insky

startnow.com removal

31 posts in this topic

I have my GMER scan ark file & the attach/dds Zip file. What do I do next to remove startnow.com malware?

Share this post


Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Share this post


Link to post
Share on other sites

Many, many thanks screen317! I ran this DDS on the 24th, just tried to redo it, but can't seem to repeat it for a totally current DDS.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6716

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

5/29/2011 10:10:25 AM

mbam-log-2011-05-29 (10-10-25).txt

Scan type: Quick scan

Objects scanned: 196744

Time elapsed: 16 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_24

Run by dw at 15:12:03 on 2011-05-24

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.679 [GMT -6:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\msdtc.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files\McAfee Online Backup\MOBKbackup.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

c:\PROGRA~1\mcafee\msc\mcupdmgr.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Documents and Settings\dw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dw\My Documents\Downloads\dds.scr

C:\WINDOWS\system32\WSCRIPT.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.azulstar.com/

mWindow Title = scraps, jean, richard overfield

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110513172951.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1

uRun: [Google Update] "c:\documents and settings\dw\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: internet

Trusted Zone: intuit.com\ttlc

Trusted Zone: mcafee.com

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: igfxcui - igfxdev.dll

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2009-11-17 63080]

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-4-22 387480]

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-4-28 53816]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-22 84200]

R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2010-4-23 54776]

R1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\26169\RapportCerberus_26169.sys [2011-5-2 57144]

R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-4-28 66360]

R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-4-28 158904]

R1 SASDIFSV;SASDIFSV;c:\docume~1\dw\locals~1\temp\sas_selfextract\SASDIFSV.SYS [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\docume~1\dw\locals~1\temp\sas_selfextract\SASKUTIL.SYS [2010-5-10 67656]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-4-13 47640]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-26 88176]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-22 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-22 271480]

R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-22 271480]

R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-22 171168]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-22 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-22 141792]

R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-2-5 229688]

R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-4-28 870200]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-22 56064]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-4-22 153280]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-4-22 52320]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-22 314088]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-5-13 88736]

S2 gupdate1c982565c6b24b6;Google Update Service (gupdate1c982565c6b24b6);c:\program files\google\update\GoogleUpdate.exe [2009-1-29 133104]

S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-1-29 133104]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-5-13 88736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-22 84488]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

=============== Created Last 30 ================

.

2011-05-24 20:46:36 388096 ----a-r- c:\documents and settings\dw\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-05-24 15:48:49 -------- d-----w- c:\documents and settings\dw\local settings\application data\WeatherBug

2011-05-24 15:48:38 -------- d-----w- c:\documents and settings\dw\application data\WeatherBug

2011-05-24 15:48:31 18944 ----a-r- c:\documents and settings\dw\application data\microsoft\installer\{8f018a9e-56de-4a79-a5ef-25f413f1d538}\IconBB6A16301.exe

2011-05-24 15:47:35 -------- d-----w- c:\program files\kikin

2011-05-24 15:47:35 -------- d-----w- c:\documents and settings\dw\application data\kikin

2011-05-24 15:46:57 -------- d-----w- c:\program files\Ploose

2011-05-18 18:07:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-13 23:28:16 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-05-12 22:18:21 102400 ----a-w- c:\windows\RegBootClean.exe

2011-05-12 14:08:03 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-04-28 20:34:50 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

.

==================== Find3M ====================

.

2011-04-14 20:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-04-14 20:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-04-14 20:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-04-14 20:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-04-14 20:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-04-14 20:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-04-14 20:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-04-14 20:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-04-14 20:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-04-08 15:38:00 0 ----a-w- c:\windows\Ppita.bin

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 15:14:01.92 ===============

Share this post


Link to post
Share on other sites

ComboFix 11-05-31.01 - dw 05/31/2011 18:59:28.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.583 [GMT -6:00]

Running from: c:\documents and settings\dw\My Documents\Downloads\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_MOUSEDRIVER

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_24

Run by dw at 19:46:23 on 2011-05-31

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.630 [GMT -6:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files\McAfee Online Backup\MOBKbackup.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Documents and Settings\dw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dw\My Documents\Downloads\dds (7).scr

C:\WINDOWS\system32\WSCRIPT.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.azulstar.com/

mWindow Title = scraps, jean, richard overfield

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110513172951.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: internet

Trusted Zone: intuit.com\ttlc

Trusted Zone: mcafee.com

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: igfxcui - igfxdev.dll

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2009-11-17 63080]

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-4-22 387480]

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-4-28 53816]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-22 84200]

R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2010-4-23 54776]

R1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\26169\RapportCerberus_26169.sys [2011-5-2 57144]

R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-4-28 66360]

R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-4-28 158904]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-4-13 47640]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-22 56064]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-4-22 153280]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-4-22 52320]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-22 314088]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-5-13 88736]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\dw\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\dw\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\dw\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\dw\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]

S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-5-13 88736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-22 84488]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

=============== Created Last 30 ================

.

2011-05-24 20:46:36 388096 ----a-r- c:\documents and settings\dw\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-05-24 15:48:49 -------- d-----w- c:\documents and settings\dw\local settings\application data\WeatherBug

2011-05-24 15:48:38 -------- d-----w- c:\documents and settings\dw\application data\WeatherBug

2011-05-24 15:48:31 18944 ----a-r- c:\documents and settings\dw\application data\microsoft\installer\{8f018a9e-56de-4a79-a5ef-25f413f1d538}\IconBB6A16301.exe

2011-05-24 15:47:35 -------- d-----w- c:\program files\kikin

2011-05-24 15:47:35 -------- d-----w- c:\documents and settings\dw\application data\kikin

2011-05-24 15:46:57 -------- d-----w- c:\program files\Ploose

2011-05-18 18:07:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-13 23:28:16 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-05-12 22:18:21 102400 ----a-w- c:\windows\RegBootClean.exe

2011-05-12 14:08:03 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys

.

==================== Find3M ====================

.

2011-04-28 20:34:50 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2011-04-14 20:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-04-14 20:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-04-14 20:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-04-14 20:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-04-14 20:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-04-14 20:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-04-14 20:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-04-14 20:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-04-14 20:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-04-08 15:38:00 0 ----a-w- c:\windows\Ppita.bin

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 19:48:15.14 ===============

.

.

((((((((((((((((((((((((( Files Created from 2011-05-01 to 2011-06-01 )))))))))))))))))))))))))))))))

.

.

2011-05-24 20:46 . 2011-05-24 20:46 388096 ----a-r- c:\documents and settings\dw\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-05-24 15:48 . 2011-05-24 15:48 -------- d-----w- c:\documents and settings\dw\Local Settings\Application Data\WeatherBug

2011-05-24 15:48 . 2011-05-24 15:48 -------- d-----w- c:\documents and settings\dw\Application Data\WeatherBug

2011-05-24 15:48 . 2011-05-24 15:48 18944 ----a-r- c:\documents and settings\dw\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe

2011-05-24 15:47 . 2011-05-24 16:01 -------- d-----w- c:\documents and settings\dw\Application Data\kikin

2011-05-24 15:47 . 2011-05-24 15:47 -------- d-----w- c:\program files\kikin

2011-05-24 15:46 . 2011-05-24 16:19 -------- d-----w- c:\program files\Ploose

2011-05-18 18:07 . 2011-05-18 18:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-13 23:28 . 2011-04-14 20:01 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-05-12 22:18 . 2011-05-12 22:18 102400 ----a-w- c:\windows\RegBootClean.exe

2011-05-12 14:08 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-28 20:34 . 2011-04-28 20:34 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2011-04-14 20:01 . 2010-04-23 00:23 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-04-14 20:01 . 2010-04-23 00:23 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-04-14 20:01 . 2010-04-23 00:23 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-04-14 20:01 . 2010-04-23 00:23 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-04-14 20:01 . 2010-04-23 00:23 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-04-14 20:01 . 2010-04-23 00:23 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-04-14 20:01 . 2010-04-23 00:23 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-04-14 20:01 . 2010-04-23 00:23 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-04-14 20:01 . 2010-04-23 00:23 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-03-07 05:33 . 2004-08-04 11:00 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:45 . 2004-08-04 11:00 434176 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2004-08-04 11:00 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-04-14 20:01 . 2011-02-14 15:38 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]

@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"

[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]

2010-02-06 03:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]

@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"

[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]

2010-02-06 03:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]

@="{b4caf489-1eec-c617-49ad-8d7088598c06}"

[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]

2010-02-06 03:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2008-01-04 202024]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2010-12-08 19:11 87424 ----a-w- c:\windows\SYSTEM32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^dw^Start Menu^Programs^Startup^Wireless Wizard.lnk]

path=c:\documents and settings\dw\Start Menu\Programs\Startup\Wireless Wizard.lnk

backup=c:\windows\pss\Wireless Wizard.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-11-10 18:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2007-11-15 16:24 16384 -c--a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DwlClient]

2004-05-28 02:05 323584 ----a-w- c:\program files\Common Files\Dell\EUSW\Support.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]

2005-11-21 21:55 45056 -c--a-w- c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"iPod Service"=3 (0x3)

"YahooAUService"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"UPHClean"=2 (0x2)

"sprtsvc_dellsupportcenter"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"ImapiService"=3 (0x3)

"CiSvc"=3 (0x3)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\SYSTEM32\\MMC.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\McAfee\\MWL\\MwlSvc.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Documents and Settings\\dw\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundTimestampRequest"= 1 (0x1)

"AllowInboundMaskRequest"= 1 (0x1)

"AllowInboundRouterRequest"= 1 (0x1)

"AllowOutboundDestinationUnreachable"= 1 (0x1)

"AllowOutboundSourceQuench"= 0 (0x0)

"AllowOutboundParameterProblem"= 1 (0x1)

"AllowOutboundTimeExceeded"= 1 (0x1)

"AllowRedirect"= 1 (0x1)

"AllowOutboundPacketTooBig"= 0 (0x0)

.

R1 SASDIFSV;SASDIFSV;c:\docume~1\dw\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]

R1 SASKUTIL;SASKUTIL;c:\docume~1\dw\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]

R2 gupdate1c982565c6b24b6;Google Update Service (gupdate1c982565c6b24b6);c:\program files\Google\Update\GoogleUpdate.exe [2009-01-29 133104]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]

R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-01-29 133104]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\DRIVERS\mfendisk.sys [2011-04-14 88736]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 84488]

S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2009-11-17 63080]

S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-04-28 53816]

S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-04-14 84200]

S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-02-06 54776]

S1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys [2011-05-02 57144]

S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-04-28 66360]

S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-04-28 158904]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 88176]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 188136]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-04-14 141792]

S2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [2010-02-06 229688]

S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-04-28 870200]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 56064]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 314088]

S3 mfendiskmp;mfendiskmp;c:\windows\system32\DRIVERS\mfendisk.sys [2011-04-14 88736]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

itlsvc REG_MULTI_SZ itlperf

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-28 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 19:34]

.

2011-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6ec8405795ec.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-29 21:12]

.

2011-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-29 21:12]

.

2011-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2985198652-3350544489-2306102065-1010Core.job

- c:\documents and settings\dw\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-24 20:50]

.

2011-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2985198652-3350544489-2306102065-1010UA.job

- c:\documents and settings\dw\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-24 20:50]

.

2011-05-31 c:\windows\Tasks\vtscheduletask.job

- c:\program files\McAfee\Supportability\MVT\MvtApp.exe [2010-12-04 20:25]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.azulstar.com/

mWindow Title = scraps, jean, richard overfield

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

Trusted Zone: internet

Trusted Zone: intuit.com\ttlc

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe

HKLM-Run-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-31 19:20

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\viaagp]

"ImagePath"="system32\DRIVERS\viaagp.sy@"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2985198652-3350544489-2306102065-1010\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{43984E99-3EA2-4C44-339C-15F61804B24B}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iapfbkfbopkbhiibbk"=hex:6a,61,6c,6b,63,6e,61,68,69,6e,66,6b,6e,67,69,70,67,6c,

65,68,00,00

"hafflideigcegndo"=hex:6a,61,6c,6b,63,6e,61,68,69,6e,66,6b,6e,67,69,70,67,6c,

65,68,00,6a

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1624)

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

.

- - - - - - - > 'explorer.exe'(652)

c:\progra~1\mcafee\SITEAD~1\saHook.dll

c:\program files\McAfee Online Backup\MOBKshell.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\LMIRfsClientNP.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\msdtc.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\program files\Common Files\McAfee\SystemCore\mfefire.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\windows\system32\rundll32.exe

c:\progra~1\mcafee.com\agent\McUpdate.exe

c:\progra~1\mcafee\msc\mcupdmgr.exe

c:\progra~1\mcafee\VIRUSS~1\mcvsmap.exe

c:\windows\system32\ssmypics.scr

.

**************************************************************************

.

Completion time: 2011-05-31 19:28:19 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-01 01:27

ComboFix2.txt 2011-04-13 13:21

.

Pre-Run: 59,146,948,608 bytes free

Post-Run: 59,138,838,528 bytes free

.

- - End Of File - - 2980FF0D27F3B76EA633022962C4D0FC

Share this post


Link to post
Share on other sites

I just updated Combofix & ran it again. Here's the log:

ComboFix 11-06-01.07 - dw 06/02/2011 8:34.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.764 [GMT -6:00]

Running from: c:\documents and settings\dw\My Documents\Downloads\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\atapi.sys

.

.

((((((((((((((((((((((((( Files Created from 2011-05-02 to 2011-06-02 )))))))))))))))))))))))))))))))

.

.

2011-05-24 20:46 . 2011-05-24 20:46 388096 ----a-r- c:\documents and settings\dw\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-05-24 15:48 . 2011-05-24 15:48 -------- d-----w- c:\documents and settings\dw\Local Settings\Application Data\WeatherBug

2011-05-24 15:48 . 2011-05-24 15:48 -------- d-----w- c:\documents and settings\dw\Application Data\WeatherBug

2011-05-24 15:48 . 2011-05-24 15:48 18944 ----a-r- c:\documents and settings\dw\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe

2011-05-24 15:47 . 2011-05-24 16:01 -------- d-----w- c:\documents and settings\dw\Application Data\kikin

2011-05-24 15:47 . 2011-05-24 15:47 -------- d-----w- c:\program files\kikin

2011-05-24 15:46 . 2011-05-24 16:19 -------- d-----w- c:\program files\Ploose

2011-05-18 18:07 . 2011-05-18 18:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-13 23:28 . 2011-04-14 20:01 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-05-12 22:18 . 2011-05-12 22:18 102400 ----a-w- c:\windows\RegBootClean.exe

2011-05-12 14:08 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-28 20:34 . 2011-04-28 20:34 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2011-04-14 20:01 . 2010-04-23 00:23 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-04-14 20:01 . 2010-04-23 00:23 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-04-14 20:01 . 2010-04-23 00:23 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-04-14 20:01 . 2010-04-23 00:23 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-04-14 20:01 . 2010-04-23 00:23 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-04-14 20:01 . 2010-04-23 00:23 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-04-14 20:01 . 2010-04-23 00:23 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-04-14 20:01 . 2010-04-23 00:23 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-04-14 20:01 . 2010-04-23 00:23 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-03-07 05:33 . 2004-08-04 11:00 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-14 20:01 . 2011-02-14 15:38 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]

@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"

[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]

2010-02-06 03:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]

@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"

[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]

2010-02-06 03:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]

@="{b4caf489-1eec-c617-49ad-8d7088598c06}"

[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]

2010-02-06 03:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2008-01-04 202024]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2010-12-08 19:11 87424 ----a-w- c:\windows\SYSTEM32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^dw^Start Menu^Programs^Startup^Wireless Wizard.lnk]

path=c:\documents and settings\dw\Start Menu\Programs\Startup\Wireless Wizard.lnk

backup=c:\windows\pss\Wireless Wizard.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-11-10 18:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2007-11-15 16:24 16384 -c--a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DwlClient]

2004-05-28 02:05 323584 ----a-w- c:\program files\Common Files\Dell\EUSW\Support.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]

2005-11-21 21:55 45056 -c--a-w- c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"iPod Service"=3 (0x3)

"YahooAUService"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"UPHClean"=2 (0x2)

"sprtsvc_dellsupportcenter"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"ImapiService"=3 (0x3)

"CiSvc"=3 (0x3)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\SYSTEM32\\MMC.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\McAfee\\MWL\\MwlSvc.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Documents and Settings\\dw\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundTimestampRequest"= 1 (0x1)

"AllowInboundMaskRequest"= 1 (0x1)

"AllowInboundRouterRequest"= 1 (0x1)

"AllowOutboundDestinationUnreachable"= 1 (0x1)

"AllowOutboundSourceQuench"= 0 (0x0)

"AllowOutboundParameterProblem"= 1 (0x1)

"AllowOutboundTimeExceeded"= 1 (0x1)

"AllowRedirect"= 1 (0x1)

"AllowOutboundPacketTooBig"= 0 (0x0)

.

R1 SASDIFSV;SASDIFSV;c:\docume~1\dw\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]

R1 SASKUTIL;SASKUTIL;c:\docume~1\dw\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]

R2 gupdate1c982565c6b24b6;Google Update Service (gupdate1c982565c6b24b6);c:\program files\Google\Update\GoogleUpdate.exe [2009-01-29 133104]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]

R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-01-29 133104]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\DRIVERS\mfendisk.sys [2011-04-14 88736]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 84488]

S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2009-11-17 63080]

S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-04-28 53816]

S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-04-14 84200]

S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-02-06 54776]

S1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys [2011-05-02 57144]

S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-04-28 66360]

S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-04-28 158904]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 88176]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 188136]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-04-14 141792]

S2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [2010-02-06 229688]

S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-04-28 870200]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 56064]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 314088]

S3 mfendiskmp;mfendiskmp;c:\windows\system32\DRIVERS\mfendisk.sys [2011-04-14 88736]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

itlsvc REG_MULTI_SZ itlperf

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-28 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 19:34]

.

2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6ec8405795ec.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-29 21:12]

.

2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-29 21:12]

.

2011-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2985198652-3350544489-2306102065-1010Core.job

- c:\documents and settings\dw\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-24 20:50]

.

2011-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2985198652-3350544489-2306102065-1010UA.job

- c:\documents and settings\dw\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-24 20:50]

.

2011-05-31 c:\windows\Tasks\vtscheduletask.job

- c:\program files\McAfee\Supportability\MVT\MvtApp.exe [2010-12-04 20:25]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.azulstar.com/

mWindow Title = scraps, jean, richard overfield

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

Trusted Zone: internet

Trusted Zone: intuit.com\ttlc

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 192.168.1.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-02 08:56

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\viaagp]

"ImagePath"="system32\DRIVERS\viaagp.sy@"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2985198652-3350544489-2306102065-1010\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{43984E99-3EA2-4C44-339C-15F61804B24B}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iapfbkfbopkbhiibbk"=hex:6a,61,6c,6b,63,6e,61,68,69,6e,66,6b,6e,67,69,70,67,6c,

65,68,00,00

"hafflideigcegndo"=hex:6a,61,6c,6b,63,6e,61,68,69,6e,66,6b,6e,67,69,70,67,6c,

65,68,00,6a

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1624)

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

.

- - - - - - - > 'explorer.exe'(3612)

c:\progra~1\mcafee\SITEAD~1\saHook.dll

c:\program files\McAfee Online Backup\MOBKshell.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\LMIRfsClientNP.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\msdtc.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\program files\Common Files\McAfee\SystemCore\mfefire.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\windows\System32\vssvc.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Completion time: 2011-06-02 09:03:28 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-02 15:03

ComboFix2.txt 2011-06-01 01:28

ComboFix3.txt 2011-04-13 13:21

.

Pre-Run: 59,155,415,040 bytes free

Post-Run: 59,125,628,928 bytes free

.

- - End Of File - - F5922D207CCE9E616EC23A0301165522

Share this post


Link to post
Share on other sites

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Share this post


Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6522

# api_version=3.0.2

# EOSSerial=987081a56c03c944ac7b73539c722ede

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-06-06 12:37:51

# local_time=2011-06-05 06:37:51 (-0700, Mountain Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 23323493 23323493 0 0

# compatibility_mode=5121 16777173 100 75 1897534 36460365 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=160017

# found=2

# cleaned=2

# scan_time=7250

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP180\A0039491.exe Win32/Adware.RK.AB application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP180\A0039503.dll Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Share this post


Link to post
Share on other sites

Results of screen317's Security Check version 0.99.12

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Online Scanner v3

McAfee Security Scan Plus

McAfee Virtual Technician

McAfee SecurityCenter

McAfee Online Backup

McAfee Anti-Theft

McAfee Online Backup

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

HijackThis 2.0.2

Java 6 Update 24

Java 2 Runtime Environment, SE v1.4.2_03

Out of date Java installed!

Adobe Flash Player 10.3.181.14

Adobe Atmosphere Player for Acrobat and Adobe Reader

Adobe Reader X (10.0.1)

````````````````````````````````

Process Check:

objlist.exe by Laurent

McAfee Online Backup MOBKbackup.exe

``````````End of Log````````````

Share this post


Link to post
Share on other sites

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

ESET Online Scanner v3

HijackThis 2.0.2

Java

Share this post


Link to post
Share on other sites

All done & no redirects so far! Many, many thanks. One problem, after updating Adobe player, I have no system sound. I have sound with CD player only.I can play video online, but no sound.

Share this post


Link to post
Share on other sites

I did a restore point for last Sunday which restored my sound & doesn't seen to have affected the cleaning.

Share this post


Link to post
Share on other sites

Checking emails today, I got a redirect. Prior to cleaning when I was getting redirects constantly, I always copied the URL & went to Control Panel, Internet options, Privacy, Sites & placed it on the Block list. This redirect was one to a site I got frequently, but the window did not open, it stayed in the Tab bar at the top of my screen where I closed it.

Share this post


Link to post
Share on other sites

Yes, I am. When I turn off the computer & later turn it on, I seem to get a redirect right away. I usually copy the URL & put it on the BLOCK list in Privacy at INTERNET OPTIONS.

Share this post


Link to post
Share on other sites

Hi,

Please grab a fresh copy of ComboFix, run it, and post its log.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Share this post


Link to post
Share on other sites

ComboFix 11-06-15.02 - dw 06/15/2011 14:08:36.4.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.696 [GMT -6:00]

Running from: c:\documents and settings\dw\Desktop\ComboFixa.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((( Files Created from 2011-05-15 to 2011-06-15 )))))))))))))))))))))))))))))))

.

.

2011-06-08 19:18 . 2011-06-08 19:18 -------- d-----w- c:\windows\system32\wbem\Repository

2011-06-08 19:15 . 2011-06-08 19:15 -------- d-----w- c:\program files\ESET

2011-06-08 19:15 . 2011-06-08 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2011-06-08 19:13 . 2011-06-08 19:13 -------- d-----w- c:\program files\Common Files\Adobe AIR

2011-06-08 19:11 . 2011-06-08 19:11 -------- d-----w- c:\program files\ffdshow

2011-06-05 21:59 . 2011-06-05 22:02 -------- dc-h--w- c:\windows\ie8

2011-05-24 20:46 . 2011-05-24 20:46 388096 ----a-r- c:\documents and settings\dw\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-05-24 15:48 . 2011-05-24 15:48 -------- d-----w- c:\documents and settings\dw\Local Settings\Application Data\WeatherBug

2011-05-24 15:48 . 2011-05-24 15:48 -------- d-----w- c:\documents and settings\dw\Application Data\WeatherBug

2011-05-24 15:48 . 2011-05-24 15:48 18944 ----a-r- c:\documents and settings\dw\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe

2011-05-24 15:47 . 2011-05-24 16:01 -------- d-----w- c:\documents and settings\dw\Application Data\kikin

2011-05-24 15:47 . 2011-05-24 15:47 -------- d-----w- c:\program files\kikin

2011-05-24 15:46 . 2011-05-24 16:19 -------- d-----w- c:\program files\Ploose

2011-05-18 18:07 . 2011-06-14 18:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 15:11 . 2011-04-13 13:39 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 15:11 . 2011-04-13 13:38 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-12 22:18 . 2011-05-12 22:18 102400 ----a-w- c:\windows\RegBootClean.exe

2011-04-28 20:34 . 2011-04-28 20:34 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2011-04-14 20:01 . 2011-05-13 23:28 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-04-14 20:01 . 2010-04-23 00:23 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-04-14 20:01 . 2010-04-23 00:23 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-04-14 20:01 . 2010-04-23 00:23 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-04-14 20:01 . 2010-04-23 00:23 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-04-14 20:01 . 2010-04-23 00:23 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-04-14 20:01 . 2010-04-23 00:23 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-04-14 20:01 . 2010-04-23 00:23 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-04-14 20:01 . 2010-04-23 00:23 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-04-14 20:01 . 2010-04-23 00:23 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]

@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"

[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]

2010-02-06 03:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]

@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"

[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]

2010-02-06 03:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]

@="{b4caf489-1eec-c617-49ad-8d7088598c06}"

[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]

2010-02-06 03:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2008-01-04 202024]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2010-12-08 19:11 87424 ----a-w- c:\windows\SYSTEM32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^dw^Start Menu^Programs^Startup^Wireless Wizard.lnk]

path=c:\documents and settings\dw\Start Menu\Programs\Startup\Wireless Wizard.lnk

backup=c:\windows\pss\Wireless Wizard.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-11-10 18:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2007-11-15 16:24 16384 -c--a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DwlClient]

2004-05-28 02:05 323584 ----a-w- c:\program files\Common Files\Dell\EUSW\Support.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]

2005-11-21 21:55 45056 -c--a-w- c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"iPod Service"=3 (0x3)

"YahooAUService"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"UPHClean"=2 (0x2)

"sprtsvc_dellsupportcenter"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"ImapiService"=3 (0x3)

"CiSvc"=3 (0x3)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\SYSTEM32\\MMC.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\McAfee\\MWL\\MwlSvc.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Documents and Settings\\dw\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundTimestampRequest"= 1 (0x1)

"AllowInboundMaskRequest"= 1 (0x1)

"AllowInboundRouterRequest"= 1 (0x1)

"AllowOutboundDestinationUnreachable"= 1 (0x1)

"AllowOutboundSourceQuench"= 0 (0x0)

"AllowOutboundParameterProblem"= 1 (0x1)

"AllowOutboundTimeExceeded"= 1 (0x1)

"AllowRedirect"= 1 (0x1)

"AllowOutboundPacketTooBig"= 0 (0x0)

.

R0 McPvDrv;McPvDrv Driver;c:\windows\SYSTEM32\DRIVERS\McPvDrv.sys [11/17/2009 11:15 AM 63080]

R0 RapportKELL;RapportKELL;c:\windows\SYSTEM32\DRIVERS\RapportKELL.sys [4/28/2011 2:34 PM 53816]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [4/22/2010 6:23 PM 84200]

R1 MOBKFilter;MOBKFilter;c:\windows\SYSTEM32\DRIVERS\MOBK.sys [4/23/2010 10:02 PM 54776]

R1 RapportCerberus_26762;RapportCerberus_26762;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys [6/13/2011 7:41 AM 57144]

R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [4/28/2011 2:34 PM 66360]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [4/28/2011 2:34 PM 158904]

R3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [4/22/2010 6:23 PM 56064]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [4/22/2010 6:23 PM 314088]

R3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [5/13/2011 5:28 PM 88736]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\dw\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\dw\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\dw\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\dw\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]

S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [5/13/2011 5:28 PM 88736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [4/22/2010 6:23 PM 84488]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 19:34]

.

2011-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6ec8405795ec.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-29 21:12]

.

2011-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-29 21:12]

.

2011-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2985198652-3350544489-2306102065-1010Core.job

- c:\documents and settings\dw\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-24 20:50]

.

2011-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2985198652-3350544489-2306102065-1010UA.job

- c:\documents and settings\dw\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-24 20:50]

.

2011-06-14 c:\windows\Tasks\vtscheduletask.job

- c:\program files\McAfee\Supportability\MVT\MvtApp.exe [2010-12-04 20:25]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.azulstar.com/

mWindow Title = scraps, jean, richard overfield

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

Trusted Zone: internet

Trusted Zone: intuit.com\ttlc

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 192.168.1.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-15 14:24

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\viaagp]

"ImagePath"="system32\DRIVERS\viaagp.sy@"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2985198652-3350544489-2306102065-1010\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{43984E99-3EA2-4C44-339C-15F61804B24B}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iapfbkfbopkbhiibbk"=hex:6a,61,6c,6b,63,6e,61,68,69,6e,66,6b,6e,67,69,70,67,6c,

65,68,00,00

"hafflideigcegndo"=hex:6a,61,6c,6b,63,6e,61,68,69,6e,66,6b,6e,67,69,70,67,6c,

65,68,00,6a

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1624)

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

.

- - - - - - - > 'explorer.exe'(3540)

c:\windows\system32\WININET.dll

c:\progra~1\mcafee\SITEAD~1\saHook.dll

c:\program files\McAfee Online Backup\MOBKshell.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\LMIRfsClientNP.dll

.

Completion time: 2011-06-15 14:30:43

ComboFix-quarantined-files.txt 2011-06-15 20:30

ComboFix2.txt 2011-06-02 15:03

ComboFix3.txt 2011-06-01 01:28

ComboFix4.txt 2011-04-13 13:21

.

Pre-Run: 56,005,943,296 bytes free

Post-Run: 56,158,515,200 bytes free

.

- - End Of File - - E9F394D5988B887E5FA840B97465DB0B

Share this post


Link to post
Share on other sites

2011/06/15 14:37:48.0234 0640 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48

2011/06/15 14:37:50.0187 0640 ================================================================================

2011/06/15 14:37:50.0187 0640 SystemInfo:

2011/06/15 14:37:50.0187 0640

2011/06/15 14:37:50.0187 0640 OS Version: 5.1.2600 ServicePack: 3.0

2011/06/15 14:37:50.0187 0640 Product type: Workstation

2011/06/15 14:37:50.0187 0640 ComputerName: OVERINSKY

2011/06/15 14:37:50.0187 0640 UserName: dw

2011/06/15 14:37:50.0187 0640 Windows directory: C:\WINDOWS

2011/06/15 14:37:50.0187 0640 System windows directory: C:\WINDOWS

2011/06/15 14:37:50.0187 0640 Processor architecture: Intel x86

2011/06/15 14:37:50.0187 0640 Number of processors: 1

2011/06/15 14:37:50.0187 0640 Page size: 0x1000

2011/06/15 14:37:50.0187 0640 Boot type: Normal boot

2011/06/15 14:37:50.0187 0640 ================================================================================

2011/06/15 14:37:52.0187 0640 Initialize success

2011/06/15 14:38:05.0343 2816 ================================================================================

2011/06/15 14:38:05.0343 2816 Scan started

2011/06/15 14:38:05.0343 2816 Mode: Manual;

2011/06/15 14:38:05.0343 2816 ================================================================================

2011/06/15 14:38:06.0078 2816 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/06/15 14:38:06.0156 2816 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/06/15 14:38:06.0218 2816 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/06/15 14:38:06.0281 2816 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/06/15 14:38:06.0328 2816 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys

2011/06/15 14:38:06.0375 2816 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/06/15 14:38:06.0453 2816 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys

2011/06/15 14:38:06.0500 2816 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/06/15 14:38:06.0546 2816 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/06/15 14:38:06.0593 2816 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/06/15 14:38:06.0625 2816 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/06/15 14:38:06.0703 2816 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/06/15 14:38:06.0796 2816 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/06/15 14:38:06.0859 2816 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/06/15 14:38:06.0921 2816 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/06/15 14:38:06.0984 2816 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/06/15 14:38:07.0078 2816 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/06/15 14:38:07.0140 2816 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/06/15 14:38:07.0203 2816 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/06/15 14:38:07.0312 2816 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/06/15 14:38:07.0375 2816 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/06/15 14:38:07.0484 2816 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/06/15 14:38:07.0546 2816 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/06/15 14:38:07.0625 2816 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/06/15 14:38:07.0734 2816 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS

2011/06/15 14:38:08.0000 2816 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/06/15 14:38:08.0062 2816 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/06/15 14:38:08.0187 2816 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/06/15 14:38:08.0265 2816 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/06/15 14:38:08.0343 2816 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/06/15 14:38:08.0375 2816 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/06/15 14:38:08.0437 2816 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys

2011/06/15 14:38:08.0500 2816 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys

2011/06/15 14:38:08.0562 2816 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/06/15 14:38:08.0625 2816 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys

2011/06/15 14:38:08.0765 2816 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/06/15 14:38:08.0875 2816 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/06/15 14:38:08.0968 2816 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys

2011/06/15 14:38:09.0046 2816 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/06/15 14:38:09.0109 2816 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/06/15 14:38:09.0187 2816 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/06/15 14:38:09.0281 2816 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/06/15 14:38:09.0375 2816 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/06/15 14:38:09.0453 2816 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/06/15 14:38:09.0515 2816 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/06/15 14:38:09.0578 2816 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys

2011/06/15 14:38:09.0625 2816 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys

2011/06/15 14:38:09.0718 2816 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys

2011/06/15 14:38:09.0906 2816 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/06/15 14:38:10.0015 2816 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/06/15 14:38:10.0171 2816 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys

2011/06/15 14:38:10.0250 2816 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys

2011/06/15 14:38:10.0328 2816 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/06/15 14:38:10.0421 2816 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/06/15 14:38:10.0500 2816 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/06/15 14:38:10.0562 2816 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/06/15 14:38:10.0640 2816 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/06/15 14:38:10.0703 2816 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/06/15 14:38:10.0765 2816 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/06/15 14:38:10.0843 2816 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/06/15 14:38:10.0937 2816 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2011/06/15 14:38:11.0015 2816 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/06/15 14:38:11.0125 2816 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/06/15 14:38:11.0203 2816 HPFXBULK (e4e0b356a8756066cf89080d9da69f22) C:\WINDOWS\system32\drivers\hpfxbulk.sys

2011/06/15 14:38:11.0281 2816 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/06/15 14:38:11.0359 2816 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/06/15 14:38:11.0421 2816 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/06/15 14:38:11.0484 2816 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/06/15 14:38:11.0531 2816 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/06/15 14:38:11.0625 2816 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/06/15 14:38:11.0812 2816 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/06/15 14:38:11.0906 2816 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/06/15 14:38:12.0031 2816 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys

2011/06/15 14:38:12.0156 2816 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys

2011/06/15 14:38:12.0218 2816 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys

2011/06/15 14:38:12.0265 2816 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/06/15 14:38:12.0312 2816 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/06/15 14:38:12.0375 2816 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/06/15 14:38:12.0437 2816 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/06/15 14:38:12.0484 2816 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/06/15 14:38:12.0562 2816 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/06/15 14:38:12.0609 2816 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/06/15 14:38:12.0656 2816 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/06/15 14:38:12.0718 2816 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/06/15 14:38:12.0875 2816 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/06/15 14:38:12.0921 2816 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/06/15 14:38:13.0000 2816 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/06/15 14:38:13.0078 2816 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/06/15 14:38:13.0281 2816 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys

2011/06/15 14:38:13.0375 2816 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

2011/06/15 14:38:13.0500 2816 McPvDrv (d1c7dce92a59663bea52244d165b215e) C:\WINDOWS\system32\drivers\McPvDrv.sys

2011/06/15 14:38:13.0593 2816 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\WINDOWS\system32\drivers\mfeapfk.sys

2011/06/15 14:38:13.0656 2816 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys

2011/06/15 14:38:13.0765 2816 mfebopk (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys

2011/06/15 14:38:13.0843 2816 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys

2011/06/15 14:38:13.0968 2816 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\WINDOWS\system32\drivers\mfehidk.sys

2011/06/15 14:38:14.0015 2816 mfendisk (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

2011/06/15 14:38:14.0046 2816 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

2011/06/15 14:38:14.0109 2816 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys

2011/06/15 14:38:14.0171 2816 mfetdi2k (25e12c68b49a64ffc873603dfd578236) C:\WINDOWS\system32\drivers\mfetdi2k.sys

2011/06/15 14:38:14.0234 2816 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/06/15 14:38:14.0343 2816 MOBKFilter (e896775837a8bce436348df460522394) C:\WINDOWS\system32\DRIVERS\MOBK.sys

2011/06/15 14:38:14.0421 2816 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/06/15 14:38:14.0484 2816 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

2011/06/15 14:38:14.0562 2816 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys

2011/06/15 14:38:14.0609 2816 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/06/15 14:38:14.0687 2816 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/06/15 14:38:14.0750 2816 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/06/15 14:38:14.0859 2816 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/06/15 14:38:14.0953 2816 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/06/15 14:38:15.0031 2816 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/06/15 14:38:15.0125 2816 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/06/15 14:38:15.0187 2816 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/06/15 14:38:15.0250 2816 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/06/15 14:38:15.0312 2816 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/06/15 14:38:15.0375 2816 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/06/15 14:38:15.0453 2816 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/06/15 14:38:15.0515 2816 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/06/15 14:38:15.0593 2816 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/06/15 14:38:15.0671 2816 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/06/15 14:38:15.0703 2816 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/06/15 14:38:15.0796 2816 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/06/15 14:38:15.0859 2816 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/06/15 14:38:15.0968 2816 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/06/15 14:38:16.0046 2816 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/06/15 14:38:16.0109 2816 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/06/15 14:38:16.0234 2816 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys

2011/06/15 14:38:16.0296 2816 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/06/15 14:38:16.0359 2816 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/06/15 14:38:16.0421 2816 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/06/15 14:38:16.0546 2816 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/06/15 14:38:16.0656 2816 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/06/15 14:38:16.0734 2816 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/06/15 14:38:16.0812 2816 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

2011/06/15 14:38:16.0875 2816 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys

2011/06/15 14:38:16.0953 2816 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys

2011/06/15 14:38:17.0078 2816 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys

2011/06/15 14:38:17.0140 2816 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/06/15 14:38:17.0187 2816 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/06/15 14:38:17.0234 2816 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/06/15 14:38:17.0281 2816 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/06/15 14:38:17.0390 2816 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/06/15 14:38:17.0453 2816 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/06/15 14:38:17.0671 2816 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/06/15 14:38:17.0718 2816 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/06/15 14:38:17.0859 2816 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/06/15 14:38:17.0906 2816 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/06/15 14:38:17.0968 2816 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/06/15 14:38:18.0031 2816 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/06/15 14:38:18.0093 2816 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/06/15 14:38:18.0140 2816 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/06/15 14:38:18.0203 2816 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/06/15 14:38:18.0250 2816 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/06/15 14:38:18.0296 2816 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/06/15 14:38:18.0437 2816 RapportCerberus_26762 (7bf4f7e3ff7067b80b7d3d1e031bcb0e) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys

2011/06/15 14:38:18.0531 2816 RapportEI (1602ff4aec5c2246ac387e49e474dd7b) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys

2011/06/15 14:38:18.0593 2816 RapportKELL (12031844f5ad4126eab4c410623f7789) C:\WINDOWS\system32\Drivers\RapportKELL.sys

2011/06/15 14:38:18.0625 2816 RapportPG (1c303f85986c3dfcb01cc67f185c32e5) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

2011/06/15 14:38:18.0687 2816 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/06/15 14:38:18.0796 2816 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/06/15 14:38:18.0859 2816 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/06/15 14:38:18.0921 2816 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/06/15 14:38:18.0984 2816 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/06/15 14:38:19.0031 2816 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/06/15 14:38:19.0125 2816 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/06/15 14:38:19.0203 2816 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/06/15 14:38:19.0281 2816 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/06/15 14:38:19.0578 2816 SDDMI2 (8edd7b9e4a4b4c16e2dab9188caa861b) C:\WINDOWS\system32\DDMI2.sys

2011/06/15 14:38:19.0656 2816 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/06/15 14:38:19.0734 2816 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/06/15 14:38:19.0828 2816 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/06/15 14:38:19.0906 2816 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/06/15 14:38:20.0031 2816 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/06/15 14:38:20.0093 2816 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/06/15 14:38:20.0218 2816 smwdm (4aa922332433cdeb8b82c072c212e32e) C:\WINDOWS\system32\drivers\smwdm.sys

2011/06/15 14:38:20.0312 2816 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/06/15 14:38:20.0343 2816 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/06/15 14:38:20.0421 2816 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/06/15 14:38:20.0515 2816 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/06/15 14:38:20.0593 2816 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/06/15 14:38:20.0671 2816 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/06/15 14:38:20.0718 2816 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/06/15 14:38:20.0812 2816 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/06/15 14:38:20.0859 2816 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/06/15 14:38:20.0906 2816 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/06/15 14:38:20.0968 2816 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/06/15 14:38:21.0031 2816 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/06/15 14:38:21.0125 2816 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/06/15 14:38:21.0218 2816 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys

2011/06/15 14:38:21.0281 2816 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/06/15 14:38:21.0359 2816 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/06/15 14:38:21.0421 2816 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/06/15 14:38:21.0703 2816 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/06/15 14:38:21.0968 2816 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys

2011/06/15 14:38:22.0109 2816 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/06/15 14:38:22.0187 2816 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/06/15 14:38:22.0343 2816 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/06/15 14:38:22.0593 2816 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/06/15 14:38:22.0781 2816 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/06/15 14:38:22.0921 2816 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/06/15 14:38:23.0078 2816 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/06/15 14:38:23.0234 2816 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/06/15 14:38:23.0390 2816 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/06/15 14:38:23.0515 2816 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/06/15 14:38:23.0593 2816 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/06/15 14:38:23.0718 2816 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sy@

2011/06/15 14:38:23.0843 2816 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/06/15 14:38:24.0000 2816 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/06/15 14:38:24.0328 2816 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/06/15 14:38:24.0609 2816 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2011/06/15 14:38:24.0828 2816 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/06/15 14:38:25.0625 2816 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys

2011/06/15 14:38:25.0671 2816 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/06/15 14:38:25.0734 2816 WscNetDr (2b45412df680a1896dd1f3948a350ecc) C:\WINDOWS\system32\DRIVERS\WscNetDr.sys

2011/06/15 14:38:25.0765 2816 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/06/15 14:38:25.0828 2816 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/06/15 14:38:25.0843 2816 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/06/15 14:38:25.0968 2816 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/06/15 14:38:26.0078 2816 ================================================================================

2011/06/15 14:38:26.0078 2816 Scan finished

2011/06/15 14:38:26.0078 2816 ================================================================================

2011/06/15 14:38:26.0093 3596 Detected object count: 0

2011/06/15 14:38:26.0093 3596 Actual detected object count: 0

Share this post


Link to post
Share on other sites

Hi,

Just saw this:

Please see:

HijackThis Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

This goes for Limewire and anything else you may have.

Share this post


Link to post
Share on other sites

When I read it I would not have know what it was & I don't know how to identify evidence of P2P, nor do I know what Keygens, Limewire, Keygens are. My son used this computer before he got his own. Can you indicate the bad stuff & help me get rid of it?

Share this post


Link to post
Share on other sites

Hi,

That's fine. Just needed it to be out in the open.

Run DDS and post attach.txt; we'll take it from there.

Share this post


Link to post
Share on other sites

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 4/5/2005 7:28:27 PM

System Uptime: 6/22/2011 10:00:54 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0M3918

Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 146 GiB total, 49.311 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP138: 4/13/2011 9:24:28 AM - System Checkpoint

RP139: 4/13/2011 9:25:05 AM - Darn-Computer!

RP140: 4/14/2011 1:16:19 PM - Software Distribution Service 3.0

RP141: 4/15/2011 5:44:54 PM - Installed Java 6 Update 24

RP142: 4/15/2011 9:22:08 PM - Installed Windows Internet Explorer 8.

RP143: 4/15/2011 9:26:39 PM - Software Distribution Service 3.0

RP144: 4/16/2011 2:27:59 PM - Software Distribution Service 3.0

RP145: 4/16/2011 10:11:36 PM - Software Distribution Service 3.0

RP146: 4/17/2011 10:40:15 AM - Software Distribution Service 3.0

RP147: 4/17/2011 3:50:46 PM - Removed Intel® PRO Network Connections

RP148: 4/17/2011 3:58:04 PM - Installed Intel® Network Connections.

RP149: 4/18/2011 8:35:16 AM - Software Distribution Service 3.0

RP150: 4/19/2011 10:11:21 AM - System Checkpoint

RP151: 4/19/2011 1:06:01 PM - Removed RemoteCapture 2.7.0

RP152: 4/19/2011 1:09:03 PM - Removed LogMeIn

RP153: 4/20/2011 3:40:28 PM - Installed Rapport

RP154: 4/20/2011 7:32:47 PM - Software Distribution Service 3.0

RP155: 4/24/2011 7:38:59 PM - System Checkpoint

RP156: 4/26/2011 1:26:44 PM - Removed Adobe Reader 9.4.4.

RP157: 4/26/2011 1:27:41 PM - Installed Adobe Reader X (10.0.1).

RP158: 4/27/2011 8:47:59 AM - Software Distribution Service 3.0

RP159: 4/29/2011 3:12:24 PM - System Checkpoint

RP160: 4/30/2011 7:27:29 PM - System Checkpoint

RP161: 5/2/2011 2:28:54 PM - Removed Windows Defender

RP162: 5/4/2011 7:07:04 PM - System Checkpoint

RP163: 5/5/2011 7:35:51 PM - System Checkpoint

RP164: 5/8/2011 2:53:41 PM - System Checkpoint

RP165: 5/9/2011 3:46:56 PM - Installed Rapport

RP166: 5/10/2011 4:27:25 PM - System Checkpoint

RP167: 5/11/2011 9:08:11 AM - Software Distribution Service 3.0

RP168: 5/12/2011 9:45:52 AM - System Checkpoint

RP169: 5/13/2011 5:08:10 PM - System Checkpoint

RP170: 5/14/2011 5:33:29 PM - System Checkpoint

RP171: 5/15/2011 6:29:54 PM - System Checkpoint

RP172: 5/16/2011 7:00:23 PM - System Checkpoint

RP173: 5/18/2011 1:43:18 PM - System Checkpoint

RP174: 5/19/2011 1:51:53 PM - System Checkpoint

RP175: 5/20/2011 1:55:29 PM - System Checkpoint

RP176: 5/22/2011 9:12:42 PM - System Checkpoint

RP177: 5/23/2011 9:29:55 PM - System Checkpoint

RP178: 5/24/2011 9:48:19 AM - Installed WeatherBug

RP179: 5/24/2011 9:56:59 AM - Removed RingtoneJunkiez Desktop

RP180: 5/24/2011 10:15:23 AM - Removed WeatherBug

RP181: 5/24/2011 2:46:21 PM - Installed HiJackThis

RP182: 5/25/2011 6:55:46 PM - System Checkpoint

RP183: 5/27/2011 7:31:28 AM - System Checkpoint

RP184: 5/28/2011 9:38:09 AM - System Checkpoint

RP185: 5/29/2011 11:11:38 AM - System Checkpoint

RP186: 5/30/2011 6:44:58 PM - System Checkpoint

RP187: 5/31/2011 8:10:50 PM - System Checkpoint

RP188: 6/2/2011 7:43:35 AM - System Checkpoint

RP189: 6/3/2011 7:59:26 AM - System Checkpoint

RP190: 6/5/2011 4:01:52 PM - Installed Windows Internet Explorer 8.

RP191: 6/5/2011 4:03:14 PM - Software Distribution Service 3.0

RP192: 6/5/2011 6:53:49 PM - Installed TurboTax 2010 wrapper

RP193: 6/5/2011 10:11:32 PM - Software Distribution Service 3.0

RP194: 6/7/2011 7:32:20 AM - System Checkpoint

RP195: 6/7/2011 7:21:43 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03

RP196: 6/7/2011 7:23:23 PM - Removed Java 6 Update 20

RP197: 6/7/2011 7:31:59 PM - Installed Java 6 Update 26

RP198: 6/8/2011 6:22:43 AM - Software Distribution Service 3.0

RP199: 6/8/2011 1:10:48 PM - Restore Operation

RP200: 6/8/2011 1:40:13 PM - Software Distribution Service 3.0

RP201: 6/8/2011 7:04:33 PM - Software Distribution Service 3.0

RP202: 6/10/2011 1:03:21 PM - System Checkpoint

RP203: 6/11/2011 1:55:11 PM - System Checkpoint

RP204: 6/12/2011 2:41:49 PM - System Checkpoint

RP205: 6/13/2011 2:42:03 PM - System Checkpoint

RP206: 6/14/2011 8:23:56 PM - System Checkpoint

RP207: 6/16/2011 11:07:08 AM - System Checkpoint

RP208: 6/16/2011 12:01:55 PM - Software Distribution Service 3.0

RP209: 6/17/2011 12:17:24 PM - System Checkpoint

RP210: 6/19/2011 3:49:47 PM - System Checkpoint

RP211: 6/20/2011 4:13:08 PM - System Checkpoint

RP212: 6/21/2011 3:29:09 PM - Removed HiJackThis

.

==== Installed Programs ======================

.

Acrobat.com

Adobe Acrobat 4.0

Adobe AIR

Adobe Atmosphere Player for Acrobat and Adobe Reader

Adobe Download Manager

Adobe Flash Player 10 ActiveX

Adobe Reader X (10.1.0)

Adobe SVG Viewer 3.0

Adobe® Photoshop® Album Starter Edition 3.0.1

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Auslogics Disk Defrag

Bonjour

BufferChm

Byki

Byki Standard

Camera Access Library

Camera Support Core Library

Camera Window DS

Camera Window DVC

Camera Window MC

Canon Camera Access Library

Canon Camera Support Core Library

Canon Camera WIA Driver

Canon Camera WIA Driver 6.0

Canon Camera Window DC_DV 5 for ZoomBrowser EX

Canon Camera Window DC_DV 6 for ZoomBrowser EX

Canon Camera Window DSLR 5 for ZoomBrowser EX

Canon Camera Window MC 6 for ZoomBrowser EX

Canon MovieEdit Task for ZoomBrowser EX

Canon PhotoRecord

Canon RAW Image Task for ZoomBrowser EX

Canon Utilities File Viewer Utility 1.2

Canon Utilities PhotoStitch 3.1

Canon Utilities RemoteCapture 2.7

Canon ZoomBrowser EX (E)

Compatibility Pack for the 2007 Office system

CorePLS_Full_QFolder

CorePLS_Min_QFolder

CP_AtenaShokunin1Config

CP_CalendarTemplates1

cp_OnlineProjectsConfig

CP_Package_Basic1

CP_Panorama1Config

cp_PosterPrintConfig

Crash Analysis Tool

Critical Update for Windows Media Player 11 (KB959772)

CueTour

CustomerResearchQFolder

Dell Digital Jukebox Driver

Dell Driver Reset Tool

Dell Support

Dell Support 3.2.1

Dell Support Center (Support Software)

Dell System Restore

DellSupport

Design Manager

Destinations

DeviceManagementQFolder

Digital Line Detect

eSupportQFolder

ffdshow [rev 2527] [2008-12-19]

File Viewer Utility 1.2

FileHippo.com Update Checker

FullDPAppQFolder

Gimp 2.6.2 Debug

Google Earth

Google Update Helper

GoToMeeting 4.5.0.457

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Color LaserJet 2605 Series 1.0

HP Extended Capabilities 6.0

HP Imaging Device Functions 6.0

HP Photosmart Premier Software 6.0

HP Product Assistant

HP Solution Center and Imaging Support Tools 6.0

HP Update

hppCLJ2605

hppFonts

hppIOFiles

hppManuals2605

HPProductAssistant

hppTLBXFX2605

hppusg2605

hppWebRegMM

hpzTLBXFX

InstantShareDevices

Intel® 537EP V9x DF PCI Modem

Intel® Graphics Media Accelerator Driver

Intel® Network Connections 14.0.40.0

Internet Explorer Default Page

J2SE Runtime Environment 5.0 Update 9

Jasc Paint Shop Pro Studio, Dell Editon

Java 2 Runtime Environment, SE v1.4.2_03

Java Auto Updater

Java 6 Update 24

Macromedia Shockwave Player

Malwarebytes' Anti-Malware version 1.51.0.1200

MarketResearch

McAfee Anti-Theft

McAfee Online Backup

McAfee Security Scan Plus

McAfee SecurityCenter

McAfee Virtual Technician

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Calculator Plus

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft National Language Support Downlevel APIs

Microsoft Office Basic Edition 2003

Microsoft Plus! Digital Media Edition Installer

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft XML Parser

MovieEdit Task

MSN

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB925673)

MSXML4 Parser

My Way Search Assistant

Nero 8 Essentials

neroxml

Netflix Movie Viewer

Octoshape add-in for Adobe Flash Player

PhotoGallery

PhotoStitch

PowerDVD

Product_SF_Full_QFolder

Product_SF_Min_QFolder

RandMap

Rapport

RAW Image Task 2.2

ReaJPEG Pro 3.9

RemoteCapture 2.7.0

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2183461)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360131)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2416400)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2482017)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2497640)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974455)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB976325)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SkinsHP1

SolutionCenter

Sonic_PrimoSDK

System Requirements Lab for Intel

TBS WMP Plug-in

Transparent Language System

TurboTax 2008

TurboTax 2008 WinPerFedFormset

TurboTax 2008 WinPerProgramHelp

TurboTax 2008 WinPerReleaseEngine

TurboTax 2008 WinPerTaxSupport

TurboTax 2008 WinPerUserEducation

TurboTax 2008 wnmiper

TurboTax 2008 wrapper

TurboTax 2009

TurboTax 2009 WinPerFedFormset

TurboTax 2009 WinPerReleaseEngine

TurboTax 2009 WinPerTaxSupport

TurboTax 2009 wnmiper

TurboTax 2009 wrapper

TurboTax 2010

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wrapper

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB976749)

Update for Windows XP (KB978207)

Update for Windows XP (KB980182)

User Profile Hive Cleanup Service

VCRedistSetup

Vivitar Experience Image Manager

WebFldrs XP

WebReg

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 11

Windows Media Player Firefox Plugin

Windows Presentation Foundation

Windows XP Service Pack 3

Wireless Wizard ver 3.8 Release Candidate 1

XML Paper Specification Shared Components Pack 1.0

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

6/21/2011 3:29:15 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

6/20/2011 11:15:54 AM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 001111E9BA91 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

6/19/2011 2:18:01 PM, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.

6/19/2011 2:10:10 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service NMIndexingService with arguments "" in order to run the server: {E8933C4B-2C90-4A04-A677-E958D9509F1A}

6/19/2011 2:08:20 PM, error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.

6/16/2011 10:40:22 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Hi,

Grab a fresh copy of ComboFix, run it, and post its log.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Share this post


Link to post
Share on other sites

ESET removed the following:

C:\Documents and Settings\dw\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00090c HTML/Iframe.B.Gen virus deleted - quarantined

C:\Documents and Settings\dw\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000910 JS/Kryptik.AX.Gen trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP180\A0039507.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined

I couldn't find the log file for the entire 3.37 hr scan.

I couldn't find Limewire in Contro Panel add/remove programs, but I did find it in the registry with regedit & removed it.

Results of screen317's Security Check version 0.99.16

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

McAfee Security Scan Plus

McAfee Virtual Technician

McAfee SecurityCenter

McAfee Online Backup

McAfee Anti-Theft

McAfee Online Backup

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 24

Java 2 Runtime Environment, SE v1.4.2_03

Out of date Java installed!

Adobe Flash Player

Adobe Reader X (10.1.0)

````````````````````````````````

Process Check:

objlist.exe by Laurent

McAfee Online Backup MOBKbackup.exe

``````````End of Log````````````

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.