Jump to content

electronicsns

Members
  • Posts

    20
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Here's the ESET log file. It looks like it removed one more potential issue. Are there any more recommended scans? THANKS! ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6425 # api_version=3.0.2 # EOSSerial=46908e3dfdc4b340b139b874b9bb5f00 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-02-26 08:52:31 # local_time=2011-02-26 02:52:31 (-0600, Central Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=110696 # found=1 # cleaned=1 # scan_time=18257 C:\Documents and Settings\NSeymour\Application Data\Sun\Java\Deployment\cache\6.0\56\723d3038-797377a2.vir multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
  2. Everything seems to be running good. Do the log files look clear now, or do I need to perform any additional steps? Thank you so much for the assistance with my issues! I thought I was in big trouble when I couldn't get any of the scanners to work.
  3. Here's the logfile: ComboFix 11-02-24.01 - NSeymour 02/24/2011 16:51:34.2.2 - x86 Running from: c:\documents and settings\NSeymour\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\NSeymour\Desktop\CFScript.txt AV: VirusScan Enterprise + AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} * Created a new restore point FILE :: "c:\windows\Vsejakadik.bin" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Vsejakadik.bin . --------------- FCopy --------------- c:\windows\system32\dllcache\eventlog.dll --> c:\windows\System32\eventlog.dll . ((((((((((((((((((((((((( Files Created from 2011-01-24 to 2011-02-24 ))))))))))))))))))))))))))))))) . 2011-02-24 22:51 . 2004-08-04 12:00 55808 -c--a-w- c:\windows\system32\dllcache\eventlog.dll 2011-02-24 22:51 . 2004-08-04 12:00 55808 ----a-w- c:\windows\system32\eventlog.dll 2011-02-24 19:09 . 2011-02-24 19:09 -------- d-----w- c:\windows\ms 2011-02-22 16:28 . 2011-02-22 22:18 -------- d-----w- C:\32788R22FWJFW.4.tmp 2011-02-21 19:37 . 2011-02-21 19:37 -------- d-----w- c:\windows\system32\DRM 2011-02-21 18:12 . 2011-02-21 18:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware-New 2011-02-21 17:29 . 2011-02-22 22:18 -------- d-----w- C:\32788R22FWJFW.3.tmp 2011-02-21 17:26 . 2011-02-22 22:18 -------- d-----w- C:\32788R22FWJFW.2.tmp 2011-02-21 17:24 . 2011-02-22 22:18 -------- d-----w- C:\32788R22FWJFW.1.tmp 2011-02-20 16:51 . 2011-02-21 16:55 -------- d--h--w- c:\windows\PIF 2011-02-20 15:31 . 2011-02-24 18:49 -------- d-----w- C:\RootRepeal 2011-02-20 08:44 . 2011-02-20 08:44 -------- d-----w- c:\windows\system32\wbem\Repository 2011-02-20 08:36 . 2011-02-20 08:40 -------- d-----w- C:\32788R22FWJFW(2) 2011-02-20 07:52 . 2011-02-20 08:40 -------- d-----w- c:\windows\BDOSCAN8 2011-02-10 02:45 . 2011-02-10 02:45 -------- d-----w- c:\program files\Bonjour 2011-02-04 22:05 . 2011-02-04 22:05 -------- d-----w- c:\documents and settings\NSeymour\Local Settings\Application Data\Mozilla 2011-02-04 22:03 . 2011-02-10 02:44 -------- d-----w- c:\program files\Mozilla Firefox(2) . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-28 22:27 . 2010-12-28 22:27 5307423 ----a-w- c:\windows\FramePkg.exe 2010-12-21 00:09 . 2009-09-21 18:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-21 00:08 . 2009-09-21 18:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2004-03-15 22:51 . 2004-03-15 22:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll 2006-01-23 15:32 . 2006-01-23 15:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll 2007-02-08 15:48 . 2007-02-08 15:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll 2008-12-10 19:50 . 2008-12-10 19:50 118784 ----a-w- c:\program files\internet explorer\plugins\LV86ActiveXControl.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-08 39408] "Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 4167376] "i-Handbook"="c:\program files\Schlumberger\i-Handbook\i-Handbook.exe" [2006-05-24 9687040] "Infuzer"="c:\program files\Trondent Development Corp\Infuzer\Infuzer.exe" [2008-04-03 628008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] "SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104] "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-16 138008] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992] "VX6000"="c:\windows\vVX6000.exe" [2007-04-10 996712] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1392640] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2008-12-01 33280] "MicVol"="c:\windows\System32\MicVol25.exe" [2009-07-21 9216] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-10-16 124224] "niDevMon"="c:\program files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2008-06-18 106576] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2010-10-15 140608] "DameWare MRC Agent"="c:\windows\system32\DWRCST.exe" [2008-03-24 78848] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 4167376] c:\documents and settings\All Users\Start Menu\Programs\Startup\ ImageMixer 3 SE Camera Monitor Ver.5.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe [2009-8-28 253952] Monster Central Control Software 7.lnk - c:\program files\Monster\Monster Central Control Software 7\MonsterRemote.exe [2010-11-9 86112] Program Neighborhood Agent.lnk - c:\program files\Citrix\ICA Client\pnagent.exe [2005-4-4 233744] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoMSAppLogo5ChannelNotify"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\Msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Monster\\Monster Central Control Software 7\\MonsterRemote.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 135664] R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2009-09-01 21256] R2 NeatReceipts Database Controller;NeatReceipts Database Controller;c:\program files\Neat Business Cards\exec\NeatReceiptsDBController.exe [2007-06-13 231008] R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [2008-11-21 113152] R3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [2007-12-20 20056] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-09-01 65448] R3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-06-13 29178224] R3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2007-10-08 25888] R3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2007-10-08 11552] R3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2007-10-08 22360] R3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2007-12-26 11352] R3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2008-02-22 11336] R3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2007-12-19 11336] R3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2008-02-29 11344] R3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2008-02-22 11336] R3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2008-02-22 11336] R3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2007-12-26 11352] R3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2008-01-11 11392] R3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [2007-06-25 14464] R3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [2007-06-25 151683] R3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2007-12-18 11368] R3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2007-12-27 11360] R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2008-06-13 11904] R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2008-06-13 11896] R3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2007-11-26 20768] R3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2008-01-08 11376] R3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2008-01-08 11352] R3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2007-12-20 11344] R3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2008-01-08 11376] R3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2008-02-22 11336] R3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2008-01-08 11312] R3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2008-02-15 11360] R3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2008-01-02 11336] R3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2008-02-20 11360] R3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2008-02-22 11368] R3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2008-02-22 11336] R3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2008-02-22 11336] R3 usb6xxxk;usb6xxxk;c:\windows\system32\drivers\usb6xxxkl.sys [x] R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys [2007-04-10 2385896] S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [2007-07-11 15448] S1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\DRIVERS\dwvkbd.sys [2007-02-15 26624] S2 iPCAgent;iPCAgent;c:\program files\iPass\iPassConnect\iPCAgent.exe [2005-08-25 90112] S2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;c:\windows\system32\DRIVERS\mdc80211.sys [2008-01-04 15793] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-09-01 70728] S2 NeoterisSetupService;NeoterisSetupService;c:\program files\Neoteris\Installer Service\NeoterisSetupService.exe [2005-06-25 36864] S2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [2007-02-16 12696] S2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2007-09-18 11552] S2 SMSNomadP2P;SMSNomadP2P;c:\program files\1E\SMSNomad\SMSNomadP2P.exe [2005-11-27 335872] S3 DwMirror;DwMirror;c:\windows\system32\DRIVERS\DamewareMini.sys [2007-02-07 3712] S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2008-06-13 11360] S3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2008-06-13 11360] S3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2007-12-19 11360] --- Other Services/Drivers In Memory --- *NewlyCreated* - NIPALK [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}] 2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder 2011-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50] 2011-02-24 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-08 02:20] 2011-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 04:11] 2011-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 04:11] . . ------- Supplementary Scan ------- . uStart Page = hxxp://hub.slb.com/integration uInternet Connection Wizard,ShellNext = hxxp://saba.web.miswaco.com/Saba/Web/Smith uInternet Settings,ProxyOverride = <local>;*.local IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} LSP: bmnet.dll Trusted Zone: accenture.com Trusted Zone: atbalance.com Trusted Zone: atosorigin-asp.com Trusted Zone: books24x7.com Trusted Zone: dell.com Trusted Zone: geoquest.com Trusted Zone: intouchsupport.com Trusted Zone: iperceptions.com Trusted Zone: microsoft.com Trusted Zone: miswaco.com\*.prod Trusted Zone: miswaco.com\*.web Trusted Zone: mydexa.com Trusted Zone: skillport.com Trusted Zone: skillsoft.com Trusted Zone: slb.com Trusted Zone: westerngeco.com Trusted Zone: accenture.com Trusted Zone: atbalance.com Trusted Zone: atosorigin-asp.com Trusted Zone: books24x7.com Trusted Zone: dell.com Trusted Zone: geoquest.com Trusted Zone: intouchsupport.com Trusted Zone: iperceptions.com Trusted Zone: microsoft.com Trusted Zone: miswaco.com\*.prod Trusted Zone: miswaco.com\*.web Trusted Zone: mydexa.com Trusted Zone: skillport.com Trusted Zone: skillsoft.com Trusted Zone: slb.com Trusted Zone: westerngeco.com DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} - hxxps://download.infotriever.com/bin/ifhelper.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-24 17:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(636) c:\windows\system32\bmnet.dll - - - - - - - > 'lsass.exe'(692) c:\windows\system32\bmnet.dll . Completion time: 2011-02-24 17:04:50 ComboFix-quarantined-files.txt 2011-02-24 23:04 ComboFix2.txt 2011-02-24 20:13 Pre-Run: 63,519,952,896 bytes free Post-Run: 63,494,430,720 bytes free - - End Of File - - C934239BE221BBE94F6BCA6CBAF23E77
  4. Here is the Combofix Log: ComboFix 11-02-24.01 - NSeymour 02/24/2011 12:42:28.1.2 - x86 Running from: c:\documents and settings\NSeymour\Desktop\Combo-Fix.exe AV: VirusScan Enterprise + AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\NSeymour\Local Settings\Application Data\{11D6F7DC-0992-4B82-865C-DDB847714B51} c:\documents and settings\NSeymour\Local Settings\Application Data\{11D6F7DC-0992-4B82-865C-DDB847714B51}\chrome\content\_cfg.js c:\documents and settings\NSeymour\Local Settings\Application Data\{11D6F7DC-0992-4B82-865C-DDB847714B51}\chrome\content\overlay.xul c:\documents and settings\NSeymour\Local Settings\Application Data\{11D6F7DC-0992-4B82-865C-DDB847714B51}\install.rdf c:\documents and settings\NSeymour\Local Settings\Application Data\{DE976AB5-EA46-494C-95F6-F1271D202971} c:\documents and settings\NSeymour\Local Settings\Application Data\{DE976AB5-EA46-494C-95F6-F1271D202971}\chrome\content\_cfg.js c:\documents and settings\NSeymour\Local Settings\Application Data\{DE976AB5-EA46-494C-95F6-F1271D202971}\chrome\content\overlay.xul c:\documents and settings\NSeymour\Local Settings\Application Data\{DE976AB5-EA46-494C-95F6-F1271D202971}\install.rdf c:\rootrepeal\RootRepeal.exe c:\windows\addins\addins . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} ((((((((((((((((((((((((( Files Created from 2011-01-24 to 2011-02-24 ))))))))))))))))))))))))))))))) . 2011-02-24 19:09 . 2011-02-24 19:09 -------- d-----w- c:\windows\ms 2011-02-22 16:28 . 2011-02-22 22:18 -------- d-----w- C:\32788R22FWJFW.4.tmp 2011-02-21 19:37 . 2011-02-21 19:37 -------- d-----w- c:\windows\system32\DRM 2011-02-21 18:12 . 2011-02-21 18:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware-New 2011-02-21 17:29 . 2011-02-22 22:18 -------- d-----w- C:\32788R22FWJFW.3.tmp 2011-02-21 17:26 . 2011-02-22 22:18 -------- d-----w- C:\32788R22FWJFW.2.tmp 2011-02-21 17:24 . 2011-02-22 22:18 -------- d-----w- C:\32788R22FWJFW.1.tmp 2011-02-20 16:51 . 2011-02-21 16:55 -------- d--h--w- c:\windows\PIF 2011-02-20 15:31 . 2011-02-24 18:49 -------- d-----w- C:\RootRepeal 2011-02-20 08:44 . 2011-02-20 08:44 -------- d-----w- c:\windows\system32\wbem\Repository 2011-02-20 08:36 . 2011-02-20 08:40 -------- d-----w- C:\32788R22FWJFW(2) 2011-02-20 07:52 . 2011-02-20 08:40 -------- d-----w- c:\windows\BDOSCAN8 2011-02-10 02:45 . 2011-02-10 02:45 -------- d-----w- c:\program files\Bonjour 2011-02-04 22:05 . 2011-02-04 22:05 -------- d-----w- c:\documents and settings\NSeymour\Local Settings\Application Data\Mozilla 2011-02-04 22:03 . 2011-02-10 02:44 -------- d-----w- c:\program files\Mozilla Firefox(2) 2011-02-04 19:32 . 2011-02-09 13:34 0 ----a-w- c:\windows\Vsejakadik.bin . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-28 22:27 . 2010-12-28 22:27 5307423 ----a-w- c:\windows\FramePkg.exe 2010-12-21 00:09 . 2009-09-21 18:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-21 00:08 . 2009-09-21 18:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2004-03-15 22:51 . 2004-03-15 22:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll 2006-01-23 15:32 . 2006-01-23 15:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll 2007-02-08 15:48 . 2007-02-08 15:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll 2008-12-10 19:50 . 2008-12-10 19:50 118784 ----a-w- c:\program files\internet explorer\plugins\LV86ActiveXControl.dll . ------- Sigcheck ------- [7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\eventlog.dll c:\windows\System32\eventlog.dll ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-08 39408] "Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 4167376] "i-Handbook"="c:\program files\Schlumberger\i-Handbook\i-Handbook.exe" [2006-05-24 9687040] "Infuzer"="c:\program files\Trondent Development Corp\Infuzer\Infuzer.exe" [2008-04-03 628008] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2005-05-09 1658080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] "SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104] "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-16 138008] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992] "VX6000"="c:\windows\vVX6000.exe" [2007-04-10 996712] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1392640] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2008-12-01 33280] "MicVol"="c:\windows\System32\MicVol25.exe" [2009-07-21 9216] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-10-16 124224] "niDevMon"="c:\program files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2008-06-18 106576] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2010-10-15 140608] "DameWare MRC Agent"="c:\windows\system32\DWRCST.exe" [2008-03-24 78848] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 4167376] c:\documents and settings\All Users\Start Menu\Programs\Startup\ ImageMixer 3 SE Camera Monitor Ver.5.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe [2009-8-28 253952] Monster Central Control Software 7.lnk - c:\program files\Monster\Monster Central Control Software 7\MonsterRemote.exe [2010-11-9 86112] Program Neighborhood Agent.lnk - c:\program files\Citrix\ICA Client\pnagent.exe [2005-4-4 233744] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoMSAppLogo5ChannelNotify"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\Msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Monster\\Monster Central Control Software 7\\MonsterRemote.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 135664] R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2009-09-01 21256] R2 NeatReceipts Database Controller;NeatReceipts Database Controller;c:\program files\Neat Business Cards\exec\NeatReceiptsDBController.exe [2007-06-13 231008] R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [2008-11-21 113152] R3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [2007-12-20 20056] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-09-01 65448] R3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-06-13 29178224] R3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2007-10-08 25888] R3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2007-10-08 11552] R3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2007-10-08 22360] R3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2007-12-26 11352] R3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2008-02-22 11336] R3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2007-12-19 11336] R3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2008-02-29 11344] R3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2008-02-22 11336] R3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2008-02-22 11336] R3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2007-12-26 11352] R3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2008-01-11 11392] R3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [2007-06-25 14464] R3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [2007-06-25 151683] R3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2007-12-18 11368] R3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2007-12-27 11360] R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2008-06-13 11904] R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2008-06-13 11896] R3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2007-11-26 20768] R3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2008-01-08 11376] R3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2008-01-08 11352] R3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2007-12-20 11344] R3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2008-01-08 11376] R3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2008-02-22 11336] R3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2008-01-08 11312] R3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2008-02-15 11360] R3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2008-01-02 11336] R3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2008-02-20 11360] R3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2008-02-22 11368] R3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2008-02-22 11336] R3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2008-02-22 11336] R3 usb6xxxk;usb6xxxk;c:\windows\system32\drivers\usb6xxxkl.sys [x] R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys [2007-04-10 2385896] S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [2007-07-11 15448] S1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\DRIVERS\dwvkbd.sys [2007-02-15 26624] S2 iPCAgent;iPCAgent;c:\program files\iPass\iPassConnect\iPCAgent.exe [2005-08-25 90112] S2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;c:\windows\system32\DRIVERS\mdc80211.sys [2008-01-04 15793] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-09-01 70728] S2 NeoterisSetupService;NeoterisSetupService;c:\program files\Neoteris\Installer Service\NeoterisSetupService.exe [2005-06-25 36864] S2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [2007-02-16 12696] S2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2007-09-18 11552] S2 SMSNomadP2P;SMSNomadP2P;c:\program files\1E\SMSNomad\SMSNomadP2P.exe [2005-11-27 335872] S3 DwMirror;DwMirror;c:\windows\system32\DRIVERS\DamewareMini.sys [2007-02-07 3712] S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2008-06-13 11360] S3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2008-06-13 11360] S3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2007-12-19 11360] --- Other Services/Drivers In Memory --- *NewlyCreated* - NIPALK [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}] 2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder 2011-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50] 2011-02-24 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-08 02:20] 2011-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 04:11] 2011-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 04:11] . . ------- Supplementary Scan ------- . uStart Page = hxxp://hub.slb.com/integration uInternet Connection Wizard,ShellNext = hxxp://saba.web.miswaco.com/Saba/Web/Smith uInternet Settings,ProxyOverride = <local>;*.local IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} LSP: bmnet.dll Trusted Zone: accenture.com Trusted Zone: atbalance.com Trusted Zone: atosorigin-asp.com Trusted Zone: books24x7.com Trusted Zone: dell.com Trusted Zone: geoquest.com Trusted Zone: intouchsupport.com Trusted Zone: iperceptions.com Trusted Zone: microsoft.com Trusted Zone: miswaco.com\*.prod Trusted Zone: miswaco.com\*.web Trusted Zone: mydexa.com Trusted Zone: skillport.com Trusted Zone: skillsoft.com Trusted Zone: slb.com Trusted Zone: westerngeco.com Trusted Zone: accenture.com Trusted Zone: atbalance.com Trusted Zone: atosorigin-asp.com Trusted Zone: books24x7.com Trusted Zone: dell.com Trusted Zone: geoquest.com Trusted Zone: intouchsupport.com Trusted Zone: iperceptions.com Trusted Zone: microsoft.com Trusted Zone: miswaco.com\*.prod Trusted Zone: miswaco.com\*.web Trusted Zone: mydexa.com Trusted Zone: skillport.com Trusted Zone: skillsoft.com Trusted Zone: slb.com Trusted Zone: westerngeco.com DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} - hxxps://download.infotriever.com/bin/ifhelper.cab . - - - - ORPHANS REMOVED - - - - AddRemove-Smith Screen Saver Screensaver - c:\program files\National ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-24 14:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(636) c:\windows\system32\bmnet.dll - - - - - - - > 'lsass.exe'(692) c:\windows\system32\bmnet.dll - - - - - - - > 'explorer.exe'(3036) c:\windows\system32\WININET.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\en-us\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\ieframe.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\windows\System32\SCardSvr.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\crypserv.exe c:\program files\Juniper Networks\Common Files\dsNcService.exe c:\windows\SYSTEM32\DWRCS.EXE c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\lkcitdl.exe c:\windows\system32\lkads.exe c:\windows\system32\lktsrv.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\program files\National Instruments\MAX\nimxs.exe c:\program files\National Instruments\Shared\Security\nidmsrv.exe c:\windows\system32\nisvcloc.exe c:\program files\National Instruments\Shared\Tagger\tagsrv.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Citrix\ICA Client\ssonsvr.exe c:\program files\iPass\iPassConnect\downloader\ipccheck.exe c:\windows\stsystra.exe c:\program files\Apoint\ApMsgFwd.exe c:\program files\Apoint\HidFind.exe c:\program files\Apoint\Apntex.exe c:\program files\McAfee\Common Framework\McTray.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2011-02-24 14:13:22 - machine was rebooted ComboFix-quarantined-files.txt 2011-02-24 20:13 Pre-Run: 62,793,056,256 bytes free Post-Run: 63,592,484,864 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 832C8C2595326F672686F489080CA6D4
  5. DDS (Ver_10-12-12.02) - NTFSx86 Run by NSeymour at 10:43:44.32 on Thu 02/24/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11 AV: VirusScan Enterprise + AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} ============== Running Processes =============== ============== Pseudo HJT Report =============== uStart Page = hxxp://hub.slb.com/integration uDefault_Page_URL = hxxp://hub.slb.com/integration uInternet Connection Wizard,ShellNext = hxxp://saba.web.miswaco.com/Saba/Web/Smith uInternet Settings,ProxyOverride = <local>;*.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] ; "c:\program files\messenger\Msmsgs.exe" /background uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Communicator] "c:\program files\microsoft office communicator\Communicator.exe" uRun: [i-Handbook] c:\program files\schlumberger\i-handbook\i-Handbook.exe /i uRun: [infuzer] ; c:\program files\trondent development corp\infuzer\Infuzer.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [VX6000] c:\windows\vVX6000.exe mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [<NO NAME>] mRun: [AT&T Communication Manager] "c:\program files\at&t\communication manager\ATTCM.exe" -a mRun: [MicVol] "c:\windows\system32\MicVol25.exe" mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [niDevMon] c:\program files\national instruments\ni-daq\hwconfig\nidevmon.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey mRun: [DameWare MRC Agent] c:\windows\system32\DWRCST.exe dRun: [Communicator] "c:\program files\microsoft office communicator\Communicator.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se ver.5\transfer utility\CameraMonitor.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monste~1.lnk - c:\program files\monster\monster central control software 7\MonsterRemote.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\progra~1.lnk - c:\program files\citrix\ica client\pnagent.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe mPolicies-explorer: NoMSAppLogo5ChannelNotify = 1 (0x1) IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL LSP: bmnet.dll Trusted Zone: accenture.com Trusted Zone: atbalance.com Trusted Zone: atosorigin-asp.com Trusted Zone: books24x7.com Trusted Zone: dell.com Trusted Zone: geoquest.com Trusted Zone: intouchsupport.com Trusted Zone: iperceptions.com Trusted Zone: microsoft.com Trusted Zone: miswaco.com\*.prod Trusted Zone: miswaco.com\*.web Trusted Zone: mydexa.com Trusted Zone: skillport.com Trusted Zone: skillsoft.com Trusted Zone: slb.com Trusted Zone: westerngeco.com Trusted Zone: accenture.com Trusted Zone: atbalance.com Trusted Zone: atosorigin-asp.com Trusted Zone: books24x7.com Trusted Zone: dell.com Trusted Zone: geoquest.com Trusted Zone: intouchsupport.com Trusted Zone: iperceptions.com Trusted Zone: microsoft.com Trusted Zone: miswaco.com\*.prod Trusted Zone: miswaco.com\*.web Trusted Zone: mydexa.com Trusted Zone: skillport.com Trusted Zone: skillsoft.com Trusted Zone: slb.com Trusted Zone: westerngeco.com DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} - hxxps://download.infotriever.com/bin/ifhelper.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269700035518 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269700027503 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab DPF: {E19F9331-3110-11d4-991C-005004D3B3DB} - hxxp://java.sun.com/products/plugin/1.3.0_02/jinstall-130_02-win.cab DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll mASetup: {EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5} - rundll32.exe advpack.dll,LaunchINFSectionEx c:\windows\inf\wmactedp.inf,PerUserStub,,4 ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2011-02-22 16:48:00 -------- d-----w- c:\windows\ms 2011-02-22 16:28:45 -------- d-----w- C:\32788R22FWJFW.4.tmp 2011-02-21 19:37:00 -------- d-----w- c:\windows\system32\DRM 2011-02-21 18:12:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware-New 2011-02-21 17:29:35 -------- d-----w- C:\32788R22FWJFW.3.tmp 2011-02-21 17:26:05 -------- d-----w- C:\32788R22FWJFW.2.tmp 2011-02-21 17:24:52 -------- d-----w- C:\32788R22FWJFW.1.tmp 2011-02-20 16:51:03 -------- d--h--w- c:\windows\PIF 2011-02-20 16:21:39 -------- d-----w- C:\32788R22FWJFW.0.tmp 2011-02-20 15:31:24 -------- d-----w- C:\RootRepeal 2011-02-20 08:44:26 -------- d-----w- c:\windows\system32\wbem\repository\FS 2011-02-20 08:44:26 -------- d-----w- c:\windows\system32\wbem\Repository 2011-02-20 08:36:56 -------- d-----w- C:\32788R22FWJFW(2) 2011-02-10 02:45:15 -------- d-----w- c:\program files\Bonjour 2011-02-04 22:05:27 -------- d-----w- c:\docume~1\nseymour\locals~1\applic~1\Mozilla 2011-02-04 22:03:44 -------- d-----w- c:\program files\Mozilla Firefox(2) 2011-02-04 21:24:22 -------- d-----w- c:\docume~1\nseymour\locals~1\applic~1\{11D6F7DC-0992-4B82-865C-DDB847714B51} 2011-02-04 19:32:51 0 ----a-w- c:\windows\Vsejakadik.bin 2011-02-04 19:32:49 -------- d-----w- c:\docume~1\nseymour\locals~1\applic~1\{DE976AB5-EA46-494C-95F6-F1271D202971} ==================== Find3M ==================== 2010-12-28 22:27:19 5307423 ----a-w- c:\windows\FramePkg.exe ============= FINISH: 10:46:23.74 ===============
  6. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5868 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 2/24/2011 10:21:34 AM mbam-log-2011-02-24 (10-21-34).txt Scan type: Quick scan Objects scanned: 221332 Time elapsed: 51 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\recycler\s-1-5-21-583907252-2139871995-839522115-15910290\dc11416.tmp.vir (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
  7. Here's the other one: DDS (Ver_10-12-12.02) - NTFSx86 Run by NSeymour at 17:15:56.85 on Wed 02/23/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11 AV: VirusScan Enterprise + AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} ============== Running Processes =============== ============== Pseudo HJT Report =============== uStart Page = hxxp://hub.slb.com/integration uDefault_Page_URL = hxxp://hub.slb.com/integration uInternet Connection Wizard,ShellNext = hxxp://saba.web.miswaco.com/Saba/Web/Smith uInternet Settings,ProxyOverride = <local>;*.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] ; "c:\program files\messenger\Msmsgs.exe" /background uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Communicator] "c:\program files\microsoft office communicator\Communicator.exe" uRun: [i-Handbook] c:\program files\schlumberger\i-handbook\i-Handbook.exe /i uRun: [infuzer] ; c:\program files\trondent development corp\infuzer\Infuzer.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [VX6000] c:\windows\vVX6000.exe mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [<NO NAME>] mRun: [AT&T Communication Manager] "c:\program files\at&t\communication manager\ATTCM.exe" -a mRun: [MicVol] "c:\windows\system32\MicVol25.exe" mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [niDevMon] c:\program files\national instruments\ni-daq\hwconfig\nidevmon.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey mRun: [DameWare MRC Agent] c:\windows\system32\DWRCST.exe mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware-new\Firefox.exe" /runcleanupscript dRun: [Communicator] "c:\program files\microsoft office communicator\Communicator.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se ver.5\transfer utility\CameraMonitor.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monste~1.lnk - c:\program files\monster\monster central control software 7\MonsterRemote.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\progra~1.lnk - c:\program files\citrix\ica client\pnagent.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe mPolicies-explorer: NoMSAppLogo5ChannelNotify = 1 (0x1) IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL LSP: bmnet.dll Trusted Zone: accenture.com Trusted Zone: atbalance.com Trusted Zone: atosorigin-asp.com Trusted Zone: books24x7.com Trusted Zone: dell.com Trusted Zone: geoquest.com Trusted Zone: intouchsupport.com Trusted Zone: iperceptions.com Trusted Zone: microsoft.com Trusted Zone: miswaco.com\*.prod Trusted Zone: miswaco.com\*.web Trusted Zone: mydexa.com Trusted Zone: skillport.com Trusted Zone: skillsoft.com Trusted Zone: slb.com Trusted Zone: westerngeco.com Trusted Zone: accenture.com Trusted Zone: atbalance.com Trusted Zone: atosorigin-asp.com Trusted Zone: books24x7.com Trusted Zone: dell.com Trusted Zone: geoquest.com Trusted Zone: intouchsupport.com Trusted Zone: iperceptions.com Trusted Zone: microsoft.com Trusted Zone: miswaco.com\*.prod Trusted Zone: miswaco.com\*.web Trusted Zone: mydexa.com Trusted Zone: skillport.com Trusted Zone: skillsoft.com Trusted Zone: slb.com Trusted Zone: westerngeco.com DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} - hxxps://download.infotriever.com/bin/ifhelper.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269700035518 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269700027503 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab DPF: {E19F9331-3110-11d4-991C-005004D3B3DB} - hxxp://java.sun.com/products/plugin/1.3.0_02/jinstall-130_02-win.cab DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll mASetup: {EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5} - rundll32.exe advpack.dll,LaunchINFSectionEx c:\windows\inf\wmactedp.inf,PerUserStub,,4 ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2011-02-23 05:56:31 54016 ----a-w- c:\windows\system32\drivers\irjy.sys 2011-02-22 16:48:00 -------- d-----w- c:\windows\ms 2011-02-22 16:28:45 -------- d-----w- C:\32788R22FWJFW.4.tmp 2011-02-21 19:37:00 -------- d-----w- c:\windows\system32\DRM 2011-02-21 18:12:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware-New 2011-02-21 17:29:35 -------- d-----w- C:\32788R22FWJFW.3.tmp 2011-02-21 17:26:05 -------- d-----w- C:\32788R22FWJFW.2.tmp 2011-02-21 17:24:52 -------- d-----w- C:\32788R22FWJFW.1.tmp 2011-02-20 16:51:03 -------- d--h--w- c:\windows\PIF 2011-02-20 16:21:39 -------- d-----w- C:\32788R22FWJFW.0.tmp 2011-02-20 15:31:24 -------- d-----w- C:\RootRepeal 2011-02-20 08:44:26 -------- d-----w- c:\windows\system32\wbem\repository\FS 2011-02-20 08:44:26 -------- d-----w- c:\windows\system32\wbem\Repository 2011-02-20 08:36:56 -------- d-----w- C:\32788R22FWJFW(2) 2011-02-10 02:45:15 -------- d-----w- c:\program files\Bonjour 2011-02-04 22:05:27 -------- d-----w- c:\docume~1\nseymour\locals~1\applic~1\Mozilla 2011-02-04 22:03:44 -------- d-----w- c:\program files\Mozilla Firefox(2) 2011-02-04 21:24:22 -------- d-----w- c:\docume~1\nseymour\locals~1\applic~1\{11D6F7DC-0992-4B82-865C-DDB847714B51} 2011-02-04 19:32:51 0 ----a-w- c:\windows\Vsejakadik.bin 2011-02-04 19:32:49 -------- d-----w- c:\docume~1\nseymour\locals~1\applic~1\{DE976AB5-EA46-494C-95F6-F1271D202971} 2011-01-25 01:31:27 -------- d-----w- c:\docume~1\nseymour\locals~1\applic~1\Western Digital ==================== Find3M ==================== 2010-12-28 22:27:19 5307423 ----a-w- c:\windows\FramePkg.exe ============= FINISH: 17:17:37.23 ===============
  8. Good deal. DDS was actually able to run this time. Here are the log files: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-12-12.02) ==== Disk Partitions ========================= ==== Disabled Device Manager Items ============= ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== 32 Bit HP CIO Components Installer Adobe Acrobat 8 Standard - English, Fran
  9. OK... I figured out I needed to burn the program to a CD and boot from CD to run the program. It looks like we made some progress as there were issues found. Here is the logfile from the scan. Avira / Linux Version 1.9.152.0 Copyright © 2010 by Avira GmbH All rights reserved. engine set: 8.2.4.170 VDF Version: 7.11.3.198 Scan start time: Tue Feb 22 22:10:11 2011 configuration file: /etc/avira/scancl.conf WARNING: [unexpected end of file] /media/Devices/sda2/Documents and Settings/LocalService/Application Data/Juniper Networks/Setup/uninstallOCX.exe WARNING: [unexpected end of file] /media/Devices/sda2/Documents and Settings/NSeymour/Application Data/Juniper Networks/Setup/uninstall.exe ALERT: [JAVA/Applet.K] /media/Devices/sda2/Documents and Settings/NSeymour/Application Data/Sun/Java/Deployment/cache/6.0/56/723d3038-797377a2 --> prev/monoid.class <<< Contains signature of the Java virus JAVA/Applet.K [archive scan abort] ALERT: [HIDDENEXT/Crypted] /media/Devices/sda2/Documents and Settings/NSeymour/Desktop/dds.pif <<< Contains signature of the HIDDENEXT/Crypted virus [renamed] ALERT: [TR/Crypt.XPACK.Gen] /media/Devices/sda2/Documents and Settings/NSeymour/Local Settings/Temp/$inst/temp_0.tmp --> 0 <<< Is the Trojan horse TR/Crypt.XPACK.Gen [archive scan abort] WARNING: [File is encrypted] /media/Devices/sda2/Documents and Settings/NSeymour/My Documents/Work/Computer/Software/Neat Business Cards/NB_Backup_3-31-2008.nbbak ALERT: [TR/Hiloti.D.3] /media/Devices/sda2/recycler/S-1-5-21-583907252-2139871995-839522115-15910290/Dc11410.tmp <<< Is the Trojan horse TR/Hiloti.D.3 [renamed] ALERT: [TR/Kazy.11117] /media/Devices/sda2/recycler/S-1-5-21-583907252-2139871995-839522115-15910290/Dc11414.tmp <<< Is the Trojan horse TR/Kazy.11117 [renamed] ALERT: [TR/Hiloti.D.4] /media/Devices/sda2/recycler/S-1-5-21-583907252-2139871995-839522115-15910290/Dc11415.tmp <<< Is the Trojan horse TR/Hiloti.D.4 [renamed] ALERT: [TR/Dldr.Carberp.C.35] /media/Devices/sda2/recycler/S-1-5-21-583907252-2139871995-839522115-15910290/Dc11416.tmp <<< Is the Trojan horse TR/Dldr.Carberp.C.35 [renamed] ALERT: [Java/Agent.GO] /media/Devices/sda2/recycler/S-1-5-21-583907252-2139871995-839522115-15910290/Dc12082.tmp --> a1e8.class <<< Contains signature of the Java virus JAVA/Agent.GO [archive scan abort] WARNING: [unexpected end of file] /media/Devices/sda2/WINDOWS/system32/Macromed/Flash/uninstall_activeX.exe ALERT: [TR/Dropper.Gen] /media/Devices/sda2/WINDOWS/system32/eventlog.dll <<< Is the Trojan horse TR/Dropper.Gen [renamed] WARNING: [unexpected end of file] /media/Devices/sda2/GTK/uninst.exe WARNING: [File is encrypted] /media/Devices/sda2/Program Files/AT&T/Communication Manager/ATTMultiMode.skx WARNING: [File is encrypted] /media/Devices/sda2/Program Files/AT&T/Communication Manager/ATT_OEM.skx WARNING: [unexpected end of file] /media/Devices/sda2/Program Files/TiEmu/uninst.exe Statistics : Directories............... : 17083 Archives.................. : 2041 Files..................... : 918350 Infected.............. : 9 Renamed........... : 9 Warnings.............. : 8 Suspicious............ : 0 Infections................ : 9
  10. This might be a dumb question, but which Avira product do I need to use to do this? I looked at their download page and there are several options. http://www.avira.com/en/support-download I assume you are referring to "Avira AntiVir Rescue System" which I will need to burn to a CD, but I just want to be sure I use the correct one. Thanks again for you assistance with this!
  11. I tried all the different OTL files and they all run for about 15 seconds and then automatically close. I tried them in Safe Mode with Networking as well with the same results.
  12. It did the same thing as before. The green progress bar shows up like it's loading and then nothing happens.
  13. I renamed the file to Firefox.exe and it opened just fine. I then performed the other instructions and then performed a Quick Scan. The scan ran for about 12 seconds and then the program closed down. I tried opening the program again and got the "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." warning. I then used Inherit.exe and it unlocked the file. I tried to run a Quick Scan again but it automatically closed after a couple seconds. DDS is still not working either.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.