downloaded and navigated to C\USERS\ADMINISTRATOR\START MENU\PROGRAMS\STARTUP\ (which is where MBAM seems to be hanging up at). It shows one item in the STARTUP folder, and it is called "desktop.ini".
  9. Did as suggested in posts 27 & 28, no joy. I attempted the quick scan after the suggestions on post 27 and again after 28. When I added C\USERS\ADMINISTRATOR\START MENU\PROGRAMS\STARTUP\Administrator to the MBAM ignore list, I could not browse past "STARTUP". There was no "Administrator" inside the STARTUP folder. So I added C\USERS\ADMINISTRATOR\START MENU\PROGRAMS\STARTUP to the ignore list. I ran DDS after this attempt. Combo and DDS logs below. ComboFix 11-04-09.01 - user 04/10/2011 11:43:33.8.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1566 [GMT -5:00] Running from: c:\users\user\Desktop\ComboFix.exe Command switches used :: c:\users\user\Desktop\CFScript.txt AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2011-03-10 to 2011-04-10 ))))))))))))))))))))))))))))))) . . 2011-04-04 16:37 . 2011-04-04 16:37 -------- d-----w- c:\users\user\TurboTax 2011-04-04 16:37 . 2011-04-04 16:37 -------- d-----w- c:\users\\user\TurboTax 2011-04-04 16:31 . 2011-04-04 16:31 -------- d-----w- c:\users\user\Local Settings\Application Data\Intuit 2011-04-04 16:28 . 2011-04-04 16:28 -------- d-----w- c:\users\LocalService\Local Settings\Application Data\IsolatedStorage 2011-04-04 16:28 . 2011-04-04 16:28 -------- d-----w- c:\users\user\Application Data\Intuit 2011-04-04 16:24 . 2011-04-04 16:28 -------- d-----w- c:\program files\Common Files\Intuit 2011-04-04 16:24 . 2011-04-04 16:24 -------- d-----w- c:\program files\TurboTax 2011-04-04 16:23 . 2011-04-04 16:25 -------- d-----w- c:\users\All Users\Application Data\Intuit 2011-04-02 15:05 . 2011-04-02 15:05 -------- d-----w- c:\users\All Users\Application Data\McAfee 2011-04-02 15:04 . 2008-01-25 01:50 64232 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-04-02 15:04 . 2008-01-25 01:50 33960 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-04-02 15:04 . 2008-01-25 01:50 72936 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-04-02 15:04 . 2008-01-25 01:50 52104 ----a-w- c:\windows\system32\drivers\mfetdik.sys 2011-04-02 15:04 . 2008-01-25 01:50 171400 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-04-02 15:04 . 2011-04-02 15:05 -------- d-----w- c:\program files\McAfee 2011-04-02 15:04 . 2011-04-02 15:04 -------- d-----w- c:\program files\Common Files\McAfee 2011-03-28 23:57 . 2011-03-28 23:57 -------- d-----w- c:\users\user\Application Data\Malwarebytes 2011-03-28 23:55 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-28 23:55 . 2011-03-28 23:55 -------- d-----w- c:\users\All Users\Application Data\Malwarebytes 2011-03-28 23:55 . 2011-03-28 23:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-28 23:55 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-03 18:03 . 2011-02-03 03:12 507904 ----a-w- c:\windows\system32\winlogon.exe 2011-02-03 18:03 . 2011-02-03 03:09 135680 ----a-w- c:\windows\system32\taskmgr.exe 2011-02-03 18:03 . 2009-10-17 22:53 1033728 ----a-w- c:\windows\explorer.exe 2011-01-21 14:44 . 2009-10-17 22:53 439296 ----a-w- c:\windows\system32\shimgvw.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-03-13_23.27.45 ))))))))))))))))))))))))))))))))))))))))) . + 2011-04-04 16:26 . 2011-04-04 16:26 45416 c:\windows\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_3.1.31.0_x-ww_46ee423f\Intuit.Spc.Esd.WinClient.Application.Update.exe + 2011-04-04 16:26 . 2011-04-04 16:26 40296 c:\windows\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_3.1.31.0_x-ww_8b778a47\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2.exe + 2011-02-08 01:04 . 2011-02-08 01:04 67584 c:\windows\Installer\7e403.msp + 2011-04-04 16:24 . 2011-04-04 16:24 25088 c:\windows\Installer\7e3e8.msi + 2011-04-04 16:29 . 2011-04-04 16:29 22016 c:\windows\assembly\NativeImages_v2.0.50727_32\TVM\c537b3608514883621dc0c49611333c2\TVM.ni.dll + 2011-04-04 16:26 . 2011-04-04 16:26 57344 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Oip.Messaging.Client.ExternalApi\2.1.2.4__540d4816ead86321\Intuit.Spc.Oip.Messaging.Client.ExternalApi.dll + 2011-04-04 16:26 . 2011-04-04 16:26 21864 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.SharedUIToolkit\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.SharedUIToolkit.dll + 2011-04-04 16:26 . 2011-04-04 16:26 49000 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.QuickBaseClient\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.QuickBaseClient.dll + 2011-04-04 16:26 . 2011-04-04 16:26 58728 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Metrix.XmlSerializers\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Metrix.XmlSerializers.dll + 2011-04-04 16:26 . 2011-04-04 16:26 79208 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Core\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Core.dll + 2011-04-04 16:26 . 2011-04-04 16:26 58728 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.MajesticHTMLParser\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.3rdParty.MajesticHTMLParser.dll + 2011-04-04 16:26 . 2011-04-04 16:26 45056 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.RestServices\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.RestServices.dll + 2011-04-04 16:26 . 2011-04-04 16:26 53248 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.Repository\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.Repository.dll + 2011-04-04 16:26 . 2011-04-04 16:26 69632 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.OrchestrationUtil\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.OrchestrationUtil.dll + 2011-04-04 16:26 . 2011-04-04 16:26 94208 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.Orchestration\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.Orchestration.dll + 2011-04-04 16:26 . 2011-04-04 16:26 45056 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.Installer\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.Installer.dll + 2011-04-04 16:26 . 2011-04-04 16:26 94208 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.DataAccessUtil\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.DataAccessUtil.dll + 2011-04-04 16:26 . 2011-04-04 16:26 53248 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.ClientUtil\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.ClientUtil.dll + 2011-04-04 16:26 . 2011-04-04 16:26 20480 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.dll + 2011-04-04 16:26 . 2011-04-04 16:26 45056 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Xml\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Xml.dll + 2011-04-04 16:26 . 2011-04-04 16:26 15360 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.VersionManager\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.VersionManager.dll + 2011-04-04 16:26 . 2011-04-04 16:26 65536 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Serialization\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Serialization.dll + 2011-04-04 16:26 . 2011-04-04 16:26 45056 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll + 2011-04-04 16:26 . 2011-04-04 16:26 65536 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll + 2011-04-04 16:26 . 2011-04-04 16:26 73728 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll + 2011-04-04 16:26 . 2011-04-04 16:26 10752 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.PortabilitySpecific30\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.PortabilitySpecific30.dll + 2011-04-04 16:26 . 2011-04-04 16:26 18792 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll + 2011-04-04 16:26 . 2011-04-04 16:26 46952 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll + 2011-04-04 16:26 . 2011-04-04 16:26 23912 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll + 2011-04-04 16:26 . 2011-04-04 16:26 12136 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll + 2011-04-04 16:26 . 2011-04-04 16:26 45416 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.Update.exe + 2011-04-04 16:26 . 2011-04-04 16:26 40296 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2.exe + 2011-04-04 16:26 . 2011-04-04 16:26 54632 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess.XmlSerializers\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.XmlSerializers.dll + 2011-04-04 16:26 . 2011-04-04 16:26 70504 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll + 2011-04-04 16:26 . 2011-04-04 16:26 32768 c:\windows\assembly\GAC_MSIL\Iesi.Collections\1.0.0.3__aa95f207798dfdb4\Iesi.Collections.dll + 2011-04-04 16:26 . 2011-04-04 16:26 77824 c:\windows\assembly\GAC_MSIL\Castle.DynamicProxy\1.1.5.0__407dd0808d44fbdc\Castle.DynamicProxy.dll + 2011-04-04 16:26 . 2011-04-04 16:26 10240 c:\windows\assembly\GAC_MSIL\BackgroundCopyManager\1.0.0.0__9e3a83f3f863854b\BackgroundCopyManager.dll + 2011-04-04 16:26 . 2011-04-04 16:26 28672 c:\windows\assembly\GAC\Common.Logging\1.2.0.0__af08829b84f0328e\Common.Logging.dll + 2009-10-17 22:53 . 2008-04-14 01:12 578560 c:\windows\system32\user32.dll + 2009-11-02 22:55 . 2008-04-14 01:12 295424 c:\windows\system32\termsrv.dll - 2009-11-02 22:55 . 2009-09-11 12:23 295424 c:\windows\system32\termsrv.dll - 2008-04-14 12:00 . 2008-04-14 12:00 135168 c:\windows\system32\shsvcs.dll + 2008-04-14 12:00 . 2009-07-27 23:17 135168 c:\windows\system32\shsvcs.dll + 2009-11-02 16:38 . 2011-04-04 21:46 149992 c:\windows\system32\FNTCACHE.DAT + 2009-10-17 22:53 . 2008-04-14 01:12 578560 c:\windows\system32\dllcache\user32.dll - 2011-02-16 16:36 . 2008-04-14 01:12 578560 c:\windows\system32\dllcache\user32.dll + 2009-11-02 22:55 . 2008-04-14 01:12 295424 c:\windows\system32\dllcache\termsrv.dll - 2011-02-16 16:36 . 2008-04-14 01:12 295424 c:\windows\system32\dllcache\termsrv.dll + 2008-04-14 12:00 . 2009-07-27 23:17 135168 c:\windows\system32\dllcache\shsvcs.dll - 2008-04-14 12:00 . 2008-04-14 12:00 135168 c:\windows\system32\dllcache\shsvcs.dll - 2011-02-16 16:36 . 2008-04-14 01:11 792064 c:\windows\system32\dllcache\comres.dll + 2009-10-17 22:53 . 2008-04-14 01:11 792064 c:\windows\system32\dllcache\comres.dll + 2011-03-27 15:43 . 2011-03-27 15:43 262144 c:\windows\system32\config\systemprofile\NTUSER.DAT + 2009-10-17 22:53 . 2008-04-14 01:11 792064 c:\windows\system32\comres.dll + 2011-04-04 16:28 . 2011-04-04 16:28 115712 c:\windows\Installer\7e3f5.msi + 2011-04-04 16:28 . 2011-04-04 16:28 113152 c:\windows\Installer\7e3f0.msi + 2010-12-02 02:56 . 2011-03-27 16:01 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe - 2010-12-02 02:56 . 2010-12-02 02:56 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe + 2011-04-04 16:29 . 2011-04-04 16:29 116736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Inte#\e27ee1609a02b13aab2614fc47084c3b\System.Windows.Interactivity.ni.dll + 2011-04-04 16:29 . 2011-04-04 16:29 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a140e8da81b3af34c864ad851fe150fd\System.Runtime.Remoting.ni.dll + 2011-04-04 16:29 . 2011-04-04 16:29 940032 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Serv#\296c0a372097dc6a42cd8cbaf0ef6e57\Intuit.Ctg.Wte.Service.Interface.ni.dll + 2011-04-04 16:26 . 2011-04-04 16:26 174080 c:\windows\assembly\GAC_MSIL\System.Data.SQLite.Linq\2.0.38.0__db937bc2d44ff139\System.Data.SQLite.Linq.dll + 2011-04-04 16:26 . 2011-04-04 16:26 602112 c:\windows\assembly\GAC_MSIL\Spring.Core\1.1.0.2__65e474d141e25e07\Spring.Core.dll + 2011-04-04 16:26 . 2011-04-04 16:26 143360 c:\windows\assembly\GAC_MSIL\Spring.Aop\1.1.0.2__65e474d141e25e07\Spring.Aop.dll + 2011-04-04 16:26 . 2011-04-04 16:26 884736 c:\windows\assembly\GAC_MSIL\Microsoft.Web.Services3\3.0.0.0__31bf3856ad364e35\Microsoft.Web.Services3.dll + 2011-04-04 16:26 . 2011-04-04 16:26 270336 c:\windows\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll + 2011-04-04 16:26 . 2011-04-04 16:26 221184 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Oip.Messaging.Client.Protocol\2.1.2.4__540d4816ead86321\Intuit.Spc.Oip.Messaging.Client.Protocol.dll + 2011-04-04 16:26 . 2011-04-04 16:26 114688 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Oip.Messaging.Client.Core\2.1.2.4__540d4816ead86321\Intuit.Spc.Oip.Messaging.Client.Core.dll + 2011-04-04 16:26 . 2011-04-04 16:26 409960 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll + 2011-04-04 16:26 . 2011-04-04 16:26 114024 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Search\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Search.dll + 2011-04-04 16:26 . 2011-04-04 16:26 476520 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll + 2011-04-04 16:26 . 2011-04-04 16:26 226664 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter.XmlSerializers\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.XmlSerializers.dll + 2011-04-04 16:26 . 2011-04-04 16:26 214376 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.QuickBaseClient.XmlSerializers\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.QuickBaseClient.XmlSerializers.dll + 2011-04-04 16:26 . 2011-04-04 16:26 122728 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Metrix\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Metrix.dll + 2011-04-04 16:26 . 2011-04-04 16:26 181608 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.SharpZipLib\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.3rdParty.SharpZipLib.dll + 2011-04-04 16:26 . 2011-04-04 16:26 402792 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.Lucene\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.3rdParty.Lucene.dll + 2011-04-04 16:26 . 2011-04-04 16:26 106496 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.Provider.PreferencesSpecific\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.Provider.PreferencesSpecific.dll + 2011-04-04 16:26 . 2011-04-04 16:26 217088 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.DataAccess\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.DataAccess.dll + 2011-04-04 16:26 . 2011-04-04 16:26 651264 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.DataAccess.Entity\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.DataAccess.Entity.dll + 2011-04-04 16:26 . 2011-04-04 16:26 458752 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll + 2011-04-04 16:26 . 2011-04-04 16:26 106496 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Component\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Component.dll + 2011-04-04 16:26 . 2011-04-04 16:26 357736 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UX\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UX.dll + 2011-04-04 16:26 . 2011-04-04 16:26 421224 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll + 2011-04-04 16:26 . 2011-04-04 16:26 269672 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll + 2011-04-04 16:26 . 2011-04-04 16:26 206184 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Core.XmlSerializers\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.XmlSerializers.dll + 2011-04-04 16:26 . 2011-04-04 16:26 120168 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll + 2011-04-04 16:26 . 2011-04-04 16:26 121704 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll + 2011-04-04 16:26 . 2011-04-04 16:26 106496 c:\windows\assembly\GAC_MSIL\antlr.runtime\2.7.6.2__65e474d141e25e07\antlr.runtime.dll + 2011-04-04 16:26 . 2011-04-04 16:26 854016 c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.DLL + 2010-11-02 19:52 . 2010-11-02 19:52 1716297 c:\windows\system32\InetClnt.dll + 2011-03-27 16:01 . 2011-03-27 16:01 2230272 c:\windows\Installer\eaa33.msi + 2011-03-22 05:48 . 2011-03-22 05:48 6420480 c:\windows\Installer\7ea76.msp + 2011-03-22 05:46 . 2011-03-22 05:46 8997888 c:\windows\Installer\7e9eb.msp + 2011-03-15 03:58 . 2011-03-15 03:58 1558016 c:\windows\Installer\7e428.msp + 2011-04-04 16:26 . 2011-04-04 16:26 3258368 c:\windows\Installer\7e3ec.msi + 2011-04-02 15:05 . 2011-04-02 15:05 7810048 c:\windows\Installer\370bde.msi + 2011-04-04 16:34 . 2011-04-04 16:34 1981760 c:\windows\Installer\{A525E00B-6609-442E-9DCD-64453C233E8D}\TurboTax.exe + 2011-04-04 16:29 . 2011-04-04 16:29 3353600 c:\windows\assembly\NativeImages_v2.0.50727_32\ttax\71db86c116fd7252c5e4cb29f841c0c4\ttax.ni.dll + 2011-04-04 16:29 . 2011-04-04 16:29 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\58202ed61096113d08815c0a78313b66\System.Data.OracleClient.ni.dll + 2011-04-04 16:29 . 2011-04-04 16:29 1486336 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Map\2e2e7d99a2d14e1c2474167f8e08c8de\Intuit.Ctg.Map.ni.dll + 2011-04-04 16:26 . 2011-04-04 16:26 1085440 c:\windows\assembly\GAC_MSIL\NHibernate\1.2.0.4000__aa95f207798dfdb4\NHibernate.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2011-02-02 00:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt] @="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}" [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}] 2008-06-10 18:29 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-01-25 111952] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 1 (0x1) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,\ . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^Users^All Users^Start Menu^Programs^Startup^hp instant support.lnk] path=c:\users\All Users\Start Menu\Programs\Startup\hp instant support.lnk backup=c:\windows\pss\hp instant support.lnkCommon Startup . [HKLM\~\startupfolder\C:^Users^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet g series) - 1.lnk] path=c:\users\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet g series) - 1.lnk backup=c:\windows\pss\HPAiODevice(hp officejet g series) - 1.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] 2008-06-10 18:29 1083176 ----a-w- c:\program files\Nero\Nero8\InCD\InCD.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote] 2008-11-18 18:25 226576 ------w- c:\program files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2005-09-22 19:36 14854144 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2009-02-04 04:21 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher] 2010-11-11 19:55 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMZuneComm"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Cessna NAVIII Trainer v9.03\\CDUSIMv2.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= . R3 OmniTV;Cx2388x AvStream Video Capture;c:\windows\system32\drivers\OmniTV.sys [4/29/2008 5:21 PM 401280] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S3 ZD1211BU(Atheros);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(Atheros);c:\windows\system32\drivers\ZD1211BU.sys [2/12/2010 7:25 PM 500736] S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [6/10/2008 1:29 PM 53032] S4 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [11/11/2010 2:57 PM 268528] . Contents of the 'Scheduled Tasks' folder . 2011-04-08 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2011-02-02 00:17] . 2011-04-10 c:\windows\Tasks\User_Feed_Synchronization-{6A8336EE-08BC-4C82-B312-F27CDDED60F7}.job - c:\windows\system32\msfeedssync.exe [2009-10-17 10:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 Trusted Zone: intuit.com\ttlc FF - ProfilePath - c:\users\user\Application Data\Mozilla\Firefox\Profiles\altmiiaw.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-04-10 11:47 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(684) c:\windows\system32\SETUPAPI.dll c:\windows\system32\Ati2evxx.dll c:\windows\system32\cscui.dll . - - - - - - - > 'lsass.exe'(740) c:\windows\system32\setupapi.dll . - - - - - - - > 'explorer.exe'(1944) c:\windows\system32\WININET.dll c:\program files\Nero\Nero8\InCD\NBHShx.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\program files\Nero\Nero8\InCD\NBHStr.dll c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll c:\windows\system32\SETUPAPI.dll c:\windows\System32\cscui.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\webcheck.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . Completion time: 2011-04-10 11:49:10 ComboFix-quarantined-files.txt 2011-04-10 16:49 ComboFix2.txt 2011-03-18 13:40 ComboFix3.txt 2011-03-13 23:29 . Pre-Run: 52,571,672,576 bytes free Post-Run: 52,725,157,888 bytes free . - - End Of File - - 43285C068904C8FEEDC7A72D3BB94379 . DDS (Ver_11-03-05.01) - NTFSx86 Run by user at 13:26:06.95 on Sun 04/10/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1411 [GMT -5:00] . AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\McAfee\Common Framework\McTray.exe svchost.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc c:\Program Files\Zune\ZuneBusEnum.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\user\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://google.com/ mWinlogon: UIHost=%SystemRoot%\System32\ultlogonui.exe BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: QT TabBar: {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll TB: QT Tab Standard Buttons: {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - mscoree.dll TB: QT Breadcrumbs Address Bar: {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey dRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background mPolicies-explorer: NoRecentDocsNetHood = 1 (0x1) dPolicies-explorer: NoRecentDocsNetHood = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL Trusted Zone: intuit.com\ttlc DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\user\applic~1\mozilla\firefox\profiles\altmiiaw.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q= FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . ============= SERVICES / DRIVERS =============== . R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-4-2 103744] R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2008-1-24 144704] R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2008-1-24 54608] R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2011-4-2 72936] R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2011-4-2 33960] R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2011-4-2 171400] R3 OmniTV;Cx2388x AvStream Video Capture;c:\windows\system32\drivers\OmniTV.sys [2008-4-29 401280] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] S3 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] S3 ZD1211BU(Atheros);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(Atheros);c:\windows\system32\drivers\ZD1211BU.sys [2010-2-12 500736] S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero8\incd\NBHRegInCDSrv.exe [2008-6-10 53032] S4 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528] . =============== Created Last 30 ================ . 2011-04-04 16:37:31 -------- d-----w- c:\users\user\TurboTax 2011-04-04 16:31:25 -------- d-----w- c:\users\user\locals~1\applic~1\Intuit 2011-04-04 16:28:50 -------- d-----w- c:\users\user\applic~1\Intuit 2011-04-04 16:24:32 -------- d-----w- c:\program files\common files\Intuit 2011-04-04 16:24:00 -------- d-----w- c:\program files\TurboTax 2011-04-04 16:23:49 -------- d-----w- c:\users\alluse~1\applic~1\Intuit 2011-04-02 15:04:50 64232 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-04-02 15:04:50 33960 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-04-02 15:04:49 72936 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-04-02 15:04:49 52104 ----a-w- c:\windows\system32\drivers\mfetdik.sys 2011-04-02 15:04:48 171400 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-04-02 15:04:29 -------- d-----w- c:\program files\McAfee 2011-04-02 15:04:29 -------- d-----w- c:\program files\common files\McAfee 2011-03-28 23:57:40 -------- d-----w- c:\users\user\applic~1\Malwarebytes 2011-03-28 23:55:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-28 23:55:49 -------- d-----w- c:\users\alluse~1\applic~1\Malwarebytes 2011-03-28 23:55:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-28 23:55:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-13 23:22:54 98816 ----a-w- c:\windows\sed.exe 2011-03-13 23:22:54 89088 ----a-w- c:\windows\MBR.exe 2011-03-13 23:22:54 256512 ----a-w- c:\windows\PEV.exe 2011-03-13 23:22:54 161792 ----a-w- c:\windows\SWREG.exe . ==================== Find3M ==================== . 2011-02-03 18:03:46 507904 ----a-w- c:\windows\system32\winlogon.exe 2011-02-03 18:03:36 135680 ----a-w- c:\windows\system32\taskmgr.exe 2011-02-03 18:03:18 1033728 ----a-w- c:\windows\explorer.exe 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll . ============= FINISH: 13:26:35.59 ===============
  10. When I entered MSConfig, the start-up entries were already re-enabled. I'm pretty sure I checked prior to running the previous quick scan that the start-up entries were dis-abled at that time however. The only entry that was present was Zune Windows Mobile Connectivity Service. I unchecked it, re-booted, and quick scan still ran 1+ hour before I aborted.
  11. I "disabled all", rebooted, ran quick scan, aborted after 20+ minutes.
  12. dds log. . DDS (Ver_11-03-05.01) - NTFSx86 Run by user at 8:05:49.93 on Sat 04/02/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1577 [GMT -5:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Nero\Nero8\InCD\InCD.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe svchost.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc c:\Program Files\Zune\ZuneBusEnum.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Users\user\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://google.com/ mWinlogon: UIHost=%SystemRoot%\System32\ultlogonui.exe BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: QT TabBar: {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll TB: QT Tab Standard Buttons: {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - mscoree.dll TB: QT Breadcrumbs Address Bar: {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [PMCRemote] c:\program files\pinnacle\shared files\programs\remote\Remoterm.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [inCD] c:\program files\nero\nero8\incd\InCD.exe mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe" dRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background StartupFolder: c:\users\alluse~1\startm~1\programs\startup\hpinst~1.lnk - c:\program files\hewlett-packard\aio\hpis\bin\matcli.exe StartupFolder: c:\users\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp officejet g series\bin\hpoavn07.exe mPolicies-explorer: NoRecentDocsNetHood = 1 (0x1) dPolicies-explorer: NoRecentDocsNetHood = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\user\applic~1\mozilla\firefox\profiles\altmiiaw.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q= FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . ============= SERVICES / DRIVERS =============== . R3 OmniTV;Cx2388x AvStream Video Capture;c:\windows\system32\drivers\OmniTV.sys [2008-4-29 401280] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] S3 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528] S3 ZD1211BU(Atheros);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(Atheros);c:\windows\system32\drivers\ZD1211BU.sys [2010-2-12 500736] S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero8\incd\NBHRegInCDSrv.exe [2008-6-10 53032] . =============== Created Last 30 ================ . 2011-03-28 23:57:40 -------- d-----w- c:\users\user\applic~1\Malwarebytes 2011-03-28 23:55:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-28 23:55:49 -------- d-----w- c:\users\alluse~1\applic~1\Malwarebytes 2011-03-28 23:55:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-28 23:55:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-13 23:22:54 98816 ----a-w- c:\windows\sed.exe 2011-03-13 23:22:54 89088 ----a-w- c:\windows\MBR.exe 2011-03-13 23:22:54 256512 ----a-w- c:\windows\PEV.exe 2011-03-13 23:22:54 161792 ----a-w- c:\windows\SWREG.exe . ==================== Find3M ==================== . 2011-02-03 18:03:46 507904 ----a-w- c:\windows\system32\winlogon.exe 2011-02-03 18:03:36 135680 ----a-w- c:\windows\system32\taskmgr.exe 2011-02-03 18:03:18 1033728 ----a-w- c:\windows\explorer.exe 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll . ============= FINISH: 8:06:25.03 ===============
  13. I uninstalled Spybot, rebooted, same problem. Then uninstalled Adaware, rebooted, uninstalled MBAM (used mbam-clean), rebooted, re-installed MBAM, updated, rebooted, ran a quick scan, aborted after 9+ hours. Any idea why it's spending so much time scanning a folder (C:\USERS\ADMINISTRATOR\START MENU\) that has nothing in it (see post #15)? Or is the contents of that folder just blocked from me trying to open it? I am also feeling a bit vulnerable running my pc with absolutely no anti virus and anti malware. Might I go ahead and reinstall mcafee?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.