Jump to content


Photo
- - - - -

HJT and Malwarebytes automatically close


  • This topic is locked This topic is locked
36 replies to this topic

#21 electronicsns

electronicsns

    New Member

  • Members
  • Pip
  • 20 posts

Posted 23 February 2011 - 06:20 PM

Good deal. DDS was actually able to run this time. Here are the log files:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)


==== Disk Partitions =========================


==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Adobe Acrobat 8 Standard - English, Franšais, Deutsch
Adobe Acrobat 8.1.4 Standard
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.3
Adobe Shockwave Player 11
AnyBizSoft PDF Password Remover (Build 1.0.4)
AnyBizSoft PDF to Word (Build 2.5.3)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Communication Manager
Bonjour
Calculator Powertoy for Windows XP
Compatibility Pack for the 2007 Office system
ConceptDraw 7 Professional
Conexant HDA D330 MDC V.92 Modem
Configuration Manager Client
Cougar Tool's JEP V1.3 B001
Critical Update for Windows Media Player 11 (KB959772)
DameWare Mini Remote Control Client Agent Service
Dell Driver Download Manager
Dell Touchpad
Dell Wireless WLAN Card
DI158-U
Driver Installer
getPlus® for Adobe
Google Earth
Google Update Helper
Google Updater
Gtk+ Runtime Environment 2.6.10-rc1
HART 5.2.0
HART 5.3.1
HDView for Internet Explorer
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935843)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
i-Handbook
i-Kam Media Player
Image Resizer Powertoy for Windows XP
ImageMixer 3 SE Ver.5 Transfer Utility
ImageMixer 3 SE Ver.5 Video Tools
Infotriever
Infuzer
Intel® Graphics Media Accelerator Driver
InterVideo WinDVD
iPassConnect
IPAWebView
iTunes
J2SE Runtime Environment 5.0 Update 14
Jar-Pact v 13
Jar Daq 3.0.23
Java 2 Runtime Environment Standard Edition v1.3.0_02
Java 2 Runtime Environment, SE v1.4.2_06
Java™ 6 Update 11
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Juniper
Juniper Networks Network Connect 5.3.0
Juniper Networks Network Connect 6.0.0
Juniper Networks Network Connect 6.3.0
Juniper Networks Setup Client Activex Control
Live Meeting Reg Fix
Malwarebytes' Anti-Malware
MarkView Viewer Enterprise Edition Plugin
MasteryNet Course Player for Internet Explorer
McAfee Agent
McAfee AntiSpyware Enterprise Module
McAfee VirusScan Enterprise
MetaFrame Presentation Server Client
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 ??? Language Pack
Microsoft .NET Framework 2.0 Language Pack - DEU
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft .NET Framework 2.0 Language Pack - JPN
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Conferencing Add-in for Microsoft Office Outlook
Microsoft IntelliPoint 6.1
Microsoft IntelliType Pro 6.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Communicator 2005
Microsoft Office Live Meeting 2005
Microsoft Office Live Meeting 2007
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (NR2007)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser and SDK
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 -

FRA
Monster Central Control Software 7
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Music Transfer Utility Ver.2
National Instruments Software
Neat Business Cards Scanner Drivers
Neat Business Cards v2.1.0
Neat OCR15
NeatReceipts Database Controller
NI-653x Installer 1.8.0
NI-APAL Error Files 1.4.0f0
NI-DAQ C and VB6 API
NI-DAQ Document Set
NI-DAQ INF Files
NI-DAQmx - LabVIEW shared documentation
NI-DAQmx 8.7
NI-DAQmx Documentation
NI-DAQmx MAX Support 1.10.1
NI-DAQmx support for LabVIEW
NI-DAQmx Switch Core 1.14.0
NI-DIM 1.9.0f0
NI-MDBG 1.9.0f0
NI-MRU 2.10.0f0
NI-MXDF 1.10.0f0
NI-MXLC 1.2.0f0
NI-ORB 1.9.0f0
NI-PAL 2.3.0f0
NI-RPC 4.0.0f0
NI-RPC 4.0.0f0 for Phar Lap ETS
NI AFW Channel Configuration Tool
NI Assistant Framework
NI Calibration Provider for MAX
NI Certificates Deployment Support
NI Common Digital 1.7.2
NI DAQ Assistant 1.8.1
NI DN 2.0 installer
NI DN 2.0 Language Pack installer
NI Dynamic Signal Acquisition Installer 1.11.2
NI EULA Depot
NI Fusion Standard Library Installer 1.6.0
NI Help Assistant
NI LabVIEW Broker
NI LabVIEW C Interface
NI LabVIEW Real-Time Error Dialog
NI LabVIEW Real-Time FIFO for Runtime
NI LabVIEW Real-Time NBFifo
NI LabVIEW Run-Time Engine 7.1.1
NI LabVIEW Run-Time Engine 8.0.1
NI LabVIEW Run-Time Engine 8.2.1
NI LabVIEW Run-Time Engine 8.6.1
NI LabVIEW SignalExpress 3.0 Datatypes
NI LabVIEW SignalExpress 3.0 Tools
NI LabVIEW Web Server for Run-Time Engine
NI LabVIEW Web Services Runtime
NI LabWindows/CVI Code Generator
NI Legacy DAQmxRF
NI License Manager
NI Logos 5.0
NI Logos XT Support
NI LVBrokerAux 8.2.1
NI LVBrokerAux1071
NI LVBrokerAux71
NI Math Kernel Libraries
NI MDF Support
NI Measurement & Automation Explorer 4.5
NI Measurement Studio 8.1 Enterprise RunTime for VS2005
NI Measurement Studio Common .NET Language Assemblies for the .NET

Framework 2.0
NI Measurement Studio Recipe Processor
NI Measurements eXtensions for PAL 1.8.0
NI MIO Device Drivers 1.14.1
NI MXS
NI MXS 4.5.0f0 for LabVIEW Real-Time
NI OPC Support
NI Portable Configuration
NI PXI Platform Services for Windows 2.3.2
NI PXI Platform Services Provider for MAX 2.3.2
NI Registration Wizard
NI Remote Provider for MAX
NI Remote PXI Provider for MAX
NI SCXI 1.9.0
NI Service Locator
NI Software Provider for MAX
NI STC 1.2.0
NI TDMS
NI Timing Installer 1.11.1
NI Trace Engine
NI Uninstaller
NI Variable Engine
NI VC2005MSMs x86
Nokia Connectivity Adapter Cable DKU-5
OGA Notifier 2.0.0048.0
Oracle JInitiator 1.3.1.25
Oracle JInitiator 1.3.1.29
OZ776 SCR Driver V1.1.3.9
ProductView
PTC ProductView Express - Wildfire (M200)
QuickDraw2
QuickTime
Quote Proposal
RDC
Runner
Screen Saver 1.2
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SigmaTel Audio
Smith Screen Saver Screensaver
Smith Services Certification Program
Smith Services Job Reporting Database
SMSNomadP2P
Snapshot Viewer
Sonic DLA
Sonic RecordNow! Plus
Sonic Update Manager
Spelling Dictionaries Support For Adobe Reader 8
Stress BHA Version 2.5
Tech Smith Codec
TiEmu 3.02a
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB923845)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
WhipSim
WIMGAPI
Windaq
Windows Driver Package - Microsoft Corporation (usbvideo) Image

(05/25/2007 1.0.3656.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Enterprise Deployment
Windows Messenger 5.1
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Search 4.0
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinZip
XML Paper Specification Shared Components Pack 1.0

==== End Of File ===========================

#22 electronicsns

electronicsns

    New Member

  • Members
  • Pip
  • 20 posts

Posted 23 February 2011 - 06:21 PM

Here's the other one:


DDS (Ver_10-12-12.02) - NTFSx86
Run by NSeymour at 17:15:56.85 on Wed 02/23/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
AV: VirusScan Enterprise + AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://hub.slb.com/integration
uDefault_Page_URL = hxxp://hub.slb.com/integration
uInternet Connection Wizard,ShellNext = hxxp://saba.web.miswaco.com/Saba/Web/Smith
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] ; "c:\program files\messenger\Msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Communicator] "c:\program files\microsoft office communicator\Communicator.exe"
uRun: [i-Handbook] c:\program files\schlumberger\i-handbook\i-Handbook.exe /i
uRun: [Infuzer] ; c:\program files\trondent development corp\infuzer\Infuzer.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [VX6000] c:\windows\vVX6000.exe
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [<NO NAME>]
mRun: [AT&T Communication Manager] "c:\program files\at&t\communication manager\ATTCM.exe" -a
mRun: [MicVol] "c:\windows\system32\MicVol25.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [niDevMon] c:\program files\national instruments\ni-daq\hwconfig\nidevmon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [DameWare MRC Agent] c:\windows\system32\DWRCST.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware-new\Firefox.exe" /runcleanupscript
dRun: [Communicator] "c:\program files\microsoft office communicator\Communicator.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se ver.5\transfer utility\CameraMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monste~1.lnk - c:\program files\monster\monster central control software 7\MonsterRemote.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\progra~1.lnk - c:\program files\citrix\ica client\pnagent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-explorer: NoMSAppLogo5ChannelNotify = 1 (0x1)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: bmnet.dll
Trusted Zone: accenture.com
Trusted Zone: atbalance.com
Trusted Zone: atosorigin-asp.com
Trusted Zone: books24x7.com
Trusted Zone: dell.com
Trusted Zone: geoquest.com
Trusted Zone: intouchsupport.com
Trusted Zone: iperceptions.com
Trusted Zone: microsoft.com
Trusted Zone: miswaco.com\*.prod
Trusted Zone: miswaco.com\*.web
Trusted Zone: mydexa.com
Trusted Zone: skillport.com
Trusted Zone: skillsoft.com
Trusted Zone: slb.com
Trusted Zone: westerngeco.com
Trusted Zone: accenture.com
Trusted Zone: atbalance.com
Trusted Zone: atosorigin-asp.com
Trusted Zone: books24x7.com
Trusted Zone: dell.com
Trusted Zone: geoquest.com
Trusted Zone: intouchsupport.com
Trusted Zone: iperceptions.com
Trusted Zone: microsoft.com
Trusted Zone: miswaco.com\*.prod
Trusted Zone: miswaco.com\*.web
Trusted Zone: mydexa.com
Trusted Zone: skillport.com
Trusted Zone: skillsoft.com
Trusted Zone: slb.com
Trusted Zone: westerngeco.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} - hxxps://download.infotriever.com/bin/ifhelper.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269700035518
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269700027503
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {E19F9331-3110-11d4-991C-005004D3B3DB} - hxxp://java.sun.com/products/plugin/1.3.0_02/jinstall-130_02-win.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5} - rundll32.exe advpack.dll,LaunchINFSectionEx c:\windows\inf\wmactedp.inf,PerUserStub,,4

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2011-02-23 05:56:31 54016 ----a-w- c:\windows\system32\drivers\irjy.sys
2011-02-22 16:48:00 -------- d-----w- c:\windows\ms
2011-02-22 16:28:45 -------- d-----w- C:\32788R22FWJFW.4.tmp
2011-02-21 19:37:00 -------- d-----w- c:\windows\system32\DRM
2011-02-21 18:12:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware-New
2011-02-21 17:29:35 -------- d-----w- C:\32788R22FWJFW.3.tmp
2011-02-21 17:26:05 -------- d-----w- C:\32788R22FWJFW.2.tmp
2011-02-21 17:24:52 -------- d-----w- C:\32788R22FWJFW.1.tmp
2011-02-20 16:51:03 -------- d--h--w- c:\windows\PIF
2011-02-20 16:21:39 -------- d-----w- C:\32788R22FWJFW.0.tmp
2011-02-20 15:31:24 -------- d-----w- C:\RootRepeal
2011-02-20 08:44:26 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-02-20 08:44:26 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-20 08:36:56 -------- d-----w- C:\32788R22FWJFW(2)
2011-02-10 02:45:15 -------- d-----w- c:\program files\Bonjour
2011-02-04 22:05:27 -------- d-----w- c:\docume~1\nseymour\locals~1\applic~1\Mozilla
2011-02-04 22:03:44 -------- d-----w- c:\program files\Mozilla Firefox(2)
2011-02-04 21:24:22 -------- d-----w- c:\docume~1\nseymour\locals~1\applic~1\{11D6F7DC-0992-4B82-865C-DDB847714B51}
2011-02-04 19:32:51 0 ----a-w- c:\windows\Vsejakadik.bin
2011-02-04 19:32:49 -------- d-----w- c:\docume~1\nseymour\locals~1\applic~1\{DE976AB5-EA46-494C-95F6-F1271D202971}
2011-01-25 01:31:27 -------- d-----w- c:\docume~1\nseymour\locals~1\applic~1\Western Digital

==================== Find3M ====================

2010-12-28 22:27:19 5307423 ----a-w- c:\windows\FramePkg.exe

============= FINISH: 17:17:37.23 ===============

#23 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 24 February 2011 - 09:31 AM

Good! :)

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


In your next reply, please post these log(s):

  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log only

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#24 electronicsns

electronicsns

    New Member

  • Members
  • Pip
  • 20 posts

Posted 24 February 2011 - 11:48 AM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5868

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

2/24/2011 10:21:34 AM
mbam-log-2011-02-24 (10-21-34).txt

Scan type: Quick scan
Objects scanned: 221332
Time elapsed: 51 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\recycler\s-1-5-21-583907252-2139871995-839522115-15910290\dc11416.tmp.vir (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

#25 electronicsns

electronicsns

    New Member

  • Members
  • Pip
  • 20 posts

Posted 24 February 2011 - 11:50 AM

DDS (Ver_10-12-12.02) - NTFSx86
Run by NSeymour at 10:43:44.32 on Thu 02/24/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
AV: VirusScan Enterprise + AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://hub.slb.com/integration
uDefault_Page_URL = hxxp://hub.slb.com/integration
uInternet Connection Wizard,ShellNext = hxxp://saba.web.miswaco.com/Saba/Web/Smith
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] ; "c:\program files\messenger\Msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Communicator] "c:\program files\microsoft office communicator\Communicator.exe"
uRun: [i-Handbook] c:\program files\schlumberger\i-handbook\i-Handbook.exe /i
uRun: [Infuzer] ; c:\program files\trondent development corp\infuzer\Infuzer.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [VX6000] c:\windows\vVX6000.exe
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [<NO NAME>]
mRun: [AT&T Communication Manager] "c:\program files\at&t\communication manager\ATTCM.exe" -a
mRun: [MicVol] "c:\windows\system32\MicVol25.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [niDevMon] c:\program files\national instruments\ni-daq\hwconfig\nidevmon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [DameWare MRC Agent] c:\windows\system32\DWRCST.exe
dRun: [Communicator] "c:\program files\microsoft office communicator\Communicator.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se ver.5\transfer utility\CameraMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monste~1.lnk - c:\program files\monster\monster central control software 7\MonsterRemote.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\progra~1.lnk - c:\program files\citrix\ica client\pnagent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-explorer: NoMSAppLogo5ChannelNotify = 1 (0x1)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: bmnet.dll
Trusted Zone: accenture.com
Trusted Zone: atbalance.com
Trusted Zone: atosorigin-asp.com
Trusted Zone: books24x7.com
Trusted Zone: dell.com
Trusted Zone: geoquest.com
Trusted Zone: intouchsupport.com
Trusted Zone: iperceptions.com
Trusted Zone: microsoft.com
Trusted Zone: miswaco.com\*.prod
Trusted Zone: miswaco.com\*.web
Trusted Zone: mydexa.com
Trusted Zone: skillport.com
Trusted Zone: skillsoft.com
Trusted Zone: slb.com
Trusted Zone: westerngeco.com
Trusted Zone: accenture.com
Trusted Zone: atbalance.com
Trusted Zone: atosorigin-asp.com
Trusted Zone: books24x7.com
Trusted Zone: dell.com
Trusted Zone: geoquest.com
Trusted Zone: intouchsupport.com
Trusted Zone: iperceptions.com
Trusted Zone: microsoft.com
Trusted Zone: miswaco.com\*.prod
Trusted Zone: miswaco.com\*.web
Trusted Zone: mydexa.com
Trusted Zone: skillport.com
Trusted Zone: skillsoft.com
Trusted Zone: slb.com
Trusted Zone: westerngeco.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} - hxxps://download.infotriever.com/bin/ifhelper.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269700035518
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269700027503
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {E19F9331-3110-11d4-991C-005004D3B3DB} - hxxp://java.sun.com/products/plugin/1.3.0_02/jinstall-130_02-win.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5} - rundll32.exe advpack.dll,LaunchINFSectionEx c:\windows\inf\wmactedp.inf,PerUserStub,,4

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2011-02-22 16:48:00 -------- d-----w- c:\windows\ms
2011-02-22 16:28:45 -------- d-----w- C:\32788R22FWJFW.4.tmp
2011-02-21 19:37:00 -------- d-----w- c:\windows\system32\DRM
2011-02-21 18:12:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware-New
2011-02-21 17:29:35 -------- d-----w- C:\32788R22FWJFW.3.tmp
2011-02-21 17:26:05 -------- d-----w- C:\32788R22FWJFW.2.tmp
2011-02-21 17:24:52 -------- d-----w- C:\32788R22FWJFW.1.tmp
2011-02-20 16:51:03 -------- d--h--w- c:\windows\PIF
2011-02-20 16:21:39 -------- d-----w- C:\32788R22FWJFW.0.tmp
2011-02-20 15:31:24 -------- d-----w- C:\RootRepeal
2011-02-20 08:44:26 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-02-20 08:44:26 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-20 08:36:56 -------- d-----w- C:\32788R22FWJFW(2)
2011-02-10 02:45:15 -------- d-----w- c:\program files\Bonjour
2011-02-04 22:05:27 -------- d-----w- c:\docume~1\nseymour\locals~1\applic~1\Mozilla
2011-02-04 22:03:44 -------- d-----w- c:\program files\Mozilla Firefox(2)
2011-02-04 21:24:22 -------- d-----w- c:\docume~1\nseymour\locals~1\applic~1\{11D6F7DC-0992-4B82-865C-DDB847714B51}
2011-02-04 19:32:51 0 ----a-w- c:\windows\Vsejakadik.bin
2011-02-04 19:32:49 -------- d-----w- c:\docume~1\nseymour\locals~1\applic~1\{DE976AB5-EA46-494C-95F6-F1271D202971}

==================== Find3M ====================

2010-12-28 22:27:19 5307423 ----a-w- c:\windows\FramePkg.exe

============= FINISH: 10:46:23.74 ===============

#26 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 24 February 2011 - 11:57 AM

Thanks! :)

It seems you should change all of your passwords when we're done here.

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from
Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    ----------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\Combo-Fix.txt for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#27 electronicsns

electronicsns

    New Member

  • Members
  • Pip
  • 20 posts

Posted 24 February 2011 - 03:23 PM

Here is the Combofix Log:

ComboFix 11-02-24.01 - NSeymour 02/24/2011 12:42:28.1.2 - x86
Running from: c:\documents and settings\NSeymour\Desktop\Combo-Fix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\NSeymour\Local Settings\Application Data\{11D6F7DC-0992-4B82-865C-DDB847714B51}
c:\documents and settings\NSeymour\Local Settings\Application Data\{11D6F7DC-0992-4B82-865C-DDB847714B51}\chrome\content\_cfg.js
c:\documents and settings\NSeymour\Local Settings\Application Data\{11D6F7DC-0992-4B82-865C-DDB847714B51}\chrome\content\overlay.xul
c:\documents and settings\NSeymour\Local Settings\Application Data\{11D6F7DC-0992-4B82-865C-DDB847714B51}\install.rdf
c:\documents and settings\NSeymour\Local Settings\Application Data\{DE976AB5-EA46-494C-95F6-F1271D202971}
c:\documents and settings\NSeymour\Local Settings\Application Data\{DE976AB5-EA46-494C-95F6-F1271D202971}\chrome\content\_cfg.js
c:\documents and settings\NSeymour\Local Settings\Application Data\{DE976AB5-EA46-494C-95F6-F1271D202971}\chrome\content\overlay.xul
c:\documents and settings\NSeymour\Local Settings\Application Data\{DE976AB5-EA46-494C-95F6-F1271D202971}\install.rdf
c:\rootrepeal\RootRepeal.exe
c:\windows\addins\addins

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2011-01-24 to 2011-02-24 )))))))))))))))))))))))))))))))
.

2011-02-24 19:09 . 2011-02-24 19:09 -------- d-----w- c:\windows\ms
2011-02-22 16:28 . 2011-02-22 22:18 -------- d-----w- C:\32788R22FWJFW.4.tmp
2011-02-21 19:37 . 2011-02-21 19:37 -------- d-----w- c:\windows\system32\DRM
2011-02-21 18:12 . 2011-02-21 18:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware-New
2011-02-21 17:29 . 2011-02-22 22:18 -------- d-----w- C:\32788R22FWJFW.3.tmp
2011-02-21 17:26 . 2011-02-22 22:18 -------- d-----w- C:\32788R22FWJFW.2.tmp
2011-02-21 17:24 . 2011-02-22 22:18 -------- d-----w- C:\32788R22FWJFW.1.tmp
2011-02-20 16:51 . 2011-02-21 16:55 -------- d--h--w- c:\windows\PIF
2011-02-20 15:31 . 2011-02-24 18:49 -------- d-----w- C:\RootRepeal
2011-02-20 08:44 . 2011-02-20 08:44 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-20 08:36 . 2011-02-20 08:40 -------- d-----w- C:\32788R22FWJFW(2)
2011-02-20 07:52 . 2011-02-20 08:40 -------- d-----w- c:\windows\BDOSCAN8
2011-02-10 02:45 . 2011-02-10 02:45 -------- d-----w- c:\program files\Bonjour
2011-02-04 22:05 . 2011-02-04 22:05 -------- d-----w- c:\documents and settings\NSeymour\Local Settings\Application Data\Mozilla
2011-02-04 22:03 . 2011-02-10 02:44 -------- d-----w- c:\program files\Mozilla Firefox(2)
2011-02-04 19:32 . 2011-02-09 13:34 0 ----a-w- c:\windows\Vsejakadik.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-28 22:27 . 2010-12-28 22:27 5307423 ----a-w- c:\windows\FramePkg.exe
2010-12-21 00:09 . 2009-09-21 18:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2009-09-21 18:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2004-03-15 22:51 . 2004-03-15 22:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
2006-01-23 15:32 . 2006-01-23 15:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2007-02-08 15:48 . 2007-02-08 15:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2008-12-10 19:50 . 2008-12-10 19:50 118784 ----a-w- c:\program files\internet explorer\plugins\LV86ActiveXControl.dll
.

------- Sigcheck -------

[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\eventlog.dll

c:\windows\System32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-08 39408]
"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 4167376]
"i-Handbook"="c:\program files\Schlumberger\i-Handbook\i-Handbook.exe" [2006-05-24 9687040]
"Infuzer"="c:\program files\Trondent Development Corp\Infuzer\Infuzer.exe" [2008-04-03 628008]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2005-05-09 1658080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-16 138008]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"VX6000"="c:\windows\vVX6000.exe" [2007-04-10 996712]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1392640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2008-12-01 33280]
"MicVol"="c:\windows\System32\MicVol25.exe" [2009-07-21 9216]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-10-16 124224]
"niDevMon"="c:\program files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2008-06-18 106576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2010-10-15 140608]
"DameWare MRC Agent"="c:\windows\system32\DWRCST.exe" [2008-03-24 78848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 4167376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ImageMixer 3 SE Camera Monitor Ver.5.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe [2009-8-28 253952]
Monster Central Control Software 7.lnk - c:\program files\Monster\Monster Central Control Software 7\MonsterRemote.exe [2010-11-9 86112]
Program Neighborhood Agent.lnk - c:\program files\Citrix\ICA Client\pnagent.exe [2005-4-4 233744]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\Msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Monster\\Monster Central Control Software 7\\MonsterRemote.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 135664]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2009-09-01 21256]
R2 NeatReceipts Database Controller;NeatReceipts Database Controller;c:\program files\Neat Business Cards\exec\NeatReceiptsDBController.exe [2007-06-13 231008]
R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [2008-11-21 113152]
R3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [2007-12-20 20056]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-09-01 65448]
R3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-06-13 29178224]
R3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2007-10-08 25888]
R3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2007-10-08 11552]
R3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2007-10-08 22360]
R3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2007-12-26 11352]
R3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2008-02-22 11336]
R3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2007-12-19 11336]
R3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2008-02-29 11344]
R3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2008-02-22 11336]
R3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2008-02-22 11336]
R3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2007-12-26 11352]
R3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2008-01-11 11392]
R3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [2007-06-25 14464]
R3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [2007-06-25 151683]
R3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2007-12-18 11368]
R3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2007-12-27 11360]
R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2008-06-13 11904]
R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2008-06-13 11896]
R3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2007-11-26 20768]
R3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2008-01-08 11376]
R3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2008-01-08 11352]
R3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2007-12-20 11344]
R3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2008-01-08 11376]
R3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2008-02-22 11336]
R3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2008-01-08 11312]
R3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2008-02-15 11360]
R3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2008-01-02 11336]
R3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2008-02-20 11360]
R3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2008-02-22 11368]
R3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2008-02-22 11336]
R3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2008-02-22 11336]
R3 usb6xxxk;usb6xxxk;c:\windows\system32\drivers\usb6xxxkl.sys [x]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys [2007-04-10 2385896]
S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [2007-07-11 15448]
S1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\DRIVERS\dwvkbd.sys [2007-02-15 26624]
S2 iPCAgent;iPCAgent;c:\program files\iPass\iPassConnect\iPCAgent.exe [2005-08-25 90112]
S2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;c:\windows\system32\DRIVERS\mdc80211.sys [2008-01-04 15793]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-09-01 70728]
S2 NeoterisSetupService;NeoterisSetupService;c:\program files\Neoteris\Installer Service\NeoterisSetupService.exe [2005-06-25 36864]
S2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [2007-02-16 12696]
S2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2007-09-18 11552]
S2 SMSNomadP2P;SMSNomadP2P;c:\program files\1E\SMSNomad\SMSNomadP2P.exe [2005-11-27 335872]
S3 DwMirror;DwMirror;c:\windows\system32\DRIVERS\DamewareMini.sys [2007-02-07 3712]
S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2008-06-13 11360]
S3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2008-06-13 11360]
S3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2007-12-19 11360]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - NIPALK

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2011-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2011-02-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-08 02:20]

2011-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 04:11]

2011-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 04:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://hub.slb.com/integration
uInternet Connection Wizard,ShellNext = hxxp://saba.web.miswaco.com/Saba/Web/Smith
uInternet Settings,ProxyOverride = <local>;*.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
LSP: bmnet.dll
Trusted Zone: accenture.com
Trusted Zone: atbalance.com
Trusted Zone: atosorigin-asp.com
Trusted Zone: books24x7.com
Trusted Zone: dell.com
Trusted Zone: geoquest.com
Trusted Zone: intouchsupport.com
Trusted Zone: iperceptions.com
Trusted Zone: microsoft.com
Trusted Zone: miswaco.com\*.prod
Trusted Zone: miswaco.com\*.web
Trusted Zone: mydexa.com
Trusted Zone: skillport.com
Trusted Zone: skillsoft.com
Trusted Zone: slb.com
Trusted Zone: westerngeco.com
Trusted Zone: accenture.com
Trusted Zone: atbalance.com
Trusted Zone: atosorigin-asp.com
Trusted Zone: books24x7.com
Trusted Zone: dell.com
Trusted Zone: geoquest.com
Trusted Zone: intouchsupport.com
Trusted Zone: iperceptions.com
Trusted Zone: microsoft.com
Trusted Zone: miswaco.com\*.prod
Trusted Zone: miswaco.com\*.web
Trusted Zone: mydexa.com
Trusted Zone: skillport.com
Trusted Zone: skillsoft.com
Trusted Zone: slb.com
Trusted Zone: westerngeco.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} - hxxps://download.infotriever.com/bin/ifhelper.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Smith Screen Saver Screensaver - c:\program files\National



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-24 14:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\bmnet.dll

- - - - - - - > 'lsass.exe'(692)
c:\windows\system32\bmnet.dll

- - - - - - - > 'explorer.exe'(3036)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll
c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll
c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\crypserv.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\windows\SYSTEM32\DWRCS.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\National Instruments\MAX\nimxs.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\program files\National Instruments\Shared\Tagger\tagsrv.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Citrix\ICA Client\ssonsvr.exe
c:\program files\iPass\iPassConnect\downloader\ipccheck.exe
c:\windows\stsystra.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-02-24 14:13:22 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-24 20:13

Pre-Run: 62,793,056,256 bytes free
Post-Run: 63,592,484,864 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 832C8C2595326F672686F489080CA6D4

#28 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 24 February 2011 - 03:33 PM

Open Notepad and copy and paste the text in the code box below into it:

File::
c:\windows\Vsejakadik.bin

Fcopy::
c:\windows\system32\dllcache\eventlog.dll | c:\windows\System32\eventlog.dll

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

Posted Image

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#29 electronicsns

electronicsns

    New Member

  • Members
  • Pip
  • 20 posts

Posted 24 February 2011 - 06:07 PM

Here's the logfile:

ComboFix 11-02-24.01 - NSeymour 02/24/2011 16:51:34.2.2 - x86
Running from: c:\documents and settings\NSeymour\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\NSeymour\Desktop\CFScript.txt
AV: VirusScan Enterprise + AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Created a new restore point

FILE ::
"c:\windows\Vsejakadik.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Vsejakadik.bin

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\eventlog.dll --> c:\windows\System32\eventlog.dll
.
((((((((((((((((((((((((( Files Created from 2011-01-24 to 2011-02-24 )))))))))))))))))))))))))))))))
.

2011-02-24 22:51 . 2004-08-04 12:00 55808 -c--a-w- c:\windows\system32\dllcache\eventlog.dll
2011-02-24 22:51 . 2004-08-04 12:00 55808 ----a-w- c:\windows\system32\eventlog.dll
2011-02-24 19:09 . 2011-02-24 19:09 -------- d-----w- c:\windows\ms
2011-02-22 16:28 . 2011-02-22 22:18 -------- d-----w- C:\32788R22FWJFW.4.tmp
2011-02-21 19:37 . 2011-02-21 19:37 -------- d-----w- c:\windows\system32\DRM
2011-02-21 18:12 . 2011-02-21 18:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware-New
2011-02-21 17:29 . 2011-02-22 22:18 -------- d-----w- C:\32788R22FWJFW.3.tmp
2011-02-21 17:26 . 2011-02-22 22:18 -------- d-----w- C:\32788R22FWJFW.2.tmp
2011-02-21 17:24 . 2011-02-22 22:18 -------- d-----w- C:\32788R22FWJFW.1.tmp
2011-02-20 16:51 . 2011-02-21 16:55 -------- d--h--w- c:\windows\PIF
2011-02-20 15:31 . 2011-02-24 18:49 -------- d-----w- C:\RootRepeal
2011-02-20 08:44 . 2011-02-20 08:44 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-20 08:36 . 2011-02-20 08:40 -------- d-----w- C:\32788R22FWJFW(2)
2011-02-20 07:52 . 2011-02-20 08:40 -------- d-----w- c:\windows\BDOSCAN8
2011-02-10 02:45 . 2011-02-10 02:45 -------- d-----w- c:\program files\Bonjour
2011-02-04 22:05 . 2011-02-04 22:05 -------- d-----w- c:\documents and settings\NSeymour\Local Settings\Application Data\Mozilla
2011-02-04 22:03 . 2011-02-10 02:44 -------- d-----w- c:\program files\Mozilla Firefox(2)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-28 22:27 . 2010-12-28 22:27 5307423 ----a-w- c:\windows\FramePkg.exe
2010-12-21 00:09 . 2009-09-21 18:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2009-09-21 18:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2004-03-15 22:51 . 2004-03-15 22:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
2006-01-23 15:32 . 2006-01-23 15:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2007-02-08 15:48 . 2007-02-08 15:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2008-12-10 19:50 . 2008-12-10 19:50 118784 ----a-w- c:\program files\internet explorer\plugins\LV86ActiveXControl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-08 39408]
"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 4167376]
"i-Handbook"="c:\program files\Schlumberger\i-Handbook\i-Handbook.exe" [2006-05-24 9687040]
"Infuzer"="c:\program files\Trondent Development Corp\Infuzer\Infuzer.exe" [2008-04-03 628008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-16 138008]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"VX6000"="c:\windows\vVX6000.exe" [2007-04-10 996712]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1392640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2008-12-01 33280]
"MicVol"="c:\windows\System32\MicVol25.exe" [2009-07-21 9216]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-10-16 124224]
"niDevMon"="c:\program files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2008-06-18 106576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2010-10-15 140608]
"DameWare MRC Agent"="c:\windows\system32\DWRCST.exe" [2008-03-24 78848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 4167376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ImageMixer 3 SE Camera Monitor Ver.5.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe [2009-8-28 253952]
Monster Central Control Software 7.lnk - c:\program files\Monster\Monster Central Control Software 7\MonsterRemote.exe [2010-11-9 86112]
Program Neighborhood Agent.lnk - c:\program files\Citrix\ICA Client\pnagent.exe [2005-4-4 233744]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\Msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Monster\\Monster Central Control Software 7\\MonsterRemote.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 135664]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2009-09-01 21256]
R2 NeatReceipts Database Controller;NeatReceipts Database Controller;c:\program files\Neat Business Cards\exec\NeatReceiptsDBController.exe [2007-06-13 231008]
R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [2008-11-21 113152]
R3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [2007-12-20 20056]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-09-01 65448]
R3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-06-13 29178224]
R3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2007-10-08 25888]
R3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2007-10-08 11552]
R3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2007-10-08 22360]
R3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2007-12-26 11352]
R3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2008-02-22 11336]
R3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2007-12-19 11336]
R3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2008-02-29 11344]
R3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2008-02-22 11336]
R3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2008-02-22 11336]
R3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2007-12-26 11352]
R3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2008-01-11 11392]
R3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [2007-06-25 14464]
R3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [2007-06-25 151683]
R3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2007-12-18 11368]
R3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2007-12-27 11360]
R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2008-06-13 11904]
R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2008-06-13 11896]
R3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2007-11-26 20768]
R3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2008-01-08 11376]
R3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2008-01-08 11352]
R3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2007-12-20 11344]
R3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2008-01-08 11376]
R3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2008-02-22 11336]
R3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2008-01-08 11312]
R3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2008-02-15 11360]
R3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2008-01-02 11336]
R3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2008-02-20 11360]
R3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2008-02-22 11368]
R3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2008-02-22 11336]
R3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2008-02-22 11336]
R3 usb6xxxk;usb6xxxk;c:\windows\system32\drivers\usb6xxxkl.sys [x]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys [2007-04-10 2385896]
S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [2007-07-11 15448]
S1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\DRIVERS\dwvkbd.sys [2007-02-15 26624]
S2 iPCAgent;iPCAgent;c:\program files\iPass\iPassConnect\iPCAgent.exe [2005-08-25 90112]
S2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;c:\windows\system32\DRIVERS\mdc80211.sys [2008-01-04 15793]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-09-01 70728]
S2 NeoterisSetupService;NeoterisSetupService;c:\program files\Neoteris\Installer Service\NeoterisSetupService.exe [2005-06-25 36864]
S2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [2007-02-16 12696]
S2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2007-09-18 11552]
S2 SMSNomadP2P;SMSNomadP2P;c:\program files\1E\SMSNomad\SMSNomadP2P.exe [2005-11-27 335872]
S3 DwMirror;DwMirror;c:\windows\system32\DRIVERS\DamewareMini.sys [2007-02-07 3712]
S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2008-06-13 11360]
S3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2008-06-13 11360]
S3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2007-12-19 11360]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - NIPALK

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2011-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2011-02-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-08 02:20]

2011-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 04:11]

2011-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 04:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://hub.slb.com/integration
uInternet Connection Wizard,ShellNext = hxxp://saba.web.miswaco.com/Saba/Web/Smith
uInternet Settings,ProxyOverride = <local>;*.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
LSP: bmnet.dll
Trusted Zone: accenture.com
Trusted Zone: atbalance.com
Trusted Zone: atosorigin-asp.com
Trusted Zone: books24x7.com
Trusted Zone: dell.com
Trusted Zone: geoquest.com
Trusted Zone: intouchsupport.com
Trusted Zone: iperceptions.com
Trusted Zone: microsoft.com
Trusted Zone: miswaco.com\*.prod
Trusted Zone: miswaco.com\*.web
Trusted Zone: mydexa.com
Trusted Zone: skillport.com
Trusted Zone: skillsoft.com
Trusted Zone: slb.com
Trusted Zone: westerngeco.com
Trusted Zone: accenture.com
Trusted Zone: atbalance.com
Trusted Zone: atosorigin-asp.com
Trusted Zone: books24x7.com
Trusted Zone: dell.com
Trusted Zone: geoquest.com
Trusted Zone: intouchsupport.com
Trusted Zone: iperceptions.com
Trusted Zone: microsoft.com
Trusted Zone: miswaco.com\*.prod
Trusted Zone: miswaco.com\*.web
Trusted Zone: mydexa.com
Trusted Zone: skillport.com
Trusted Zone: skillsoft.com
Trusted Zone: slb.com
Trusted Zone: westerngeco.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} - hxxps://download.infotriever.com/bin/ifhelper.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-24 17:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\bmnet.dll

- - - - - - - > 'lsass.exe'(692)
c:\windows\system32\bmnet.dll
.
Completion time: 2011-02-24 17:04:50
ComboFix-quarantined-files.txt 2011-02-24 23:04
ComboFix2.txt 2011-02-24 20:13

Pre-Run: 63,519,952,896 bytes free
Post-Run: 63,494,430,720 bytes free

- - End Of File - - C934239BE221BBE94F6BCA6CBAF23E77

#30 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 25 February 2011 - 01:00 PM

How are things now?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#31 electronicsns

electronicsns

    New Member

  • Members
  • Pip
  • 20 posts

Posted 25 February 2011 - 02:54 PM

Everything seems to be running good. Do the log files look clear now, or do I need to perform any additional steps? Thank you so much for the assistance with my issues! I thought I was in big trouble when I couldn't get any of the scanners to work.

#32 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 25 February 2011 - 03:09 PM

One last scan for me please:

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Posted Image
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Now click on Advanced Settings and select the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unwanted applications
      Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    When completed theOnline Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at [b]C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#33 electronicsns

electronicsns

    New Member

  • Members
  • Pip
  • 20 posts

Posted 26 February 2011 - 10:44 AM

Here's the ESET log file. It looks like it removed one more potential issue. Are there any more recommended scans? THANKS!


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=46908e3dfdc4b340b139b874b9bb5f00
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-02-26 08:52:31
# local_time=2011-02-26 02:52:31 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=110696
# found=1
# cleaned=1
# scan_time=18257
C:\Documents and Settings\NSeymour\Application Data\Sun\Java\Deployment\cache\6.0\56\723d3038-797377a2.vir multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

#34 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 26 February 2011 - 05:23 PM

723d3038-797377a2.vir - the ".vir" extension is typically appended to the filename (i.e. program.exe ? program.exe.vir) to indicate the file is a virus and to prevent it from being executed. It's due to the vulnerable version of Java.
http://www.net-secur...ld.php?id=10617

Don't forget to change all of your passwords.

Last steps for you :lol:



Step 1

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.


Step 2

Please manually delete Inherit.


Step 3

Please uninstall ESET Online Scanner.


Step 4

Keep your software up-to-date:
http://www.bleepingc...utorial174.html

Some malware preventions:
http://forums.malwar...?showtopic=9365


Safe surfing! :P
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#35 electronicsns

electronicsns

    New Member

  • Members
  • Pip
  • 20 posts

Posted 26 February 2011 - 09:49 PM

THANKS! :)

#36 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 27 February 2011 - 03:48 AM

You're welcome! :(
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#37 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 25 March 2011 - 01:24 AM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users