Jump to content

freshbread3

Members
  • Posts

    16
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Oh, I didn't notice there was a second page already. I'm still here. I haven't felt comfortable with the online backup tools I found so far, so it was reassuring to hear you endorse the old-fashioned method of using an external hard drive. Thank you.
  2. Sorry. I need to "back up" data. I have heard of online systems for this and then there is the old fashioned manual method using an external hard drive I guess. I am going to google it.
  3. Thank you very much for answering all my questions (sorry I had so many). I thought maybe since I posted so many times in a row is why you couldn't respond back to me sooner (in other words the system put me at the bottom of the list) I feel better to know that it wasn't a "file infector" so I can back up my data now. I guess I have to look into that before I go through the inevitable process of reformatting ... Do you have any suggestions? The scan doesn't show any problems by the way: Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 192864 Time elapsed: 17 minute(s), 24 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  4. Ok ... I don't like posting so many times in a row, but I noticed something else strange in the application data folder and maybe the "root" of all the problems in the first place. There is another folder that shouldn't be there. It is named "utorrent" which I had deleted from computer I thought (it doesn't exist in the program files folder anymore as far as I can tell). Well, it doesn't have any application in it but some files that seem to be unable to run (you know how they get that funny look to them when a program doesn't exist for them anymore). What bothers me the most is the date and time of the last modification of the folder ... I'm pretty sure it is the exact date and time of when I got the initial XP Antivirus 2012 virus! So I want to get rid of this folder for sure! But again how can I make sure that I'm also deleting the registry files associated with it? Or is it ok to just delete this rogue folder?
  5. I had one more concern. I was looking in the application data folder and I noticed a strange folder. It says it was modifyed around the time I got the virus in fact. It is named "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" (what a long name for a folder!). The Adobe folder also has the same modification date. I'm wondering if I should delete these folders (and would that matter since it doesn't delete register files). The strange com.adobe.mauby folder seems empty, so maybe one of the cleaners already cleaned out the important bad files? What do you suggest? I could always redownload Adobe I'm sure.
  6. Well my computer doesn't act like it has a virus, but I don't trust it anymore after what I've read about what a rootkit virus does. Basically I've heard that I should reformat my entire computer. I want to back stuff up somehow, but I've been told (not in this forum, but through word of mouth) that anything I backup (files and even the flash drive I use) could be infected and then carry the rootkit virus with it to reinfect me in the future. >_< What is true here? What would you recommend? Beforehand the only way I knew something was strange was because Malwarebytes kept blocking IP addresses. I was getting tons of those every minute. Somehow I mixed up the trial and the free version of Malwarebytes, so since I'm on the free version now I'm wondering if that is why I don't get any blocking anymore ... or is it because Malwarebytes doesn't have to block anything anymore (ie, the virus is gone)? Also ping.exe was working overtime it seemed and making my computer run slower and I don't see that running anymore. I had used ESET before and it had detected the rootkit before but it couldn't delete it. This time it didn't see the rootkit but according to the log it did find and clean the Kryptik trojan.I wanted to know if I should "delete quarantined files" before I click "finish" ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=3a026f5220618744b78c860282050675 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-12-18 05:47:13 # local_time=2011-12-18 12:47:13 (-0500, Eastern Standard Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=5121 16777173 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=93498 # found=2 # cleaned=0 # scan_time=5898 C:\WINDOWS\system32\drivers\ipsec.sys a variant of Win32/Rootkit.Kryptik.GG trojan (unable to clean) 00000000000000000000000000000000 I ${Memory} multiple threats 00000000000000000000000000000000 I # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=3a026f5220618744b78c860282050675 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-01-18 02:31:41 # local_time=2012-01-18 09:31:41 (-0500, Eastern Standard Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=5121 16777173 100 75 914478 27259126 0 0 # compatibility_mode=8192 67108863 100 0 1781136 1781136 0 0 # scanned=73619 # found=12 # cleaned=12 # scan_time=17840 C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ReactivateIE.exe.vir a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\Toolbar32.dll.vir a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ToolbarBroker.exe.vir a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP303\A0093378.exe a variant of Win32/Kryptik.XKR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP308\A0095344.exe a variant of Win32/PerfectUninstaller application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP308\A0095358.exe a variant of Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP308\A0095364.exe a variant of Win32/PerfectUninstaller application (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP309\A0095578.exe a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP309\A0095580.dll a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP309\A0095581.exe a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP309\A0095582.exe a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C The thing I noticed in the security check was that it said Windows Firewall is disabled. Since I have a firewall through McAfee I wanted to ask if I should run two firewalls together (in other words should I turn on the Windows Firewall too)? I have heard that it isn't good to have two virus programs running together. Is that the same with firewalls? Results of screen317's Security Check version 0.99.30 Windows XP Service Pack 3 x86 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! ESET Online Scanner v3 McAfee Total Protection McAfee Online Backup ``````````````````````````````` Anti-malware/Other Utilities Check: Java 6 Update 30 ```````````````````````````````` Process Check: objlist.exe by Laurent ESET ESET Online Scanner OnlineCmdLineScanner.exe McAfee Online Backup MOBKbackup.exe ``````````End of Log````````````
  7. The forums look updated. They look nice. aswMBR log: aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software Run date: 2012-01-12 15:39:36 ----------------------------- 15:39:36.296 OS Version: Windows 5.1.2600 Service Pack 3 15:39:36.296 Number of processors: 2 586 0x1C02 15:39:36.296 ComputerName: STRAWBERRY-CHAN UserName: Fresh Bread 15:39:40.312 Initialize success 15:44:57.156 AVAST engine defs: 12011200 15:45:04.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 15:45:04.390 Disk 0 Vendor: Hitachi_ PBBO Size: 152627MB BusType: 3 15:45:04.421 Disk 0 MBR read successfully 15:45:04.421 Disk 0 MBR scan 15:45:04.500 Disk 0 Windows VISTA default MBR code 15:45:04.515 Disk 0 Partition 1 00 12 Compaq diag NTFS 10244 MB offset 63 15:45:04.531 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 142381 MB offset 20981760 15:45:04.562 Disk 0 scanning sectors +312578048 15:45:04.687 Disk 0 scanning C:\WINDOWS\system32\drivers 15:45:46.593 Service scanning 15:45:48.734 Modules scanning 15:45:56.890 Disk 0 trace - called modules: 15:45:56.937 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys 15:45:56.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8736aab8] 15:45:56.968 3 CLASSPNP.SYS[f75fdfd7] -> nt!IofCallDriver -> \Device\00000072[0x8735c1a8] 15:45:56.984 5 ACPI.sys[f7574620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x873d3030] 15:45:57.843 AVAST engine scan C:\WINDOWS 15:46:30.421 File: C:\WINDOWS\PEV.exe **INFECTED** Win32:Rootkit-gen [Rtk] 15:46:46.328 AVAST engine scan C:\WINDOWS\system32 15:50:31.562 AVAST engine scan C:\WINDOWS\system32\drivers 15:50:51.234 AVAST engine scan C:\Documents and Settings\Fresh Bread 15:59:44.296 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Fresh Bread\Desktop\MBR.dat" 15:59:44.531 The log file has been saved successfully to "C:\Documents and Settings\Fresh Bread\Desktop\aswMBR 1-12.txt" MBRCHECK log: MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Home Edition Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x00000004 Kernel Drivers (total 125): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x80700000 \WINDOWS\system32\hal.dll 0xF7ABD000 \WINDOWS\system32\KDCOM.DLL 0xF79CD000 \WINDOWS\system32\BOOTVID.dll 0xF756E000 ACPI.sys 0xF7ABF000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF755D000 pci.sys 0xF75BD000 isapnp.sys 0xF79D1000 compbatt.sys 0xF79D5000 \WINDOWS\system32\DRIVERS\BATTC.SYS 0xF7B85000 pciide.sys 0xF783D000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF75CD000 MountMgr.sys 0xF753E000 ftdisk.sys 0xF7845000 PartMgr.sys 0xF79D9000 ACPIEC.sys 0xF7B86000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 0xF75DD000 VolSnap.sys 0xF7526000 atapi.sys 0xF7458000 iaStor.sys 0xF75ED000 disk.sys 0xF75FD000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF7438000 fltMgr.sys 0xF7426000 sr.sys 0xF73B7000 mfehidk.sys 0xF760D000 PxHelp20.sys 0xF73A0000 KSecDD.sys 0xF7313000 Ntfs.sys 0xF72E6000 NDIS.sys 0xF72CC000 Mup.sys 0xF72B8000 McPvDrv.sys 0xF761D000 amdagp.sys 0xF76DD000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xF54E9000 \SystemRoot\system32\DRIVERS\igxpmp32.sys 0xF54D5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF54AD000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xF52D0000 \SystemRoot\system32\DRIVERS\bcmwl5.sys 0xF76ED000 \SystemRoot\system32\DRIVERS\l1c51x86.sys 0xF78ED000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xF52AC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF78F5000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF71CA000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0xF76FD000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF78FD000 \SystemRoot\system32\DRIVERS\DKbFltr.sys 0xF7905000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF527B000 \SystemRoot\system32\DRIVERS\SynTP.sys 0xF7B01000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF770D000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS 0xF51FF000 \SystemRoot\System32\Drivers\wdf01000.sys 0xF51D4000 \SystemRoot\system32\drivers\mfeavfk.sys 0xF2E65000 \SystemRoot\system32\drivers\mfefirek.sys 0xF789D000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF7274000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0xF7CA1000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF2E52000 \SystemRoot\system32\DRIVERS\mfendisk.sys 0xF763D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF7270000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF2D9B000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF764D000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF769D000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF78B5000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF2B7A000 \SystemRoot\system32\DRIVERS\psched.sys 0xF455C000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF78C5000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF78CD000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF454C000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF7B51000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF2B57000 \SystemRoot\system32\DRIVERS\ks.sys 0xF2AF9000 \SystemRoot\system32\DRIVERS\update.sys 0xF71D2000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF453C000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF2C4E000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xA9EE2000 \SystemRoot\system32\drivers\RtkHDAud.sys 0xA9EBE000 \SystemRoot\system32\drivers\portcls.sys 0xF2C3E000 \SystemRoot\system32\drivers\drmk.sys 0xA6BD6000 \SystemRoot\System32\Drivers\i2omgmt.SYS 0xA5AE5000 \SystemRoot\system32\DRIVERS\MOBK.sys 0xA6C20000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xA5DFD000 \SystemRoot\System32\Drivers\Null.SYS 0xA6C1E000 \SystemRoot\System32\Drivers\Beep.SYS 0xA60B8000 \SystemRoot\System32\drivers\vga.sys 0xA6C1C000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xA6C1A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xA60B0000 \SystemRoot\System32\Drivers\Msfs.SYS 0xA60A8000 \SystemRoot\System32\Drivers\Npfs.SYS 0xA5D96000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xA5AB2000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xA5A59000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xA5A44000 \SystemRoot\system32\drivers\mfetdi2k.sys 0xA5A1E000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xA59F6000 \SystemRoot\system32\DRIVERS\netbt.sys 0xA5D82000 \SystemRoot\System32\drivers\ws2ifsl.sys 0xA59D4000 \SystemRoot\System32\drivers\afd.sys 0xA61DA000 \SystemRoot\system32\DRIVERS\netbios.sys 0xA59A9000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xA5911000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA5D72000 \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys 0xA61AA000 \SystemRoot\System32\Drivers\Fips.SYS 0xA1458000 \SystemRoot\system32\DRIVERS\snp2uvc.sys 0xA233C000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0xA8F39000 \SystemRoot\system32\DRIVERS\sncduvc.SYS 0x9F4EC000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x9CF4E000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0xBF800000 \SystemRoot\System32\win32k.sys 0x9DADE000 \SystemRoot\System32\drivers\Dxapi.sys 0x9E204000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0x9D01E000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF024000 \SystemRoot\System32\igxpgd32.dll 0xBF012000 \SystemRoot\System32\igxprd32.dll 0xBF04F000 \SystemRoot\System32\igxpdv32.DLL 0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL 0xBF47A000 \SystemRoot\System32\ATMFD.DLL 0xA5981000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x9CF21000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0x9CE49000 \SystemRoot\system32\DRIVERS\srv.sys 0x9CC7C000 \SystemRoot\system32\drivers\wdmaud.sys 0x9F4FC000 \SystemRoot\system32\drivers\sysaudio.sys 0x9C7FA000 \SystemRoot\system32\drivers\mfeapfk.sys 0x9E4EB000 \SystemRoot\system32\drivers\mfebopk.sys 0x9C592000 \SystemRoot\System32\Drivers\HTTP.sys 0x9C392000 \SystemRoot\system32\drivers\cfwids.sys 0x9BDD2000 \??\C:\DOCUME~1\FRESHB~1\LOCALS~1\Temp\aswMBR.sys 0x9BCA8000 \SystemRoot\system32\drivers\kmixer.sys 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 53): 0 System Idle Process 4 System 1308 C:\WINDOWS\system32\smss.exe 1360 csrss.exe 1384 C:\WINDOWS\system32\winlogon.exe 1428 C:\WINDOWS\system32\services.exe 1440 C:\WINDOWS\system32\lsass.exe 1600 C:\WINDOWS\system32\svchost.exe 1672 svchost.exe 1712 C:\WINDOWS\system32\svchost.exe 1868 svchost.exe 1896 svchost.exe 444 C:\WINDOWS\system32\spoolsv.exe 596 svchost.exe 632 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 652 C:\Program Files\Bonjour\mDNSResponder.exe 744 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe 756 C:\Program Files\Java\jre6\bin\jqs.exe 788 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe 916 C:\WINDOWS\system32\mfevtps.exe 964 C:\Program Files\McAfee Online Backup\MOBKbackup.exe 1112 C:\Program Files\Acer\Acer VCM\RS_Service.exe 1136 C:\WINDOWS\system32\svchost.exe 1924 C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe 1252 C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe 2560 C:\WINDOWS\explorer.exe 2664 C:\WINDOWS\system32\rundll32.exe 2732 C:\WINDOWS\system32\ctfmon.exe 2396 alg.exe 1952 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe 2744 C:\PROGRA~1\LAUNCH~1\LManager.exe 3036 C:\WINDOWS\system32\hkcmd.exe 3064 C:\WINDOWS\system32\igfxpers.exe 3136 C:\WINDOWS\PLFSetL.exe 3156 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 396 C:\WINDOWS\RTHDCPL.EXE 3196 C:\WINDOWS\system32\igfxsrvc.exe 3240 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 3716 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe 3796 C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe 3976 C:\Program Files\iTunes\iTunesHelper.exe 436 C:\Program Files\Common Files\Java\Java Update\jusched.exe 364 C:\Program Files\McAfee.com\Agent\mcagent.exe 952 C:\Program Files\McAfee\MAT\McPvTray.exe 1300 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 2480 C:\Program Files\Acer\Acer VCM\AcerVCM.exe 700 C:\Program Files\iPod\bin\iPodService.exe 3932 C:\WINDOWS\system32\igfxext.exe 2884 C:\WINDOWS\system32\svchost.exe 2168 C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe 2948 C:\Program Files\Internet Explorer\iexplore.exe 608 C:\Program Files\Internet Explorer\iexplore.exe 3140 C:\Documents and Settings\Fresh Bread\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80500000 (NTFS) PhysicalDrive0 Model Number: HitachiHTS545016B9A300, Rev: PBBOC60F Size Device Name MBR Status -------------------------------------------- 149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! MBR.zip
  8. The good news is that my computer has internet access again . I ran ComboFix twice and the second time worked. The bad news is that ComboFix said I have the rootkit virus still. (>_<) Here are the logs: COMBOFIX LOG ComboFix 12-01-06.01 - Fresh Bread 01/06/2012 16:02:08.6.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.640 [GMT -5:00] Running from: D:\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . . ((((((((((((((((((((((((( Files Created from 2011-12-06 to 2012-01-06 ))))))))))))))))))))))))))))))) . . 2011-12-28 04:41 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-28 04:41 . 2011-12-28 04:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-28 04:34 . 2010-04-14 01:10 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys 2011-12-28 04:34 . 2011-12-28 04:34 -------- d-----w- c:\program files\McAfee Online Backup 2011-12-28 04:33 . 2011-04-11 19:29 64048 ----a-w- c:\windows\system32\drivers\McPvDrv.sys 2011-12-28 04:31 . 2011-10-15 17:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-12-28 04:31 . 2011-10-15 17:16 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-12-28 04:31 . 2011-10-15 17:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-12-28 04:31 . 2011-10-15 17:16 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2011-12-28 04:31 . 2011-10-15 17:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-12-28 04:31 . 2011-10-15 17:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-12-28 04:31 . 2011-10-15 17:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-12-28 04:31 . 2011-10-15 17:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-12-28 04:31 . 2011-12-28 04:32 -------- d-----w- c:\program files\Common Files\Mcafee 2011-12-28 04:31 . 2011-12-28 05:23 -------- d-----w- c:\program files\McAfee 2011-12-28 04:18 . 2011-11-18 21:36 150856 ----a-w- c:\windows\system32\mfevtps.exe 2011-12-28 04:18 . 2011-12-28 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2011-12-28 03:32 . 2011-12-28 03:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix 2011-12-28 02:46 . 2011-12-28 02:46 -------- d-----w- c:\program files\Citrix 2011-12-28 02:46 . 2011-12-28 02:46 -------- d-----w- c:\documents and settings\Fresh Bread\Local Settings\Application Data\Citrix 2011-12-28 02:13 . 2011-12-28 05:50 -------- d-----w- c:\program files\Perfect Uninstaller 2011-12-18 06:56 . 2011-12-18 06:56 -------- d-----w- c:\program files\VS Revo Group 2011-12-18 06:52 . 2011-12-18 06:52 -------- d-----w- c:\documents and settings\All Users\Uniblue 2011-12-18 03:48 . 2011-12-18 03:48 -------- d-----w- c:\program files\ESET 2011-12-17 07:28 . 2011-12-17 07:28 -------- d-----w- c:\documents and settings\Fresh Bread\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2011-12-17 06:45 . 2011-12-17 06:45 -------- d-----w- c:\documents and settings\Fresh Bread\Local Settings\Application Data\McAfee Anti-Theft 2011-12-15 05:44 . 2011-12-15 05:44 -------- d-----w- c:\program files\Common Files\Java 2011-12-15 04:58 . 2011-12-15 04:58 -------- d-----w- c:\documents and settings\Fresh Bread\Local Settings\Application Data\PCHealth 2011-12-14 03:43 . 2011-12-14 03:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2011-12-13 11:33 . 2011-12-13 11:33 664 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp 2011-12-12 21:33 . 2011-12-12 21:33 -------- d-----w- c:\documents and settings\Fresh Bread\Application Data\Malwarebytes 2011-12-12 21:33 . 2011-12-12 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-12-11 04:57 . 2011-12-11 05:34 -------- d-----w- c:\documents and settings\Administrator . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-23 13:25 . 2009-08-01 07:34 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-10 10:54 . 2010-07-01 03:14 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-10 08:27 . 2010-07-01 03:14 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-04 22:06 . 2011-05-15 18:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-04 19:20 . 2009-08-01 07:34 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2009-08-01 07:34 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2009-08-01 07:34 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23 . 2009-08-01 07:34 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2009-08-01 07:34 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31 . 2009-08-01 07:34 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37 . 2008-04-14 00:54 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-18 11:13 . 2009-08-01 07:34 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-15 17:16 . 2011-10-15 17:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-10-15 17:16 . 2011-10-15 17:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-10-10 14:22 . 2009-08-01 06:53 692736 ----a-w- c:\windows\system32\inetcomm.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-12-28_05.48.40 ))))))))))))))))))))))))))))))))))))))))) . + 2012-01-06 21:00 . 2012-01-06 21:00 16384 c:\windows\Temp\Perflib_Perfdata_4ac.dat + 2012-01-06 21:00 . 2012-01-06 21:00 16384 c:\windows\Temp\Perflib_Perfdata_2fc.dat + 2009-08-01 07:34 . 2012-01-06 21:05 73368 c:\windows\system32\perfc009.dat - 2009-08-01 07:34 . 2011-12-28 05:28 73368 c:\windows\system32\perfc009.dat + 2009-08-01 07:34 . 2012-01-06 21:05 445946 c:\windows\system32\perfh009.dat - 2009-08-01 07:34 . 2011-12-28 05:28 445946 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK] @="{3c3f3c1a-9153-7c05-f938-622e7003894d}" [HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}] 2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2] @="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}" [HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}] 2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3] @="{b4caf489-1eec-c617-49ad-8d7088598c06}" [HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}] 2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-16 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752] "AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-17 53248] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824] "RTHDCPL"="RTHDCPL.EXE" [2009-08-24 18702336] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152] "CLMLServer"="c:\program files\Cyberlink\Power2Go\CLMLSvc.exe" [2009-06-04 103720] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816] "McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 419904] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-8-1 565248] HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-11 73728] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2011-12-28 02:46 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Documents and Settings\\Fresh Bread\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"= . R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [12/27/2011 11:33 PM 64048] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [12/27/2011 11:31 PM 89792] R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [12/27/2011 11:34 PM 54776] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/27/2011 11:41 PM 652872] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/27/2011 11:31 PM 214904] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/27/2011 11:31 PM 214904] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/27/2011 11:31 PM 214904] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [12/27/2011 11:32 PM 160608] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [12/27/2011 11:18 PM 150856] R2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [4/13/2010 8:11 PM 229688] R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [8/1/2009 4:35 AM 237568] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [12/27/2011 11:31 PM 57600] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [8/1/2009 2:35 AM 38912] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/27/2011 11:41 PM 20464] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [12/27/2011 11:31 PM 338176] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/27/2011 11:31 PM 83856] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/8/2010 11:11 PM 136176] S2 XMLProvS;Network ProService;c:\windows\System32\svchost.exe -k xmlpros [8/1/2009 2:34 AM 14336] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/1/2009 3:48 AM 1684736] S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/1/2009 3:50 AM 24064] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/8/2010 11:11 PM 136176] S3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe --> c:\progra~1\mcafee\msc\mcawfwk.exe [?] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/27/2011 11:31 PM 83856] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [12/27/2011 11:31 PM 87656] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [8/1/2009 3:43 AM 162816] S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 3:06 PM 11520] . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] xmlpros REG_MULTI_SZ XMLProvS . Contents of the 'Scheduled Tasks' folder . 2011-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57] . 2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 04:11] . 2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 04:11] . 2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3993469562-757298511-4166307882-1005Core.job - c:\documents and settings\Fresh Bread\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 07:27] . 2012-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3993469562-757298511-4166307882-1005UA.job - c:\documents and settings\Fresh Bread\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 07:27] . . ------- Supplementary Scan ------- . mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph06103045l0354wui5w4842655s uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html Trusted Zone: amtrak.com\tickets Trusted Zone: amtrak.com\www Trusted Zone: internet Trusted Zone: mcafee.com TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-06 16:14 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1384) c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll . Completion time: 2012-01-06 16:16:54 ComboFix-quarantined-files.txt 2012-01-06 21:16 ComboFix2.txt 2011-12-31 22:20 ComboFix3.txt 2011-12-28 08:35 ComboFix4.txt 2011-12-28 07:29 ComboFix5.txt 2012-01-06 20:24 . Pre-Run: 91,905,392,640 bytes free Post-Run: 91,896,414,208 bytes free . - - End Of File - - 81AE3B162823FE4623BA05C550057566 DDS LOG . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Fresh Bread at 16:19:22 on 2012-01-06 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.595 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe C:\WINDOWS\system32\mfevtps.exe C:\Program Files\McAfee Online Backup\MOBKbackup.exe C:\Program Files\Acer\Acer VCM\RS_Service.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\WINDOWS\system32\wscntfy.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\explorer.exe . ============== Pseudo HJT Report =============== . mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph06103045l0354wui5w4842655s uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111227233155.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [LManager] c:\progra~1\launch~1\LManager.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [PLFSetL] c:\windows\PLFSetL.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [McPvTray_exe] "c:\program files\mcafee\mat\McPvTray.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: amtrak.com\tickets Trusted Zone: amtrak.com\www Trusted Zone: internet Trusted Zone: mcafee.com DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 TCP: Interfaces\{E2030F1D-FA9E-405E-97F2-0EA8456A89F0} : DhcpNameServer = 65.32.5.111 65.32.5.112 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL . ============= SERVICES / DRIVERS =============== . R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2011-12-27 64048] R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-15 464176] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-12-27 89792] R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2011-12-27 54776] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-27 652872] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-12-27 214904] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-12-27 214904] R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-12-27 214904] R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-12-27 214904] R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-12-27 166288] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-12-27 160608] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-12-27 150856] R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688] R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-8-1 237568] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-12-27 57600] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-8-1 38912] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-27 20464] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-12-27 180816] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-12-27 338176] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-12-27 83856] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-8 136176] S2 XMLProvS;Network ProService;c:\windows\system32\svchost.exe -k xmlpros [2009-8-1 14336] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-8-1 1684736] S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-8-1 24064] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-8 136176] S3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe --> c:\progra~1\mcafee\msc\mcawfwk.exe [?] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-12-27 59456] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-12-27 83856] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-12-27 87656] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-8-1 162816] S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] . =============== Created Last 30 ================ . 2011-12-28 05:09:04 -------- d-sha-r- C:\cmdcons 2011-12-28 05:05:53 98816 ----a-w- c:\windows\sed.exe 2011-12-28 05:05:53 518144 ----a-w- c:\windows\SWREG.exe 2011-12-28 05:05:53 256000 ----a-w- c:\windows\PEV.exe 2011-12-28 05:05:53 208896 ----a-w- c:\windows\MBR.exe 2011-12-28 04:41:17 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-28 04:41:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-28 04:34:24 -------- d-----w- c:\program files\McAfeeMOBK 2011-12-28 04:34:15 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys 2011-12-28 04:34:04 -------- d-----w- c:\program files\McAfee Online Backup 2011-12-28 04:33:44 64048 ----a-w- c:\windows\system32\drivers\McPvDrv.sys 2011-12-28 04:31:55 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-12-28 04:31:49 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-12-28 04:31:49 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-12-28 04:31:49 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2011-12-28 04:31:49 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-12-28 04:31:49 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-12-28 04:31:49 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-12-28 04:31:49 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-12-28 04:31:43 -------- d-----w- c:\program files\common files\Mcafee 2011-12-28 04:31:41 -------- d-----w- c:\program files\McAfee.com 2011-12-28 04:31:25 -------- d-----w- c:\program files\McAfee 2011-12-28 04:18:56 150856 ----a-w- c:\windows\system32\mfevtps.exe 2011-12-28 03:32:00 -------- d-----w- c:\documents and settings\all users\application data\Citrix 2011-12-28 02:46:43 -------- d-----w- c:\program files\Citrix 2011-12-28 02:46:39 -------- d-----w- c:\documents and settings\fresh bread\local settings\application data\Citrix 2011-12-28 02:13:36 -------- d-----w- c:\program files\Perfect Uninstaller 2011-12-18 06:56:53 -------- d-----w- c:\program files\VS Revo Group 2011-12-18 06:52:12 -------- d-----w- c:\documents and settings\all users\Uniblue 2011-12-18 03:48:48 -------- d-----w- c:\program files\ESET 2011-12-17 07:28:06 -------- d-----w- c:\documents and settings\fresh bread\application data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2011-12-17 06:45:54 -------- d-----w- c:\documents and settings\fresh bread\local settings\application data\McAfee Anti-Theft 2011-12-17 06:38:53 148520 ----a-r- c:\windows\system32\mfevtps.exe.e42d.deleteme 2011-12-15 04:58:52 -------- d-----w- c:\documents and settings\fresh bread\local settings\application data\PCHealth 2011-12-12 21:33:58 -------- d-----w- c:\documents and settings\fresh bread\application data\Malwarebytes 2011-12-12 21:33:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes . ==================== Find3M ==================== . 2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-10 10:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-10 08:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-04 22:06:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-15 17:16:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-10-15 17:16:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll . ============= FINISH: 16:19:50.81 ===============
  9. Happy New Year (soon). I got a fresh copy of ComboFix but my internet connection still isn't working. (I'm posting from a different computer) I also did a DDS scan in case that helps. Incidentally ComboFix said it found the Rootkit virus again ._. COMBOFIX LOG ComboFix 11-12-31.03 - Fresh Bread 12/31/2011 17:06:17.4.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.654 [GMT -5:00] Running from: D:\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-31 ))))))))))))))))))))))))))))))) . . 2011-12-28 04:41 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-28 04:41 . 2011-12-28 04:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-28 04:34 . 2010-04-14 01:10 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys 2011-12-28 04:34 . 2011-12-28 04:34 -------- d-----w- c:\program files\McAfee Online Backup 2011-12-28 04:33 . 2011-04-11 19:29 64048 ----a-w- c:\windows\system32\drivers\McPvDrv.sys 2011-12-28 04:31 . 2011-10-15 17:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-12-28 04:31 . 2011-10-15 17:16 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-12-28 04:31 . 2011-10-15 17:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-12-28 04:31 . 2011-10-15 17:16 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2011-12-28 04:31 . 2011-10-15 17:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-12-28 04:31 . 2011-10-15 17:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-12-28 04:31 . 2011-10-15 17:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-12-28 04:31 . 2011-10-15 17:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-12-28 04:31 . 2011-12-28 04:32 -------- d-----w- c:\program files\Common Files\Mcafee 2011-12-28 04:31 . 2011-12-28 05:23 -------- d-----w- c:\program files\McAfee 2011-12-28 04:18 . 2011-11-18 21:36 150856 ----a-w- c:\windows\system32\mfevtps.exe 2011-12-28 04:18 . 2011-12-28 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2011-12-28 03:32 . 2011-12-28 03:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix 2011-12-28 02:46 . 2011-12-28 02:46 -------- d-----w- c:\program files\Citrix 2011-12-28 02:46 . 2011-12-28 02:46 -------- d-----w- c:\documents and settings\Fresh Bread\Local Settings\Application Data\Citrix 2011-12-28 02:13 . 2011-12-28 05:50 -------- d-----w- c:\program files\Perfect Uninstaller 2011-12-18 06:56 . 2011-12-18 06:56 -------- d-----w- c:\program files\VS Revo Group 2011-12-18 06:52 . 2011-12-18 06:52 -------- d-----w- c:\documents and settings\All Users\Uniblue 2011-12-18 03:48 . 2011-12-18 03:48 -------- d-----w- c:\program files\ESET 2011-12-17 07:28 . 2011-12-17 07:28 -------- d-----w- c:\documents and settings\Fresh Bread\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2011-12-17 06:45 . 2011-12-17 06:45 -------- d-----w- c:\documents and settings\Fresh Bread\Local Settings\Application Data\McAfee Anti-Theft 2011-12-15 05:44 . 2011-12-15 05:44 -------- d-----w- c:\program files\Common Files\Java 2011-12-15 04:58 . 2011-12-15 04:58 -------- d-----w- c:\documents and settings\Fresh Bread\Local Settings\Application Data\PCHealth 2011-12-14 03:43 . 2011-12-14 03:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2011-12-13 11:33 . 2011-12-13 11:33 664 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp 2011-12-12 21:33 . 2011-12-12 21:33 -------- d-----w- c:\documents and settings\Fresh Bread\Application Data\Malwarebytes 2011-12-12 21:33 . 2011-12-12 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-12-11 04:57 . 2011-12-11 05:34 -------- d-----w- c:\documents and settings\Administrator 2011-12-07 03:59 . 2011-12-07 03:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll 2011-12-07 03:59 . 2011-12-07 03:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll 2011-12-07 03:59 . 2011-12-07 03:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2011-12-07 03:59 . 2011-12-07 03:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2011-12-07 03:59 . 2011-12-07 03:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2011-12-07 03:59 . 2011-12-07 03:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2011-12-07 03:59 . 2011-12-07 03:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2011-12-07 03:54 . 2011-12-07 03:59 -------- d-----w- c:\program files\QuickTime . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-23 13:25 . 2009-08-01 07:34 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-10 10:54 . 2010-07-01 03:14 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-10 08:27 . 2010-07-01 03:14 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-04 22:06 . 2011-05-15 18:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-04 19:20 . 2009-08-01 07:34 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2009-08-01 07:34 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2009-08-01 07:34 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23 . 2009-08-01 07:34 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2009-08-01 07:34 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31 . 2009-08-01 07:34 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37 . 2008-04-14 00:54 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-18 11:13 . 2009-08-01 07:34 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-15 17:16 . 2011-10-15 17:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-10-15 17:16 . 2011-10-15 17:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-10-10 14:22 . 2009-08-01 06:53 692736 ----a-w- c:\windows\system32\inetcomm.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys [-] 2008-04-14 12:00 . 90A9305F8727DDB9D5EA8189B520E463 . 75264 . . [------] . . c:\windows\system32\drivers\ipsec.sys . [7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys [-] 2008-04-14 12:00 . 90A9305F8727DDB9D5EA8189B520E463 . 75264 . . [------] . . c:\windows\system32\drivers\ipsec.sys . ((((((((((((((((((((((((((((( SnapShot@2011-12-28_05.48.40 ))))))))))))))))))))))))))))))))))))))))) . + 2011-12-31 22:05 . 2011-12-31 22:05 16384 c:\windows\Temp\Perflib_Perfdata_374.dat + 2011-12-31 22:04 . 2011-12-31 22:04 16384 c:\windows\Temp\Perflib_Perfdata_280.dat + 2009-08-01 07:34 . 2011-12-31 22:09 73368 c:\windows\system32\perfc009.dat - 2009-08-01 07:34 . 2011-12-28 05:28 73368 c:\windows\system32\perfc009.dat + 2009-08-01 07:34 . 2011-12-31 22:09 445946 c:\windows\system32\perfh009.dat - 2009-08-01 07:34 . 2011-12-28 05:28 445946 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK] @="{3c3f3c1a-9153-7c05-f938-622e7003894d}" [HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}] 2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2] @="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}" [HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}] 2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3] @="{b4caf489-1eec-c617-49ad-8d7088598c06}" [HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}] 2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-16 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752] "AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-17 53248] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824] "RTHDCPL"="RTHDCPL.EXE" [2009-08-24 18702336] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152] "CLMLServer"="c:\program files\Cyberlink\Power2Go\CLMLSvc.exe" [2009-06-04 103720] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816] "McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 419904] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-8-1 565248] HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-11 73728] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2011-12-28 02:46 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Documents and Settings\\Fresh Bread\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"= . R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [12/27/2011 11:33 PM 64048] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [12/27/2011 11:31 PM 89792] R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [12/27/2011 11:34 PM 54776] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/27/2011 11:41 PM 652872] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/27/2011 11:31 PM 214904] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/27/2011 11:31 PM 214904] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/27/2011 11:31 PM 214904] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [12/27/2011 11:32 PM 160608] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [12/27/2011 11:18 PM 150856] R2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [4/13/2010 8:11 PM 229688] R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [8/1/2009 4:35 AM 237568] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [12/27/2011 11:31 PM 57600] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [8/1/2009 2:35 AM 38912] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/27/2011 11:41 PM 20464] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [12/27/2011 11:31 PM 338176] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/27/2011 11:31 PM 83856] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/8/2010 11:11 PM 136176] S2 XMLProvS;Network ProService;c:\windows\System32\svchost.exe -k xmlpros [8/1/2009 2:34 AM 14336] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/1/2009 3:48 AM 1684736] S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/1/2009 3:50 AM 24064] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/8/2010 11:11 PM 136176] S3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe --> c:\progra~1\mcafee\msc\mcawfwk.exe [?] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/27/2011 11:31 PM 83856] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [12/27/2011 11:31 PM 87656] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [8/1/2009 3:43 AM 162816] S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 3:06 PM 11520] . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] xmlpros REG_MULTI_SZ XMLProvS . Contents of the 'Scheduled Tasks' folder . 2011-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57] . 2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 04:11] . 2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 04:11] . 2011-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3993469562-757298511-4166307882-1005Core.job - c:\documents and settings\Fresh Bread\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 07:27] . 2011-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3993469562-757298511-4166307882-1005UA.job - c:\documents and settings\Fresh Bread\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 07:27] . . ------- Supplementary Scan ------- . mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph06103045l0354wui5w4842655s uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html Trusted Zone: amtrak.com\tickets Trusted Zone: amtrak.com\www Trusted Zone: internet Trusted Zone: mcafee.com TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-31 17:18 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(968) c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll . Completion time: 2011-12-31 17:20:58 ComboFix-quarantined-files.txt 2011-12-31 22:20 ComboFix2.txt 2011-12-28 08:35 ComboFix3.txt 2011-12-28 07:29 ComboFix4.txt 2011-12-28 05:54 . Pre-Run: 91,136,401,408 bytes free Post-Run: 91,128,664,064 bytes free . - - End Of File - - 2D01A5BF309B9097832414772E9E40FE DDS LOG . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Fresh Bread at 17:36:01 on 2011-12-31 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.389 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\PLFSetL.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\McAfee\MAT\McPvTray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Acer\Acer VCM\AcerVCM.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe svchost.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe C:\WINDOWS\system32\mfevtps.exe C:\Program Files\McAfee Online Backup\MOBKbackup.exe C:\Program Files\Acer\Acer VCM\RS_Service.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\vssvc.exe C:\WINDOWS\system32\wscntfy.exe . ============== Pseudo HJT Report =============== . mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph06103045l0354wui5w4842655s uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111227233155.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [LManager] c:\progra~1\launch~1\LManager.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [PLFSetL] c:\windows\PLFSetL.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [McPvTray_exe] "c:\program files\mcafee\mat\McPvTray.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: amtrak.com\tickets Trusted Zone: amtrak.com\www Trusted Zone: internet Trusted Zone: mcafee.com DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 TCP: Interfaces\{E2030F1D-FA9E-405E-97F2-0EA8456A89F0} : DhcpNameServer = 65.32.5.111 65.32.5.112 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL . ============= SERVICES / DRIVERS =============== . R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2011-12-27 64048] R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-15 464176] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-12-27 89792] R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2011-12-27 54776] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-27 652872] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-12-27 214904] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-12-27 214904] R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-12-27 214904] R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-12-27 214904] R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-12-27 166288] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-12-27 160608] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-12-27 150856] R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688] R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-8-1 237568] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-12-27 57600] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-8-1 38912] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-27 20464] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-12-27 180816] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-12-27 338176] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-12-27 83856] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-8 136176] S2 XMLProvS;Network ProService;c:\windows\system32\svchost.exe -k xmlpros [2009-8-1 14336] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-8-1 1684736] S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-8-1 24064] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-8 136176] S3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe --> c:\progra~1\mcafee\msc\mcawfwk.exe [?] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-12-27 59456] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-12-27 83856] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-12-27 87656] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-8-1 162816] S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] . =============== Created Last 30 ================ . 2011-12-28 05:09:04 -------- d-sha-r- C:\cmdcons 2011-12-28 05:05:53 98816 ----a-w- c:\windows\sed.exe 2011-12-28 05:05:53 518144 ----a-w- c:\windows\SWREG.exe 2011-12-28 05:05:53 256000 ----a-w- c:\windows\PEV.exe 2011-12-28 05:05:53 208896 ----a-w- c:\windows\MBR.exe 2011-12-28 04:41:17 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-28 04:41:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-28 04:34:24 -------- d-----w- c:\program files\McAfeeMOBK 2011-12-28 04:34:15 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys 2011-12-28 04:34:04 -------- d-----w- c:\program files\McAfee Online Backup 2011-12-28 04:33:44 64048 ----a-w- c:\windows\system32\drivers\McPvDrv.sys 2011-12-28 04:31:55 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-12-28 04:31:49 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-12-28 04:31:49 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-12-28 04:31:49 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2011-12-28 04:31:49 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-12-28 04:31:49 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-12-28 04:31:49 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-12-28 04:31:49 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-12-28 04:31:43 -------- d-----w- c:\program files\common files\Mcafee 2011-12-28 04:31:41 -------- d-----w- c:\program files\McAfee.com 2011-12-28 04:31:25 -------- d-----w- c:\program files\McAfee 2011-12-28 04:18:56 150856 ----a-w- c:\windows\system32\mfevtps.exe 2011-12-28 03:32:00 -------- d-----w- c:\documents and settings\all users\application data\Citrix 2011-12-28 02:46:43 -------- d-----w- c:\program files\Citrix 2011-12-28 02:46:39 -------- d-----w- c:\documents and settings\fresh bread\local settings\application data\Citrix 2011-12-28 02:13:36 -------- d-----w- c:\program files\Perfect Uninstaller 2011-12-18 06:56:53 -------- d-----w- c:\program files\VS Revo Group 2011-12-18 06:52:12 -------- d-----w- c:\documents and settings\all users\Uniblue 2011-12-18 03:48:48 -------- d-----w- c:\program files\ESET 2011-12-17 07:28:06 -------- d-----w- c:\documents and settings\fresh bread\application data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2011-12-17 06:45:54 -------- d-----w- c:\documents and settings\fresh bread\local settings\application data\McAfee Anti-Theft 2011-12-17 06:38:53 148520 ----a-r- c:\windows\system32\mfevtps.exe.e42d.deleteme 2011-12-15 04:58:52 -------- d-----w- c:\documents and settings\fresh bread\local settings\application data\PCHealth 2011-12-12 21:33:58 -------- d-----w- c:\documents and settings\fresh bread\application data\Malwarebytes 2011-12-12 21:33:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-12-07 03:59:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2011-12-07 03:59:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2011-12-07 03:59:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2011-12-07 03:59:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2011-12-07 03:59:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2011-12-07 03:59:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2011-12-07 03:59:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll . ==================== Find3M ==================== . 2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-10 10:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-10 08:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-04 22:06:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-15 17:16:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-10-15 17:16:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll . ============= FINISH: 17:37:43.82 ===============
  10. I have a small question too. When I went to get a new copy of ComboFix I deleted the older copy by just "delete" but ... should I have uninstalled it from the run command instead? When I tried to put the new ComboFix on my desktop it said "shortcut to ComboFix" on it ... so I was wondering if the shortcut pointed to the older version (which was in the recycling bin) or to the newer version which was on the flashdrive. Anyways my question is ... should I do an uninstall from the run command? The instructions at Bleepingcomputer said not to uninstall until I finished getting rid of any viruses, so I am reluctant to "uninstall" at this point. ._.
  11. ComboFix found Rootkit.ZeroAccess! in the tcp/ip stack. After it ran, though, I lost my internet connection. I tried to manually "repair" the connection like the instructions said at BleepingComputer but it didn't work. So I ran ComboFix again (because ComboFix said I might need to do that if I lost my internet connection). There was still no connection and ComboFix still found Rootkit.ZeroAcess! From Internet Explorer I did a Diagnose Connection Problems and it said "Windows has detected a problem with the Winsock provider catalog on this computer." I thought maybe I should get a new copy of ComboFix so I used a flash drive to download it from another computer and than ran it again on my computer. Again it found Rootkit. ZeroAccess! and I couldn't get the internet to work still. So I'm posting from a different computer now. My computer has no internet connection and probably still has Rootkit.ZeroAccess! -__- Hopefully you can see where the problem is from these logs. ComboFix 11-12-28.02 - Fresh Bread 12/28/2011 3:21.3.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.664 [GMT -5:00] Running from: D:\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . . ((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-28 ))))))))))))))))))))))))))))))) . . 2011-12-28 04:41 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-28 04:41 . 2011-12-28 04:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-28 04:34 . 2010-04-14 01:10 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys 2011-12-28 04:34 . 2011-12-28 04:34 -------- d-----w- c:\program files\McAfee Online Backup 2011-12-28 04:33 . 2011-04-11 19:29 64048 ----a-w- c:\windows\system32\drivers\McPvDrv.sys 2011-12-28 04:31 . 2011-10-15 17:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-12-28 04:31 . 2011-10-15 17:16 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-12-28 04:31 . 2011-10-15 17:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-12-28 04:31 . 2011-10-15 17:16 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2011-12-28 04:31 . 2011-10-15 17:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-12-28 04:31 . 2011-10-15 17:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-12-28 04:31 . 2011-10-15 17:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-12-28 04:31 . 2011-10-15 17:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-12-28 04:31 . 2011-12-28 04:32 -------- d-----w- c:\program files\Common Files\Mcafee 2011-12-28 04:31 . 2011-12-28 05:23 -------- d-----w- c:\program files\McAfee 2011-12-28 04:18 . 2011-11-18 21:36 150856 ----a-w- c:\windows\system32\mfevtps.exe 2011-12-28 04:18 . 2011-12-28 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2011-12-28 03:32 . 2011-12-28 03:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix 2011-12-28 02:46 . 2011-12-28 02:46 -------- d-----w- c:\program files\Citrix 2011-12-28 02:46 . 2011-12-28 02:46 -------- d-----w- c:\documents and settings\Fresh Bread\Local Settings\Application Data\Citrix 2011-12-28 02:13 . 2011-12-28 05:50 -------- d-----w- c:\program files\Perfect Uninstaller 2011-12-18 06:56 . 2011-12-18 06:56 -------- d-----w- c:\program files\VS Revo Group 2011-12-18 06:52 . 2011-12-18 06:52 -------- d-----w- c:\documents and settings\All Users\Uniblue 2011-12-18 03:48 . 2011-12-18 03:48 -------- d-----w- c:\program files\ESET 2011-12-17 07:28 . 2011-12-17 07:28 -------- d-----w- c:\documents and settings\Fresh Bread\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2011-12-17 06:45 . 2011-12-17 06:45 -------- d-----w- c:\documents and settings\Fresh Bread\Local Settings\Application Data\McAfee Anti-Theft 2011-12-15 05:44 . 2011-12-15 05:44 -------- d-----w- c:\program files\Common Files\Java 2011-12-15 04:58 . 2011-12-15 04:58 -------- d-----w- c:\documents and settings\Fresh Bread\Local Settings\Application Data\PCHealth 2011-12-14 03:43 . 2011-12-14 03:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2011-12-13 11:33 . 2011-12-13 11:33 664 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp 2011-12-12 21:33 . 2011-12-12 21:33 -------- d-----w- c:\documents and settings\Fresh Bread\Application Data\Malwarebytes 2011-12-12 21:33 . 2011-12-12 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-12-11 04:57 . 2011-12-11 05:34 -------- d-----w- c:\documents and settings\Administrator 2011-12-07 03:59 . 2011-12-07 03:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll 2011-12-07 03:59 . 2011-12-07 03:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll 2011-12-07 03:59 . 2011-12-07 03:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2011-12-07 03:59 . 2011-12-07 03:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2011-12-07 03:59 . 2011-12-07 03:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2011-12-07 03:59 . 2011-12-07 03:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2011-12-07 03:59 . 2011-12-07 03:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2011-12-07 03:54 . 2011-12-07 03:59 -------- d-----w- c:\program files\QuickTime . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-23 13:25 . 2009-08-01 07:34 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-10 10:54 . 2010-07-01 03:14 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-10 08:27 . 2010-07-01 03:14 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-04 22:06 . 2011-05-15 18:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-04 19:20 . 2009-08-01 07:34 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2009-08-01 07:34 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2009-08-01 07:34 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23 . 2009-08-01 07:34 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2009-08-01 07:34 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31 . 2009-08-01 07:34 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37 . 2008-04-14 00:54 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-18 11:13 . 2009-08-01 07:34 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-15 17:16 . 2011-10-15 17:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-10-15 17:16 . 2011-10-15 17:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-10-10 14:22 . 2009-08-01 06:53 692736 ----a-w- c:\windows\system32\inetcomm.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys [-] 2008-04-14 12:00 . 90A9305F8727DDB9D5EA8189B520E463 . 75264 . . [------] . . c:\windows\system32\drivers\ipsec.sys . [7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys [-] 2008-04-14 12:00 . 90A9305F8727DDB9D5EA8189B520E463 . 75264 . . [------] . . c:\windows\system32\drivers\ipsec.sys . ((((((((((((((((((((((((((((( SnapShot@2011-12-28_05.48.40 ))))))))))))))))))))))))))))))))))))))))) . + 2011-12-28 08:20 . 2011-12-28 08:20 16384 c:\windows\Temp\Perflib_Perfdata_3a0.dat + 2011-12-28 08:20 . 2011-12-28 08:20 16384 c:\windows\Temp\Perflib_Perfdata_22c.dat + 2009-08-01 07:34 . 2011-12-28 08:25 73368 c:\windows\system32\perfc009.dat - 2009-08-01 07:34 . 2011-12-28 05:28 73368 c:\windows\system32\perfc009.dat + 2009-08-01 07:34 . 2011-12-28 08:25 445946 c:\windows\system32\perfh009.dat - 2009-08-01 07:34 . 2011-12-28 05:28 445946 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK] @="{3c3f3c1a-9153-7c05-f938-622e7003894d}" [HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}] 2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2] @="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}" [HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}] 2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3] @="{b4caf489-1eec-c617-49ad-8d7088598c06}" [HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}] 2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-16 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752] "AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-17 53248] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824] "RTHDCPL"="RTHDCPL.EXE" [2009-08-24 18702336] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152] "CLMLServer"="c:\program files\Cyberlink\Power2Go\CLMLSvc.exe" [2009-06-04 103720] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816] "McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 419904] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-8-1 565248] HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-11 73728] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2011-12-28 02:46 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Documents and Settings\\Fresh Bread\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"= . R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [12/27/2011 11:33 PM 64048] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [12/27/2011 11:31 PM 89792] R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [12/27/2011 11:34 PM 54776] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/27/2011 11:41 PM 652872] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/27/2011 11:31 PM 214904] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/27/2011 11:31 PM 214904] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/27/2011 11:31 PM 214904] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [12/27/2011 11:32 PM 160608] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [12/27/2011 11:18 PM 150856] R2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [4/13/2010 8:11 PM 229688] R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [8/1/2009 4:35 AM 237568] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [12/27/2011 11:31 PM 57600] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [8/1/2009 2:35 AM 38912] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/27/2011 11:41 PM 20464] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [12/27/2011 11:31 PM 338176] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/27/2011 11:31 PM 83856] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/8/2010 11:11 PM 136176] S2 XMLProvS;Network ProService;c:\windows\System32\svchost.exe -k xmlpros [8/1/2009 2:34 AM 14336] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/1/2009 3:48 AM 1684736] S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/1/2009 3:50 AM 24064] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/8/2010 11:11 PM 136176] S3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe --> c:\progra~1\mcafee\msc\mcawfwk.exe [?] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/27/2011 11:31 PM 83856] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [12/27/2011 11:31 PM 87656] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [8/1/2009 3:43 AM 162816] S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 3:06 PM 11520] . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] xmlpros REG_MULTI_SZ XMLProvS . Contents of the 'Scheduled Tasks' folder . 2011-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57] . 2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 04:11] . 2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 04:11] . 2011-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3993469562-757298511-4166307882-1005Core.job - c:\documents and settings\Fresh Bread\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 07:27] . 2011-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3993469562-757298511-4166307882-1005UA.job - c:\documents and settings\Fresh Bread\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 07:27] . . ------- Supplementary Scan ------- . mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph06103045l0354wui5w4842655s uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html Trusted Zone: amtrak.com\tickets Trusted Zone: amtrak.com\www Trusted Zone: internet Trusted Zone: mcafee.com TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-28 03:32 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(976) c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll . Completion time: 2011-12-28 03:35:07 ComboFix-quarantined-files.txt 2011-12-28 08:35 ComboFix2.txt 2011-12-28 07:29 ComboFix3.txt 2011-12-28 05:54 . Pre-Run: 91,177,267,200 bytes free Post-Run: 91,169,386,496 bytes free . - - End Of File - - AC6C9B6B1127F5CCC1294C2D48B6CF4F . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Fresh Bread at 1:03:48 on 2011-12-28 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.456 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ctfmon.exe svchost.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe C:\WINDOWS\system32\mfevtps.exe C:\Program Files\McAfee Online Backup\MOBKbackup.exe C:\Program Files\Acer\Acer VCM\RS_Service.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\WINDOWS\System32\vssvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\PLFSetL.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxext.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\McAfee\MAT\McPvTray.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Acer\Acer VCM\AcerVCM.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wscntfy.exe . ============== Pseudo HJT Report =============== . mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph06103045l0354wui5w4842655s uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111227233155.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [LManager] c:\progra~1\launch~1\LManager.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [PLFSetL] c:\windows\PLFSetL.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [McPvTray_exe] "c:\program files\mcafee\mat\McPvTray.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: amtrak.com\tickets Trusted Zone: amtrak.com\www Trusted Zone: internet Trusted Zone: mcafee.com DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 TCP: Interfaces\{E2030F1D-FA9E-405E-97F2-0EA8456A89F0} : DhcpNameServer = 65.32.5.111 65.32.5.112 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL . ============= SERVICES / DRIVERS =============== . R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2011-12-27 64048] R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-15 464176] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-12-27 89792] R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2011-12-27 54776] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-27 652872] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-12-27 214904] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-12-27 214904] R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-12-27 214904] R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-12-27 214904] R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-12-27 166288] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-12-27 160608] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-12-27 150856] R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688] R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-8-1 237568] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-12-27 57600] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-8-1 38912] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-27 20464] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-12-27 180816] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-12-27 338176] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-12-27 83856] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-8 136176] S2 XMLProvS;Network ProService;c:\windows\system32\svchost.exe -k xmlpros [2009-8-1 14336] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-8-1 1684736] S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-8-1 24064] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-8 136176] S3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe --> c:\progra~1\mcafee\msc\mcawfwk.exe [?] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-12-27 59456] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-12-27 83856] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-12-27 87656] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-8-1 162816] S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] . =============== Created Last 30 ================ . 2011-12-28 05:09:04 -------- d-sha-r- C:\cmdcons 2011-12-28 05:05:53 98816 ----a-w- c:\windows\sed.exe 2011-12-28 05:05:53 518144 ----a-w- c:\windows\SWREG.exe 2011-12-28 05:05:53 256000 ----a-w- c:\windows\PEV.exe 2011-12-28 05:05:53 208896 ----a-w- c:\windows\MBR.exe 2011-12-28 04:41:17 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-28 04:41:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-28 04:34:24 -------- d-----w- c:\program files\McAfeeMOBK 2011-12-28 04:34:15 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys 2011-12-28 04:34:04 -------- d-----w- c:\program files\McAfee Online Backup 2011-12-28 04:33:44 64048 ----a-w- c:\windows\system32\drivers\McPvDrv.sys 2011-12-28 04:31:55 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-12-28 04:31:49 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-12-28 04:31:49 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-12-28 04:31:49 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2011-12-28 04:31:49 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-12-28 04:31:49 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-12-28 04:31:49 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-12-28 04:31:49 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-12-28 04:31:43 -------- d-----w- c:\program files\common files\Mcafee 2011-12-28 04:31:41 -------- d-----w- c:\program files\McAfee.com 2011-12-28 04:31:25 -------- d-----w- c:\program files\McAfee 2011-12-28 04:18:56 150856 ----a-w- c:\windows\system32\mfevtps.exe 2011-12-28 03:32:00 -------- d-----w- c:\documents and settings\all users\application data\Citrix 2011-12-28 02:46:43 -------- d-----w- c:\program files\Citrix 2011-12-28 02:46:39 -------- d-----w- c:\documents and settings\fresh bread\local settings\application data\Citrix 2011-12-28 02:13:36 -------- d-----w- c:\program files\Perfect Uninstaller 2011-12-18 06:56:53 -------- d-----w- c:\program files\VS Revo Group 2011-12-18 06:52:12 -------- d-----w- c:\documents and settings\all users\Uniblue 2011-12-18 03:48:48 -------- d-----w- c:\program files\ESET 2011-12-17 07:28:06 -------- d-----w- c:\documents and settings\fresh bread\application data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2011-12-17 06:45:54 -------- d-----w- c:\documents and settings\fresh bread\local settings\application data\McAfee Anti-Theft 2011-12-17 06:38:53 148520 ----a-r- c:\windows\system32\mfevtps.exe.e42d.deleteme 2011-12-15 04:58:52 -------- d-----w- c:\documents and settings\fresh bread\local settings\application data\PCHealth 2011-12-12 21:33:58 -------- d-----w- c:\documents and settings\fresh bread\application data\Malwarebytes 2011-12-12 21:33:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-12-07 03:59:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2011-12-07 03:59:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2011-12-07 03:59:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2011-12-07 03:59:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2011-12-07 03:59:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2011-12-07 03:59:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2011-12-07 03:59:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll . ==================== Find3M ==================== . 2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-10 10:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-10 08:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-04 22:06:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-15 17:16:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-10-15 17:16:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll . ============= FINISH: 1:05:00.26 ===============
  12. Thank you for helping me. I updated MBAM. And ran a Quick Scan. Here is the log: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 911122201 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 12/22/2011 1:14:22 AM mbam-log-2011-12-22 (01-14-22).txt Scan type: Quick scan Objects scanned: 201287 Time elapsed: 19 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Then I got a new copy of DDS and ran it. Here is its log: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Fresh Bread at 1:18:38 on 2011-12-22 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.449 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\mfevtps.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\PLFSetL.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\McAfee\MAT\McPvTray.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Acer\Acer VCM\AcerVCM.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\System32\ping.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph06103045l0354wui5w4842655s mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph06103045l0354wui5w4842655s mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph06103045l0354wui5w4842655s uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111217014104.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Power2GoExpress] uRun: [Google Update] "c:\documents and settings\fresh bread\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [McAfee McItInfo] c:\docume~1\freshb~1\locals~1\temp\mcitinfo_1324100587.exe /itinsfin:c:\docume~1\freshb~1\locals~1\temp\mcininfo_1324100588.ini mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [LManager] c:\progra~1\launch~1\LManager.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [PLFSetL] c:\windows\PLFSetL.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [McPvTray_exe] "c:\program files\mcafee\mat\McPvTray.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: mswsock.dll Trusted Zone: amtrak.com\tickets Trusted Zone: amtrak.com\www Trusted Zone: internet Trusted Zone: mcafee.com DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: igfxcui - igfxdev.dll Notify: TPSvc - TPSvc.dll Notify: xmlproservice - xmlrpw32.dll Notify: xmlrpw32 - xmlrpw32.dll AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL . ============= SERVICES / DRIVERS =============== . R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2011-12-17 64048] R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-12-17 459728] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-12-24 89368] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-17 366152] R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-12-17 165000] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-12-17 159832] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-12-17 148520] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-8-1 38912] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-17 22216] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-12-24 179248] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-12-24 59288] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-12-24 337912] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-12-24 83688] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-8 136176] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?] S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?] S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?] S2 McOobeSv;McAfee OOBE Service;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?] S2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?] S2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-8-1 237568] S2 XMLProvS;Network ProService;c:\windows\system32\svchost.exe -k xmlpros [2009-8-1 14336] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-8-1 1684736] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-12-24 57432] S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-8-1 24064] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-8 136176] S3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe --> c:\progra~1\mcafee\msc\mcawfwk.exe [?] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-12-24 83688] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-12-24 85984] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-8-1 162816] S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] . =============== Created Last 30 ================ . 2011-12-18 06:56:53 -------- d-----w- c:\program files\VS Revo Group 2011-12-18 06:52:12 -------- d-----w- c:\documents and settings\all users\Uniblue 2011-12-18 03:48:48 -------- d-----w- c:\program files\ESET 2011-12-17 09:29:06 -------- d-----w- c:\documents and settings\fresh bread\application data\McAfee 2011-12-17 09:00:00 -------- d-----w- c:\documents and settings\all users\application data\McAfee Anti-Theft 2011-12-17 07:38:46 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-17 07:38:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-17 07:28:06 -------- d-----w- c:\documents and settings\fresh bread\application data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2011-12-17 06:46:12 64048 ----a-w- c:\windows\system32\drivers\McPvDrv.sys 2011-12-17 06:45:54 -------- d-----w- c:\documents and settings\fresh bread\local settings\application data\McAfee Anti-Theft 2011-12-17 06:41:02 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-12-17 06:39:25 118784 ----a-r- c:\windows\system32\drivers\mfeapfk.sys 2011-12-17 06:39:20 459728 ----a-r- c:\windows\system32\drivers\mfehidk.sys 2011-12-17 06:38:53 148520 ----a-r- c:\windows\system32\mfevtps.exe 2011-12-15 04:58:52 -------- d-----w- c:\documents and settings\fresh bread\local settings\application data\PCHealth 2011-12-12 21:33:58 -------- d-----w- c:\documents and settings\fresh bread\application data\Malwarebytes 2011-12-12 21:33:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-12-07 03:59:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2011-12-07 03:59:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2011-12-07 03:59:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2011-12-07 03:59:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2011-12-07 03:59:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2011-12-07 03:59:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2011-12-07 03:59:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2011-11-23 07:52:14 -------- d-sh--w- c:\documents and settings\fresh bread\IECompatCache . ==================== Find3M ==================== . 2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-10 10:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-10 08:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-04 22:06:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll . ============= FINISH: 1:19:55.69 =============== Besides the obvious problems I had with renewing McAfee (of which I'm pretty sure I need to contact their customer support department and at some point figure out how to uninstall it to properly renew it), it seems everything is ok, right? The problem is that MBAM keeps blocking access to potentially malicious websites (outgoing). Here is a sample from just today when I allowed this computer to have internet access: 00:55:35 Fresh Bread IP-BLOCK 63.223.106.17 (Type: outgoing) 00:55:38 Fresh Bread IP-BLOCK 63.223.106.17 (Type: outgoing) 00:55:44 Fresh Bread IP-BLOCK 63.223.106.17 (Type: outgoing) 00:56:14 Fresh Bread IP-BLOCK 83.133.124.250 (Type: outgoing) 00:56:17 Fresh Bread IP-BLOCK 83.133.124.250 (Type: outgoing) 00:56:23 Fresh Bread IP-BLOCK 83.133.124.250 (Type: outgoing) 00:56:23 Fresh Bread IP-BLOCK 83.133.124.250 (Type: outgoing) 00:56:26 Fresh Bread IP-BLOCK 83.133.124.250 (Type: outgoing) 00:56:32 Fresh Bread IP-BLOCK 83.133.124.250 (Type: outgoing) 00:56:35 Fresh Bread IP-BLOCK 83.133.124.250 (Type: outgoing) 00:56:38 Fresh Bread IP-BLOCK 83.133.124.250 (Type: outgoing) (the rest of the log up to this point just continues blocking 83.133.124.250) A few days ago I did an ESET scan which found Win32 Rootkit.Kryptik.GG trojan (in WINDOWS\system32\drivers\ipsec.sys) and multiple threats in the operating memory. My theory is that I've been infected with a rootkit virus, like so many others. If you can help me defeat this nuisance that would be wonderful.
  13. From what I've seen on TV (especially the safety videos we had to watch at school), it was always "unmarked" vans that were suspicious (not necessarily vans that said "Free Candy") ^^; To this day whenever I see an unmarked van, it makes me shiver ._.
  14. I think back in the day most people knew their neighbors. People weren't moving around so much (you know ... moving across the country for a new job or divorce ... stuff like that). Kids would usually just go trick-or-treating around their neighbors only so they weren't really getting candy from any strangers. I don't know ... just my theory. Incidentally I heard that the whole razor blade in the apple thing was an urban legend. I'm not sure what is true anymore ... I guess it depends on who is writing the history books (or the wikipedia files).
  15. I know this poll isn't a proper random sampling BUT ... I use McAfee and I got a virus, so in my little world it is a reality. Thanks for doing this poll. Maybe I'll switch to Kaspersky (it looks like no one is getting infected with it at the moment).
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.