Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93117 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Computer is running slow and locking up.


  • This topic is locked This topic is locked
24 replies to this topic

#1 Gordon22

Gordon22

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 10 January 2010 - 04:16 PM

I am not sure what is wrong with my computer. It is running a lot slower than usual and when I try to do fairly normal things with my computer, it will lock up, but it wouldn't lock up when my computer was running really good.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:29:22 AM, on 1/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.n...lbar2.0/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/
O2 - BHO: (no name) - {1925C7E1-5540-4675-8198-8A2779D4072A} - (no file)
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?1e8ce2536a3445edbd876958dda83ee4
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?1e8ce2536a3445edbd876958dda83ee4
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.yorkphoto...YorkActivia.cab
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} (SolitaireRush Control) - http://www.worldwinn...litairerush.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: USB2.0 VIDBOX NW01 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe

--
End of file - 13674 bytes

    Advertisements

Register to Remove


#2 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 12 January 2010 - 06:27 AM

Hello there, Gordon22

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise.
This may cause a delay, but I will do my best to keep it as short as possible.

Please bear with me, I will post back to you as soon as I can.

IMPORTANT NOTE : Please do not delete anything unless instructed to.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#3 Gordon22

Gordon22

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 12 January 2010 - 03:09 PM

Nice to meet you. Thank you for coming to my aid. I will do everything that you say.

#4 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 13 January 2010 - 03:38 AM

Hi,

I noticed that you have just installed MBAM and I would like to know if you have run the scan already? If so, please post that log as well.

The log can be found here:
  • Open MBAM and click on the Logs tab
  • Click on the most recent log
  • Click Open
Copy and paste the contents of the log into your next reply.

===================================================

In the mean time,

Please download DDS by sUBs from one of the following links and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
===================================================

Please download RootRepeal to your desktop
  • Physically disconnect your machine from the internet as your system will be unprotected.
  • Unzip it to it's own folder, close all other programs especially your security programs (anti-spyware, anti-virus, and firewall) and run RootRepeal.exe
  • Click the Report tab at the bottom and then the Scan button.
  • A box will pop up, check the boxes beside Drivers, Files, Processes SSDT and click OK.
  • Another box will open, check the boxes beside all the drives, eg : C:\, then click OK.
  • The scan will take a little while to run, so let it go unhindered.
  • Once it is done, click the Save Report button, call it RepealScan and save the log to your desktop.
  • Reconnect to the internet.
  • Post the log here in your reply.
===================================================

On your next reply please post :
DDS log
RootRepeal log
MBAM log (if any)


Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#5 Gordon22

Gordon22

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 13 January 2010 - 02:40 PM

I ran rootrepeal and it would not work. It would lock up and stop. When I ran rootrepea, it would give me two error messages which are: "Error - invalid PE image found", showed two of them. I dont know what they are. Here are the other logs though. DDS (Ver_09-12-01.01) - NTFSx86 Run by G-Man at 11:46:46.76 on Wed 01/13/2010 Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_14 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1201 [GMT -8:00] AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\vsnpstd3.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Microsoft Office\Office\OSA.EXE svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\StkASv2K.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\G-Man\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearch Bar = hxxp://www.comcast.net/toolbar2.0/search/ mDefault_Search_URL = hxxp://www.google.com/ie mSearch Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = <local>;*.local uSearchAssistant = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.comcast.net/toolbar2.0/search/ BHO: {1925C7E1-5540-4675-8198-8A2779D4072A} - No File BHO: IeCatch5 Class: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\progra~1\flashget\jccatch.dll BHO: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~1.DLL BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Beta: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No File BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~1.DLL TB: &Windows Live Toolbar Beta: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [CTSysVol] "c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe" /r mRun: [CTDVDDET] "c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE" mRun: [UpdReg] c:\windows\UpdReg.EXE mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [ISUSPM Startup] "c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe" -startup mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [snpstd3] c:\windows\vsnpstd3.exe mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [DMXLauncher] "c:\program files\dell\media experience\DMXLauncher.exe" mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [CTHelper] CTHELPER.EXE mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [McAfee Backup] "c:\program files\mcafee\mbk\McAfeeDataBackup.exe" StartupFolder: c:\docume~1\g-man\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE StartupFolder: c:\docume~1\g-man\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm IE: Open in new background tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?1e8ce2536a3445edbd876958dda83ee4 IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?1e8ce2536a3445edbd876958dda83ee4 IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.yorkphoto.com/YorkActivia.cab DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} - hxxp://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab47946.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Notify: WRNotifier - WRLogonNTF.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\g-man\applic~1\mozilla\firefox\profiles\qsc4bbo6.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://webauth.comcast.net/auth/login?url=http%253A%252F%252Fwww.comcast.net%252Fqry%252Fgoto%253Fapp%253Dmail%2526CM.src%253Dtop FF - prefs.js: keyword.URL - hxxp://www.ffsearch.net/search/?q= FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2006-9-28 11000] R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2006-11-29 3968] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-13 214664] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-7-22 359952] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-7-22 144704] R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-5-5 92672] R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-5-5 548352] R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-5-6 560576] R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-7-22 606736] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-7-22 79816] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-7-22 35272] R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-7-22 40552] S3 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2006-9-28 312880] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-5-5 92672] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-5-5 548352] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-5-5 94208] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-5-5 94208] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-5-6 560576] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2005-11-4 17149] S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-8-17 29744] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-7-22 34248] =============== Created Last 30 ================ 2010-01-11 23:49:15 0 dc----w- c:\docume~1\g-man\applic~1\WinPatrol 2010-01-11 23:48:51 0 dc----w- c:\program files\BillP Studios 2010-01-10 22:34:46 195456 -c----w- c:\windows\system32\MpSigStub.exe 2010-01-10 22:32:05 0 dc----w- c:\program files\Microsoft Security Essentials 2010-01-08 20:40:34 96512 -c--a-w- c:\windows\system32\drivers\OLD4798.tmp 2010-01-08 20:36:26 96512 -c--a-w- c:\windows\system32\drivers\OLD4775.tmp 2010-01-07 15:30:21 96512 -c--a-w- c:\windows\system32\drivers\OLD46E3.tmp 2010-01-06 20:33:47 96512 -c--a-w- c:\windows\system32\drivers\OLD4642.tmp 2010-01-06 07:42:29 96512 -c--a-w- c:\windows\system32\drivers\OLD45C4.tmp 2010-01-05 23:41:40 96512 -c--a-w- c:\windows\system32\drivers\OLD44F6.tmp 2010-01-05 20:31:42 96512 -c--a-w- c:\windows\system32\drivers\OLD449E.tmp 2010-01-05 20:24:32 96512 -c--a-w- c:\windows\system32\drivers\OLD449B.tmp 2010-01-05 20:13:34 96512 -c--a-w- c:\windows\system32\drivers\OLD4498.tmp 2010-01-05 19:48:26 96512 -c--a-w- c:\windows\system32\drivers\OLD4491.tmp 2010-01-05 18:12:54 96512 -c--a-w- c:\windows\system32\drivers\OLD4453.tmp 2010-01-05 16:45:33 96512 -c--a-w- c:\windows\system32\drivers\OLD442E.tmp 2010-01-05 15:14:20 96512 -c--a-w- c:\windows\system32\drivers\OLD43BC.tmp 2010-01-05 06:30:52 96512 -c--a-w- c:\windows\system32\drivers\OLD43AD.tmp 2010-01-05 06:27:54 96512 -c--a-w- c:\windows\system32\drivers\OLD43AA.tmp 2010-01-05 06:24:03 96512 -c--a-w- c:\windows\system32\drivers\OLD43A7.tmp 2010-01-05 05:06:06 96512 -c--a-w- c:\windows\system32\drivers\OLD437C.tmp 2010-01-05 05:03:40 96512 -c--a-w- c:\windows\system32\drivers\OLD4379.tmp 2010-01-05 04:59:54 96512 -c--a-w- c:\windows\system32\drivers\OLD4376.tmp 2010-01-05 04:41:28 96512 -c--a-w- c:\windows\system32\drivers\OLD436E.tmp 2010-01-05 02:41:10 96512 -c--a-w- c:\windows\system32\drivers\OLD4357.tmp 2010-01-05 02:09:54 96512 -c--a-w- c:\windows\system32\drivers\OLD4321.tmp 2010-01-05 01:41:24 96512 -c--a-w- c:\windows\system32\drivers\OLD431C.tmp 2010-01-05 01:39:13 96512 -c--a-w- c:\windows\system32\drivers\OLD430B.tmp 2010-01-05 01:03:43 96512 -c--a-w- c:\windows\system32\drivers\OLD42CE.tmp 2010-01-05 01:00:44 96512 -c--a-w- c:\windows\system32\drivers\OLD42CB.tmp 2010-01-05 00:34:07 96512 -c--a-w- c:\windows\system32\drivers\OLD42C0.tmp 2010-01-05 00:21:15 96512 -c--a-w- c:\windows\system32\drivers\OLD42BD.tmp 2010-01-04 23:10:05 96512 -c--a-w- c:\windows\system32\drivers\OLD427F.tmp 2010-01-04 22:20:36 96512 -c--a-w- c:\windows\system32\drivers\OLD425E.tmp 2010-01-04 04:06:00 96512 -c--a-w- c:\windows\system32\drivers\OLD417D.tmp 2010-01-04 03:31:34 96512 -c--a-w- c:\windows\system32\drivers\OLD415C.tmp 2010-01-03 22:48:22 96512 -c--a-w- c:\windows\system32\drivers\OLD407D.tmp 2010-01-02 23:34:18 96512 -c--a-w- c:\windows\system32\drivers\OLD3FE6.tmp 2010-01-02 07:18:26 96512 -c--a-w- c:\windows\system32\drivers\OLD3F19.tmp 2010-01-02 06:48:06 96512 -c--a-w- c:\windows\system32\drivers\OLD3EE4.tmp 2010-01-02 06:36:18 96512 -c--a-w- c:\windows\system32\drivers\OLD3EE1.tmp 2010-01-02 05:23:58 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll 2010-01-02 05:14:23 96512 -c--a-w- c:\windows\system32\drivers\OLD3DB0.tmp 2009-12-31 23:12:43 96512 -c--a-w- c:\windows\system32\drivers\OLD3D2B.tmp 2009-12-31 20:43:31 96512 -c--a-w- c:\windows\system32\drivers\OLD3CD5.tmp 2009-12-31 20:41:36 96512 -c--a-w- c:\windows\system32\drivers\OLD3CD1.tmp 2009-12-31 09:56:43 96512 -c--a-w- c:\windows\system32\drivers\OLD3C32.tmp 2009-12-31 09:16:14 96512 -c--a-w- c:\windows\system32\drivers\OLD3C01.tmp 2009-12-31 09:12:49 96512 -c--a-w- c:\windows\system32\drivers\OLD3BFE.tmp 2009-12-31 09:12:49 96512 -c--a-w- c:\windows\system32\drivers\atapi.sys ==================== Find3M ==================== 2009-10-21 05:38:36 75776 -c--a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38:36 25088 -c--a-w- c:\windows\system32\httpapi.dll 2007-10-19 05:44:09 56 -csh--r- c:\windows\system32\4DA19DB265.sys 2007-10-19 05:44:09 3036 -csha-w- c:\windows\system32\KGyGaAvL.sys 2009-03-14 22:06:38 32768 -csha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat 2008-05-15 07:54:22 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051520080516\index.dat ============= FINISH: 11:48:11.96 =============== Malwarebytes' Anti-Malware 1.41 Database version: 3123 Windows 5.1.2600 Service Pack 3 (Safe Mode) 1/12/2010 9:16:23 PM mbam-log-2010-01-12 (21-16-23).txt Scan type: Full Scan (C:\|D:\|K:\|) Objects scanned: 325201 Time elapsed: 2 hour(s), 0 minute(s), 38 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1925c7e1-5540-4675-8198-8a2779d4072a} (Trojan.Banker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1925c7e1-5540-4675-8198-8a2779d4072a} (Trojan.Banker) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Attached Files



#6 Gordon22

Gordon22

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 13 January 2010 - 03:22 PM

The rootrepeal scan worked. Here is the log. ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/01/13 13:07 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xA5C08000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: Volume C:\ Status: MBR Rootkit Detected! Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9716f7101d40.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9716f8111480.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9716f8431c0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9716f8b2af0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9716f8f8c0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9717e2e123d80.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9719b971960.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d982123a2a4e0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d982161c1f9c0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e00132130.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e00182ee0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e001e00.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e0023cb0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e00281960.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e002d2fd0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e00323d80.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e00331c0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e0038da0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e00900.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e00e1480.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e0101134b0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e010175d0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d17333737a0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d17341033c0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1734167d0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173416d0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d17341b1c50.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1734202bf0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1734253a90.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d17342b9c0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1734301770.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1734301771.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d17343529f0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d17343b5d0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173461670.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1734b2420.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1735141380.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d17351e32c0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1735241f0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1735291190.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d17352e2030.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d17352e2130.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d17353334b0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173539da0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173541e40.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1735932c0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1735f4e0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1736121570.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1736172420.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d17361c31c0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1736222e0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173622320.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1736271090.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1736312ce0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1736363c80.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1736737a0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1736d7d0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d17370bb0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1737154e0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d17371a1280.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d17371f2220.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1737242fd0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d17372a2e0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d17372f1190.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1737342130.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d17373932c0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173751860.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1737a2710.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1737f35b0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1738173b90.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d17381dab0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1738221960.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1738272610.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d17382c33c0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1738323e0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173832e0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1738371090.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d17388fa0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1738d1d40.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173901e40.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173910ea0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1739151c50.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d17391a29f0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d17391f36b0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173925da0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d17392f2900.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d17393438a0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d17393a7d0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173952fd0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d1739a3b90.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173a137d0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173a181570.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173a1d2420.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173a2231c0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173a285d0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173a2d1380.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173a31480.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173a322130.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173a372fd0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173a829f0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173ad3990.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173b03d80.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173b102de0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173b153d80.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173b1bbb0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173b201860.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173b252610.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173b2a37a0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173b306d0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173b351570.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173b3a2220.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173b6ea0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1d173bb2030.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1f00121b50.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1f00172800.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1f001c35b0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1f00223e0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1f0022ee0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1f0027fa0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1f002c2030.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1f00312de0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1f00363c80.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1f0073d80.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1f00dda0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1f010034b0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1f010102220.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1f010102221.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1f0101538a0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e011acb0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e011b2bf0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e011f1a50.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e01203b90.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e012121190.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e012171f40.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e0121c2bf0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e012213990.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e01222030.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e012279c0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e0122c1770.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e012312710.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e0123633c0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e0126ab0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e01272de0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e012b1770.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e023833c0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e023e1f0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e02403d80.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e024102bf0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e0241480.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e024153a90.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e0241b9c0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e024201770.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e024252610.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e0242a3990.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e024308c0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e024351570.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e0243a2320.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e0246bb0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e024b1f40.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e025131e40.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e025182af0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e0251d37a0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e025236d0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e025281480.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e0252d2220.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e025322fd0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e025331c0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e025385d0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e041e32c0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e04244e0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e04291480.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e042e2130.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e04332ee0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e04383d80.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e0442af0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e04937a0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e04f6d0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e051134b0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e05174e0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e051c1280.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e05212420.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e052632c0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e052c1f0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e052cb0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e05362220.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e05362320.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e053b35b0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e0571a50.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e05c2710.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e06154e0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e061a1380.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e061f2220.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e06242ee0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e062af0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e062fea0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e06341d40.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e06392bf0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e065cb0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e06a2420.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e06f35b0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e071736b0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e071d5d0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e07221280.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e07238a0.bup Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\7d9c1e07272030.bup Status: Invisible to the Windows API!S==EOF==

#7 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 15 January 2010 - 10:54 AM

Hi,

You are infected with a password stealer.

We recommend, you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, Pin numbers, credit card numbers, account numbers, etc. should all be changed immediately, and it would be wise to contact those same financial institutions to advise them of your situation. This infection that you have will attract others, keep it offline except when we are troubleshooting.

Trojans attempt to steal passwords, as well as logging keypresses and open a window periodically sends the collected information. Even if we clean the malware off your system, We can't guarantee that your system will be clean afterwards. Also, we cannot guarantee to repair all the damage it caused.

Should you have decided to do a re-format of your system or wish to continue, please let me know.

Please read this :
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud

When should I re-format? How should I reinstall

===================================================

Please read through these instructions to familarize yourself with what to expect when this tool runs


Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

===================================================

On your next reply please post :
ComboFix log


Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#8 Gordon22

Gordon22

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 15 January 2010 - 01:34 PM

I cannot save ComboFix to my computer. Says I cannot read the source file. VOID.

Edited by Gordon22, 15 January 2010 - 11:36 PM.


#9 Gordon22

Gordon22

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 15 January 2010 - 02:54 PM

I got combofix to work. Here is the log.



ComboFix 10-01-15.01 - G-Man 01/15/2010 12:37:45.8.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1392 [GMT -8:00]
Running from: c:\documents and settings\G-Man\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

K:\Autorun.inf
.
---- Previous Run -------
.
c:\windows\run.log
c:\windows\system32\Data\CTP0070W.DAT
c:\windows\system32\Data\CTP0073W.DAT
c:\windows\system32\Data\CTP0090W.DAT
c:\windows\system32\Data\CTP0091W.DAT
c:\windows\system32\Data\CTP0092W.DAT
c:\windows\system32\Data\CTP0095W.DAT
c:\windows\system32\Data\CTP0161W.DAT
c:\windows\system32\Data\CTP0162W.DAT
c:\windows\system32\Data\CTP0191W.DAT
c:\windows\system32\Data\CTP0192W.DAT
c:\windows\system32\Data\CTP0230W.DAT
c:\windows\system32\Data\CTP0231W.DAT
c:\windows\system32\Data\CTP0232W.DAT
c:\windows\system32\Data\CTP0238W.DAT
c:\windows\system32\Data\CTP0240W.DAT
c:\windows\system32\Data\CTP0242W.DAT
c:\windows\system32\Data\CTP0243W.DAT
c:\windows\system32\Data\CTP0244W.DAT
c:\windows\system32\Data\CTP0245W.DAT
c:\windows\system32\Data\CTP0246W.DAT
c:\windows\system32\Data\CTP0249W.DAT
c:\windows\system32\Data\CTP0280W.DAT
c:\windows\system32\Data\CTP0320W.DAT
c:\windows\system32\Data\CTP0350W.DAT
c:\windows\system32\Data\CTP0352W.DAT
c:\windows\system32\Data\CTP0355W.DAT
c:\windows\system32\Data\CTP0358W.DAT
c:\windows\system32\Data\CTP0359W.DAT
c:\windows\system32\Data\CTP0360W.DAT
c:\windows\system32\Data\CTP0380W.DAT
c:\windows\system32\Data\CTP0400W.DAT
c:\windows\system32\Data\CTP0530L.DAT
c:\windows\system32\Data\CTP0530W.DAT
c:\windows\system32\Data\CTP0531L.DAT
c:\windows\system32\Data\CTP0531W.DAT
c:\windows\system32\Data\CTP0600W.DAT
c:\windows\system32\Data\CTP0610W.DAT
c:\windows\system32\Data\CTP0669W.DAT
c:\windows\system32\Data\CTP4820W.DAT
c:\windows\system32\SIntf16.dll

.
((((((((((((((((((((((((( Files Created from 2009-12-15 to 2010-01-15 )))))))))))))))))))))))))))))))
.

2010-01-11 23:49 . 2010-01-11 23:49 -------- dc----w- c:\documents and settings\G-Man\Application Data\WinPatrol
2010-01-11 23:49 . 2009-06-09 18:42 46 -c--a-w- c:\documents and settings\G-Man\Application Data\WinPatrol\Config.sys
2010-01-11 23:49 . 2009-06-09 18:42 30 -c--a-w- c:\documents and settings\G-Man\Application Data\WinPatrol\Autoexec.bat
2010-01-11 23:48 . 2010-01-11 23:48 -------- dc----w- c:\program files\BillP Studios
2010-01-10 22:34 . 2010-01-14 19:12 181120 -c----w- c:\windows\system32\MpSigStub.exe
2010-01-10 22:32 . 2010-01-10 22:32 -------- dc----w- c:\program files\Microsoft Security Essentials
2010-01-08 21:46 . 2010-01-08 21:46 -------- dc----w- c:\documents and settings\HelpAssistant\WINDOWS
2010-01-08 21:46 . 2010-01-08 21:46 -------- dc----w- c:\documents and settings\HelpAssistant\UserData
2010-01-08 21:46 . 2010-01-08 21:46 -------- dc----w- c:\documents and settings\HelpAssistant\Tracing
2010-01-08 20:50 . 2010-01-08 20:50 -------- dc----w- c:\documents and settings\HelpAssistant\Shared
2010-01-08 20:50 . 2010-01-08 20:50 -------- dc----w- c:\documents and settings\HelpAssistant\PrivacIE
2010-01-08 20:50 . 2010-01-08 20:50 -------- dc----w- c:\documents and settings\HelpAssistant\New Folder
2010-01-08 20:50 . 2010-01-08 20:50 -------- dc----w- c:\documents and settings\HelpAssistant\Incomplete
2010-01-08 20:50 . 2010-01-08 20:50 -------- dc----w- c:\documents and settings\HelpAssistant\IETldCache
2010-01-08 20:50 . 2010-01-08 20:50 -------- dc----w- c:\documents and settings\HelpAssistant\IECompatCache
2010-01-08 20:49 . 2010-01-08 20:49 -------- dc----w- c:\documents and settings\HelpAssistant\DoctorWeb
2010-01-08 20:49 . 2010-01-08 20:49 -------- dc----w- c:\documents and settings\HelpAssistant\Contacts
2010-01-08 20:49 . 2010-01-08 20:49 -------- dc----w- c:\documents and settings\HelpAssistant\Complete
2010-01-02 05:24 . 2004-08-04 10:00 98304 -c--a-w- c:\windows\system32\msir3jp.dll
2010-01-02 05:24 . 2004-08-04 10:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2010-01-02 05:24 . 2004-08-04 10:00 838144 -c--a-w- c:\windows\system32\dllcache\chtbrkr.dll
2010-01-02 05:24 . 2004-08-04 10:00 838144 -c--a-w- c:\windows\system32\chtbrkr.dll
2010-01-02 05:24 . 2004-08-04 10:00 70656 -c--a-w- c:\windows\system32\korwbrkr.dll
2010-01-02 05:24 . 2004-08-04 10:00 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll
2010-01-02 05:24 . 2004-08-04 10:00 1677824 -c--a-w- c:\windows\system32\dllcache\chsbrkr.dll
2010-01-02 05:24 . 2004-08-04 10:00 1677824 -c--a-w- c:\windows\system32\chsbrkr.dll
2009-12-31 09:12 . 2010-01-08 20:50 96512 -c--a-w- c:\windows\system32\drivers\atapi.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 19:41 . 2008-05-11 16:35 -------- dc----w- c:\documents and settings\G-Man\Application Data\ComcastToolbar
2010-01-13 05:21 . 2007-04-10 18:39 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-11 16:50 . 2008-05-22 22:21 -------- dc----w- c:\program files\LimeWire
2010-01-11 03:06 . 2009-02-15 23:40 -------- dc----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-01-08 22:20 . 2005-11-18 19:28 78008 -c--a-w- c:\documents and settings\G-Man\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-08 20:40 . 2010-01-08 20:40 96512 -c--a-w- c:\windows\system32\drivers\OLD4798.tmp
2010-01-08 20:36 . 2010-01-08 20:36 96512 -c--a-w- c:\windows\system32\drivers\OLD4775.tmp
2010-01-07 15:30 . 2010-01-07 15:30 96512 -c--a-w- c:\windows\system32\drivers\OLD46E3.tmp
2010-01-06 20:33 . 2010-01-06 20:33 96512 -c--a-w- c:\windows\system32\drivers\OLD4642.tmp
2010-01-06 07:42 . 2010-01-06 07:42 96512 -c--a-w- c:\windows\system32\drivers\OLD45C4.tmp
2010-01-05 23:41 . 2010-01-05 23:41 96512 -c--a-w- c:\windows\system32\drivers\OLD44F6.tmp
2010-01-05 20:31 . 2010-01-05 20:31 96512 -c--a-w- c:\windows\system32\drivers\OLD449E.tmp
2010-01-05 20:24 . 2010-01-05 20:24 96512 -c--a-w- c:\windows\system32\drivers\OLD449B.tmp
2010-01-05 20:13 . 2010-01-05 20:13 96512 -c--a-w- c:\windows\system32\drivers\OLD4498.tmp
2010-01-05 19:48 . 2010-01-05 19:48 96512 -c--a-w- c:\windows\system32\drivers\OLD4491.tmp
2010-01-05 18:12 . 2010-01-05 18:12 96512 -c--a-w- c:\windows\system32\drivers\OLD4453.tmp
2010-01-05 16:45 . 2010-01-05 16:45 96512 -c--a-w- c:\windows\system32\drivers\OLD442E.tmp
2010-01-05 15:14 . 2010-01-05 15:14 96512 -c--a-w- c:\windows\system32\drivers\OLD43BC.tmp
2010-01-05 06:30 . 2010-01-05 06:30 96512 -c--a-w- c:\windows\system32\drivers\OLD43AD.tmp
2010-01-05 06:27 . 2010-01-05 06:27 96512 -c--a-w- c:\windows\system32\drivers\OLD43AA.tmp
2010-01-05 06:24 . 2010-01-05 06:24 96512 -c--a-w- c:\windows\system32\drivers\OLD43A7.tmp
2010-01-05 05:06 . 2010-01-05 05:06 96512 -c--a-w- c:\windows\system32\drivers\OLD437C.tmp
2010-01-05 05:03 . 2010-01-05 05:03 96512 -c--a-w- c:\windows\system32\drivers\OLD4379.tmp
2010-01-05 04:59 . 2010-01-05 04:59 96512 -c--a-w- c:\windows\system32\drivers\OLD4376.tmp
2010-01-05 04:41 . 2010-01-05 04:41 96512 -c--a-w- c:\windows\system32\drivers\OLD436E.tmp
2010-01-05 02:41 . 2010-01-05 02:41 96512 -c--a-w- c:\windows\system32\drivers\OLD4357.tmp
2010-01-05 02:09 . 2010-01-05 02:09 96512 -c--a-w- c:\windows\system32\drivers\OLD4321.tmp
2010-01-05 01:41 . 2010-01-05 01:41 96512 -c--a-w- c:\windows\system32\drivers\OLD431C.tmp
2010-01-05 01:39 . 2010-01-05 01:39 96512 -c--a-w- c:\windows\system32\drivers\OLD430B.tmp
2010-01-05 01:03 . 2010-01-05 01:03 96512 -c--a-w- c:\windows\system32\drivers\OLD42CE.tmp
2010-01-05 01:00 . 2010-01-05 01:00 96512 -c--a-w- c:\windows\system32\drivers\OLD42CB.tmp
2010-01-05 00:34 . 2010-01-05 00:34 96512 -c--a-w- c:\windows\system32\drivers\OLD42C0.tmp
2010-01-05 00:21 . 2010-01-05 00:21 96512 -c--a-w- c:\windows\system32\drivers\OLD42BD.tmp
2010-01-04 23:10 . 2010-01-04 23:10 96512 -c--a-w- c:\windows\system32\drivers\OLD427F.tmp
2010-01-04 22:20 . 2010-01-04 22:20 96512 -c--a-w- c:\windows\system32\drivers\OLD425E.tmp
2010-01-04 04:06 . 2010-01-04 04:06 96512 -c--a-w- c:\windows\system32\drivers\OLD417D.tmp
2010-01-04 03:31 . 2010-01-04 03:31 96512 -c--a-w- c:\windows\system32\drivers\OLD415C.tmp
2010-01-03 22:48 . 2010-01-03 22:48 96512 -c--a-w- c:\windows\system32\drivers\OLD407D.tmp
2010-01-02 23:34 . 2010-01-02 23:34 96512 -c--a-w- c:\windows\system32\drivers\OLD3FE6.tmp
2010-01-02 07:18 . 2010-01-02 07:18 96512 -c--a-w- c:\windows\system32\drivers\OLD3F19.tmp
2010-01-02 06:48 . 2010-01-02 06:48 96512 -c--a-w- c:\windows\system32\drivers\OLD3EE4.tmp
2010-01-02 06:36 . 2010-01-02 06:36 96512 -c--a-w- c:\windows\system32\drivers\OLD3EE1.tmp
2010-01-02 05:14 . 2010-01-02 05:14 96512 -c--a-w- c:\windows\system32\drivers\OLD3DB0.tmp
2009-12-31 23:12 . 2009-12-31 23:12 96512 -c--a-w- c:\windows\system32\drivers\OLD3D2B.tmp
2009-12-31 20:43 . 2009-12-31 20:43 96512 -c--a-w- c:\windows\system32\drivers\OLD3CD5.tmp
2009-12-31 20:41 . 2009-12-31 20:41 96512 -c--a-w- c:\windows\system32\drivers\OLD3CD1.tmp
2009-12-31 09:56 . 2009-12-31 09:56 96512 -c--a-w- c:\windows\system32\drivers\OLD3C32.tmp
2009-12-31 09:16 . 2009-12-31 09:16 96512 -c--a-w- c:\windows\system32\drivers\OLD3C01.tmp
2009-12-31 09:12 . 2009-12-31 09:12 96512 -c--a-w- c:\windows\system32\drivers\OLD3BFE.tmp
2009-12-29 23:40 . 2009-02-10 03:54 -------- dc----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-12-28 19:39 . 2008-05-22 22:18 -------- dc----w- c:\documents and settings\G-Man\Application Data\LimeWire
2009-12-28 19:37 . 2007-01-25 06:51 -------- dc----w- c:\program files\Incomplete
2009-12-18 20:13 . 2007-07-14 20:00 -------- dc----w- c:\program files\Diablo IIII
2009-12-12 05:34 . 2009-12-12 05:34 -------- dc----w- c:\program files\FlashGet
2009-12-06 20:58 . 2009-12-06 20:58 -------- dc----w- c:\program files\Funcom
2009-12-06 20:57 . 2005-07-29 04:15 -------- dc-h--w- c:\program files\InstallShield Installation Information
2009-11-22 03:40 . 2009-07-22 20:34 -------- dc----w- c:\program files\McAfee
2009-11-21 15:51 . 2004-08-10 17:50 471552 -c--a-w- c:\windows\AppPatch\aclayers.dll
2009-10-21 05:38 . 2004-08-10 17:51 75776 -c--a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-10 17:51 25088 -c--a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 04:00 265728 -c--a-w- c:\windows\system32\drivers\http.sys
2009-04-15 20:24 . 2009-04-15 20:24 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-10-19 05:44 . 2005-11-12 23:21 56 -csh--r- c:\windows\system32\4DA19DB265.sys
2007-10-19 05:44 . 2005-11-12 23:21 3036 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-01-14 339968]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-14 29744]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-13 198160]
"CTHelper"="CTHELPER.EXE" [2008-05-05 19456]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

c:\documents and settings\G-Man\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-7-28 24576]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Diablo IIII\\Diablo II.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"2704:TCP"= 2704:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop

R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [5/5/2008 12:22 PM 92672]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [5/5/2008 12:23 PM 548352]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [5/6/2008 1:55 AM 560576]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [5/5/2008 12:22 PM 92672]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [5/5/2008 12:23 PM 548352]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [5/5/2008 12:21 PM 94208]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [5/5/2008 12:21 PM 94208]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [5/6/2008 1:55 AM 560576]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [11/4/2005 8:30 PM 17149]
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/17/2006 10:30 PM 29744]
.
Contents of the 'Scheduled Tasks' folder

2010-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-11-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-22 19:22]

2009-07-22 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-22 19:22]

2010-01-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-03 01:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?1e8ce2536a3445edbd876958dda83ee4
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?1e8ce2536a3445edbd876958dda83ee4
FF - ProfilePath - c:\documents and settings\G-Man\Application Data\Mozilla\Firefox\Profiles\qsc4bbo6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://webauth.comcast.net/auth/login?url=http%253A%252F%252Fwww.comcast.net%252Fqry%252Fgoto%253Fapp%253Dmail%2526CM.src%253Dtop
FF - prefs.js: keyword.URL - hxxp://www.ffsearch.net/search/?q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -

BHO-{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-svcWRSSSDK
AddRemove-Bullet Hiragana - c:\bh\setup\setup.exe
AddRemove-EZ Videos - c:\progra~1\Freeze.com\EZ Videos\UNINSTAL.EXE
AddRemove-Videora iPod Converter - c:\program files\Red Kawa\Video Converter 3\uninstaller.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-15 12:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3641756411-3923313767-1215939971-1006\Software\SecuROM\License information*]
"datasecu"=hex:65,5d,93,04,52,b2,68,9a,1e,71,b5,1a,06,02,e1,40,79,45,4c,99,ec,
df,7e,e4,21,1a,10,de,fb,3f,68,26,dd,cc,65,67,ff,85,3a,76,3b,fb,0a,1b,89,ca,\
"rkeysecu"=hex:1e,54,98,08,30,bf,ac,09,b4,df,88,06,50,90,24,61
.
Completion time: 2010-01-15 12:49:01
ComboFix-quarantined-files.txt 2010-01-15 20:48
ComboFix2.txt 2009-05-17 19:48

Pre-Run: 113,920,851,968 bytes free
Post-Run: 113,887,223,808 bytes free

- - End Of File - - 14F2C60E6E069A4C24600DACCDC56E9B

#10 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 16 January 2010 - 09:02 PM

Hi,

How to disable McAfee:

  • Please open McAfee Security Centre
  • Under Common Tasks click on Home
  • Click Computer Files
  • Click Configure
  • Make sure the following are disabled by ticking the "Off" button.

    Virus protection
    Spyware protection
    System Guards Protection
    Script Scanning Protection (you may have to scroll down to see it)

  • Next, select never for "When to re-enable real time scanning"
  • and click OK.
===================================================

Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

File::
c:\windows\system32\drivers\OLD4798.tmp
c:\windows\system32\drivers\OLD4775.tmp
c:\windows\system32\drivers\OLD46E3.tmp
c:\windows\system32\drivers\OLD4642.tmp
c:\windows\system32\drivers\OLD45C4.tmp
c:\windows\system32\drivers\OLD44F6.tmp
c:\windows\system32\drivers\OLD449E.tmp
c:\windows\system32\drivers\OLD449B.tmp
c:\windows\system32\drivers\OLD4498.tmp
c:\windows\system32\drivers\OLD4491.tmp
c:\windows\system32\drivers\OLD4453.tmp
c:\windows\system32\drivers\OLD442E.tmp
c:\windows\system32\drivers\OLD43BC.tmp
c:\windows\system32\drivers\OLD43AD.tmp
c:\windows\system32\drivers\OLD43AA.tmp
c:\windows\system32\drivers\OLD43A7.tmp
c:\windows\system32\drivers\OLD437C.tmp
c:\windows\system32\drivers\OLD4379.tmp
c:\windows\system32\drivers\OLD4376.tmp
c:\windows\system32\drivers\OLD436E.tmp
c:\windows\system32\drivers\OLD4357.tmp
c:\windows\system32\drivers\OLD4321.tmp
c:\windows\system32\drivers\OLD431C.tmp
c:\windows\system32\drivers\OLD430B.tmp
c:\windows\system32\drivers\OLD42CE.tmp
c:\windows\system32\drivers\OLD42CB.tmp
c:\windows\system32\drivers\OLD42C0.tmp
c:\windows\system32\drivers\OLD42BD.tmp
c:\windows\system32\drivers\OLD427F.tmp
c:\windows\system32\drivers\OLD425E.tmp
c:\windows\system32\drivers\OLD417D.tmp
c:\windows\system32\drivers\OLD415C.tmp
c:\windows\system32\drivers\OLD407D.tmp
c:\windows\system32\drivers\OLD3FE6.tmp
c:\windows\system32\drivers\OLD3F19.tmp
c:\windows\system32\drivers\OLD3EE4.tmp
c:\windows\system32\drivers\OLD3EE1.tmp
c:\windows\system32\drivers\OLD3DB0.tmp
c:\windows\system32\drivers\OLD3D2B.tmp
c:\windows\system32\drivers\OLD3CD5.tmp
c:\windows\system32\drivers\OLD3CD1.tmp
c:\windows\system32\drivers\OLD3C32.tmp
c:\windows\system32\drivers\OLD3C01.tmp
c:\windows\system32\drivers\OLD3BFE.tmp

In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Posted Image

===================================================

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.

===================================================

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    *atapi*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

===================================================

On your next reply please post :
ComboFix log
GMER log
SystemLook log
How is your computer behaving?


Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

    Advertisements

Register to Remove


#11 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 16 January 2010 - 09:03 PM

Hi,

How to disable McAfee:

  • Please open McAfee Security Centre
  • Under Common Tasks click on Home
  • Click Computer Files
  • Click Configure
  • Make sure the following are disabled by ticking the "Off" button.

    Virus protection
    Spyware protection
    System Guards Protection
    Script Scanning Protection (you may have to scroll down to see it)

  • Next, select never for "When to re-enable real time scanning"
  • and click OK.
===================================================

Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

File::
c:\windows\system32\drivers\OLD4798.tmp
c:\windows\system32\drivers\OLD4775.tmp
c:\windows\system32\drivers\OLD46E3.tmp
c:\windows\system32\drivers\OLD4642.tmp
c:\windows\system32\drivers\OLD45C4.tmp
c:\windows\system32\drivers\OLD44F6.tmp
c:\windows\system32\drivers\OLD449E.tmp
c:\windows\system32\drivers\OLD449B.tmp
c:\windows\system32\drivers\OLD4498.tmp
c:\windows\system32\drivers\OLD4491.tmp
c:\windows\system32\drivers\OLD4453.tmp
c:\windows\system32\drivers\OLD442E.tmp
c:\windows\system32\drivers\OLD43BC.tmp
c:\windows\system32\drivers\OLD43AD.tmp
c:\windows\system32\drivers\OLD43AA.tmp
c:\windows\system32\drivers\OLD43A7.tmp
c:\windows\system32\drivers\OLD437C.tmp
c:\windows\system32\drivers\OLD4379.tmp
c:\windows\system32\drivers\OLD4376.tmp
c:\windows\system32\drivers\OLD436E.tmp
c:\windows\system32\drivers\OLD4357.tmp
c:\windows\system32\drivers\OLD4321.tmp
c:\windows\system32\drivers\OLD431C.tmp
c:\windows\system32\drivers\OLD430B.tmp
c:\windows\system32\drivers\OLD42CE.tmp
c:\windows\system32\drivers\OLD42CB.tmp
c:\windows\system32\drivers\OLD42C0.tmp
c:\windows\system32\drivers\OLD42BD.tmp
c:\windows\system32\drivers\OLD427F.tmp
c:\windows\system32\drivers\OLD425E.tmp
c:\windows\system32\drivers\OLD417D.tmp
c:\windows\system32\drivers\OLD415C.tmp
c:\windows\system32\drivers\OLD407D.tmp
c:\windows\system32\drivers\OLD3FE6.tmp
c:\windows\system32\drivers\OLD3F19.tmp
c:\windows\system32\drivers\OLD3EE4.tmp
c:\windows\system32\drivers\OLD3EE1.tmp
c:\windows\system32\drivers\OLD3DB0.tmp
c:\windows\system32\drivers\OLD3D2B.tmp
c:\windows\system32\drivers\OLD3CD5.tmp
c:\windows\system32\drivers\OLD3CD1.tmp
c:\windows\system32\drivers\OLD3C32.tmp
c:\windows\system32\drivers\OLD3C01.tmp
c:\windows\system32\drivers\OLD3BFE.tmp

In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Posted Image

===================================================

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.

===================================================

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    *atapi*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

===================================================

On your next reply please post :
ComboFix log
GMER log
SystemLook log
How is your computer behaving?


Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#12 Gordon22

Gordon22

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 16 January 2010 - 10:44 PM

Combofix:


ComboFix 10-01-16.02 - G-Man 01/16/2010 20:17:07.9.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1284 [GMT -8:00]
Running from: c:\documents and settings\G-Man\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\G-Man\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\system32\drivers\OLD3BFE.tmp"
"c:\windows\system32\drivers\OLD3C01.tmp"
"c:\windows\system32\drivers\OLD3C32.tmp"
"c:\windows\system32\drivers\OLD3CD1.tmp"
"c:\windows\system32\drivers\OLD3CD5.tmp"
"c:\windows\system32\drivers\OLD3D2B.tmp"
"c:\windows\system32\drivers\OLD3DB0.tmp"
"c:\windows\system32\drivers\OLD3EE1.tmp"
"c:\windows\system32\drivers\OLD3EE4.tmp"
"c:\windows\system32\drivers\OLD3F19.tmp"
"c:\windows\system32\drivers\OLD3FE6.tmp"
"c:\windows\system32\drivers\OLD407D.tmp"
"c:\windows\system32\drivers\OLD415C.tmp"
"c:\windows\system32\drivers\OLD417D.tmp"
"c:\windows\system32\drivers\OLD425E.tmp"
"c:\windows\system32\drivers\OLD427F.tmp"
"c:\windows\system32\drivers\OLD42BD.tmp"
"c:\windows\system32\drivers\OLD42C0.tmp"
"c:\windows\system32\drivers\OLD42CB.tmp"
"c:\windows\system32\drivers\OLD42CE.tmp"
"c:\windows\system32\drivers\OLD430B.tmp"
"c:\windows\system32\drivers\OLD431C.tmp"
"c:\windows\system32\drivers\OLD4321.tmp"
"c:\windows\system32\drivers\OLD4357.tmp"
"c:\windows\system32\drivers\OLD436E.tmp"
"c:\windows\system32\drivers\OLD4376.tmp"
"c:\windows\system32\drivers\OLD4379.tmp"
"c:\windows\system32\drivers\OLD437C.tmp"
"c:\windows\system32\drivers\OLD43A7.tmp"
"c:\windows\system32\drivers\OLD43AA.tmp"
"c:\windows\system32\drivers\OLD43AD.tmp"
"c:\windows\system32\drivers\OLD43BC.tmp"
"c:\windows\system32\drivers\OLD442E.tmp"
"c:\windows\system32\drivers\OLD4453.tmp"
"c:\windows\system32\drivers\OLD4491.tmp"
"c:\windows\system32\drivers\OLD4498.tmp"
"c:\windows\system32\drivers\OLD449B.tmp"
"c:\windows\system32\drivers\OLD449E.tmp"
"c:\windows\system32\drivers\OLD44F6.tmp"
"c:\windows\system32\drivers\OLD45C4.tmp"
"c:\windows\system32\drivers\OLD4642.tmp"
"c:\windows\system32\drivers\OLD46E3.tmp"
"c:\windows\system32\drivers\OLD4775.tmp"
"c:\windows\system32\drivers\OLD4798.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\s
c:\windows\system32\11478.exe
c:\windows\system32\15724.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\29358.exe
c:\windows\system32\41.exe
c:\windows\system32\6334.exe
c:\windows\system32\drivers\OLD3BFE.tmp
c:\windows\system32\drivers\OLD3C01.tmp
c:\windows\system32\drivers\OLD3C32.tmp
c:\windows\system32\drivers\OLD3CD1.tmp
c:\windows\system32\drivers\OLD3CD5.tmp
c:\windows\system32\drivers\OLD3D2B.tmp
c:\windows\system32\drivers\OLD3DB0.tmp
c:\windows\system32\drivers\OLD3EE1.tmp
c:\windows\system32\drivers\OLD3EE4.tmp
c:\windows\system32\drivers\OLD3F19.tmp
c:\windows\system32\drivers\OLD3FE6.tmp
c:\windows\system32\drivers\OLD407D.tmp
c:\windows\system32\drivers\OLD415C.tmp
c:\windows\system32\drivers\OLD417D.tmp
c:\windows\system32\drivers\OLD425E.tmp
c:\windows\system32\drivers\OLD427F.tmp
c:\windows\system32\drivers\OLD42BD.tmp
c:\windows\system32\drivers\OLD42C0.tmp
c:\windows\system32\drivers\OLD42CB.tmp
c:\windows\system32\drivers\OLD42CE.tmp
c:\windows\system32\drivers\OLD430B.tmp
c:\windows\system32\drivers\OLD431C.tmp
c:\windows\system32\drivers\OLD4321.tmp
c:\windows\system32\drivers\OLD4357.tmp
c:\windows\system32\drivers\OLD436E.tmp
c:\windows\system32\drivers\OLD4376.tmp
c:\windows\system32\drivers\OLD4379.tmp
c:\windows\system32\drivers\OLD437C.tmp
c:\windows\system32\drivers\OLD43A7.tmp
c:\windows\system32\drivers\OLD43AA.tmp
c:\windows\system32\drivers\OLD43AD.tmp
c:\windows\system32\drivers\OLD43BC.tmp
c:\windows\system32\drivers\OLD442E.tmp
c:\windows\system32\drivers\OLD4453.tmp
c:\windows\system32\drivers\OLD4491.tmp
c:\windows\system32\drivers\OLD4498.tmp
c:\windows\system32\drivers\OLD449B.tmp
c:\windows\system32\drivers\OLD449E.tmp
c:\windows\system32\drivers\OLD44F6.tmp
c:\windows\system32\drivers\OLD45C4.tmp
c:\windows\system32\drivers\OLD4642.tmp
c:\windows\system32\drivers\OLD46E3.tmp
c:\windows\system32\drivers\OLD4775.tmp
c:\windows\system32\drivers\OLD4798.tmp
c:\windows\system32\helper32.dll
c:\windows\system32\IS15.exe
c:\windows\system32\smss32.exe
c:\windows\system32\warning.html
c:\windows\system32\winlogon32.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-17 to 2010-01-17 )))))))))))))))))))))))))))))))
.

2010-01-17 02:52 . 2010-01-17 02:52 -------- dc----w- c:\documents and settings\G-Man\Local Settings\Application Data\Cooliris
2010-01-17 01:27 . 2010-01-17 01:30 -------- dc-h--w- c:\windows\ie8
2010-01-17 01:22 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-17 01:22 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-17 00:20 . 2010-01-17 00:20 -------- dc----w- c:\documents and settings\G-Man\Local Settings\Application Data\PCHealth
2010-01-16 20:38 . 2010-01-16 20:38 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-01-11 23:49 . 2010-01-11 23:49 -------- dc----w- c:\documents and settings\G-Man\Application Data\WinPatrol
2010-01-11 23:48 . 2010-01-11 23:48 -------- dc----w- c:\program files\BillP Studios
2010-01-10 22:34 . 2010-01-14 19:12 181120 -c----w- c:\windows\system32\MpSigStub.exe
2010-01-10 22:32 . 2010-01-10 22:32 -------- dc----w- c:\program files\Microsoft Security Essentials
2010-01-08 21:46 . 2010-01-08 21:46 -------- dc----w- c:\documents and settings\HelpAssistant\WINDOWS
2010-01-08 21:46 . 2010-01-08 21:46 -------- dc----w- c:\documents and settings\HelpAssistant\UserData
2010-01-08 21:46 . 2010-01-08 21:46 -------- dc----w- c:\documents and settings\HelpAssistant\Tracing
2010-01-08 20:50 . 2010-01-08 20:50 -------- dc----w- c:\documents and settings\HelpAssistant\Shared
2010-01-08 20:50 . 2010-01-08 20:50 -------- dc----w- c:\documents and settings\HelpAssistant\PrivacIE
2010-01-08 20:50 . 2010-01-08 20:50 -------- dc----w- c:\documents and settings\HelpAssistant\New Folder
2010-01-08 20:50 . 2010-01-08 20:50 -------- dc----w- c:\documents and settings\HelpAssistant\Incomplete
2010-01-08 20:50 . 2010-01-08 20:50 -------- dc----w- c:\documents and settings\HelpAssistant\IETldCache
2010-01-08 20:50 . 2010-01-08 20:50 -------- dc----w- c:\documents and settings\HelpAssistant\IECompatCache
2010-01-08 20:49 . 2010-01-08 20:49 -------- dc----w- c:\documents and settings\HelpAssistant\DoctorWeb
2010-01-08 20:49 . 2010-01-08 20:49 -------- dc----w- c:\documents and settings\HelpAssistant\Contacts
2010-01-08 20:49 . 2010-01-08 20:49 -------- dc----w- c:\documents and settings\HelpAssistant\Complete
2010-01-02 05:24 . 2004-08-04 10:00 98304 -c--a-w- c:\windows\system32\msir3jp.dll
2010-01-02 05:24 . 2004-08-04 10:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2010-01-02 05:24 . 2004-08-04 10:00 838144 -c--a-w- c:\windows\system32\dllcache\chtbrkr.dll
2010-01-02 05:24 . 2004-08-04 10:00 838144 -c--a-w- c:\windows\system32\chtbrkr.dll
2010-01-02 05:24 . 2004-08-04 10:00 70656 -c--a-w- c:\windows\system32\korwbrkr.dll
2010-01-02 05:24 . 2004-08-04 10:00 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll
2010-01-02 05:24 . 2004-08-04 10:00 1677824 -c--a-w- c:\windows\system32\dllcache\chsbrkr.dll
2010-01-02 05:24 . 2004-08-04 10:00 1677824 -c--a-w- c:\windows\system32\chsbrkr.dll
2009-12-31 09:12 . 2010-01-08 20:50 96512 -c----w- c:\windows\system32\drivers\atapi.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-17 04:01 . 2009-12-12 05:34 -------- dc----w- c:\program files\FlashGet
2010-01-17 03:58 . 2008-05-11 16:35 -------- dc----w- c:\documents and settings\G-Man\Application Data\ComcastToolbar
2010-01-13 05:21 . 2007-04-10 18:39 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-11 16:50 . 2008-05-22 22:21 -------- dc----w- c:\program files\LimeWire
2010-01-11 03:06 . 2009-02-15 23:40 -------- dc----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-01-08 22:20 . 2005-11-18 19:28 78008 -c--a-w- c:\documents and settings\G-Man\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-06 20:08 . 2010-01-17 02:52 4726272 -c--a-w- c:\documents and settings\G-Man\Application Data\Mozilla\Firefox\Profiles\qsc4bbo6.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
2010-01-06 20:08 . 2010-01-17 02:52 103424 -c--a-w- c:\documents and settings\G-Man\Application Data\Mozilla\Firefox\Profiles\qsc4bbo6.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-01-06 20:08 . 2010-01-17 02:52 4725760 -c--a-w- c:\documents and settings\G-Man\Application Data\Mozilla\Firefox\Profiles\qsc4bbo6.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-01-06 20:08 . 2010-01-17 02:51 545280 -c--a-w- c:\documents and settings\G-Man\Application Data\Mozilla\Firefox\Profiles\qsc4bbo6.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-01-06 20:08 . 2010-01-17 02:51 57856 -c--a-w- c:\documents and settings\G-Man\Application Data\Mozilla\Firefox\Profiles\qsc4bbo6.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-01-06 20:08 . 2010-01-17 02:51 153600 -c--a-w- c:\documents and settings\G-Man\Application Data\Mozilla\Firefox\Profiles\qsc4bbo6.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-01-06 20:08 . 2010-01-17 02:51 344064 -c--a-w- c:\documents and settings\G-Man\Application Data\Mozilla\Firefox\Profiles\qsc4bbo6.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-12-29 23:40 . 2009-02-10 03:54 -------- dc----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-12-28 19:39 . 2008-05-22 22:18 -------- dc----w- c:\documents and settings\G-Man\Application Data\LimeWire
2009-12-28 19:37 . 2007-01-25 06:51 -------- dc----w- c:\program files\Incomplete
2009-12-18 20:13 . 2007-07-14 20:00 -------- dc----w- c:\program files\Diablo IIII
2009-12-06 20:58 . 2009-12-06 20:58 -------- dc----w- c:\program files\Funcom
2009-12-06 20:57 . 2005-07-29 04:15 -------- dc-h--w- c:\program files\InstallShield Installation Information
2009-11-22 03:40 . 2009-07-22 20:34 -------- dc----w- c:\program files\McAfee
2009-11-21 15:51 . 2004-08-10 17:50 471552 -c--a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:45 . 2004-08-10 17:51 916480 -c--a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-10 17:51 75776 -c--a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-10 17:51 25088 -c--a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 04:00 265728 -c--a-w- c:\windows\system32\drivers\http.sys
2009-04-15 20:24 . 2009-04-15 20:24 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-10-19 05:44 . 2005-11-12 23:21 56 -csh--r- c:\windows\system32\4DA19DB265.sys
2007-10-19 05:44 . 2005-11-12 23:21 3036 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-01-14 339968]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-14 29744]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-13 198160]
"CTHelper"="CTHELPER.EXE" [2008-05-05 19456]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-07-09 5134864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\G-Man\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-7-28 24576]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Diablo IIII\\Diablo II.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"2704:TCP"= 2704:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop

R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [5/5/2008 12:22 PM 92672]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [5/5/2008 12:23 PM 548352]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [5/6/2008 1:55 AM 560576]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [5/5/2008 12:22 PM 92672]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [5/5/2008 12:23 PM 548352]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [5/5/2008 12:21 PM 94208]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [5/5/2008 12:21 PM 94208]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [5/6/2008 1:55 AM 560576]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [11/4/2005 8:30 PM 17149]
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/17/2006 10:30 PM 29744]
.
Contents of the 'Scheduled Tasks' folder

2010-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-11-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-22 19:22]

2009-07-22 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-22 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?1e8ce2536a3445edbd876958dda83ee4
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?1e8ce2536a3445edbd876958dda83ee4
Trusted Zone: amazon.com\www
Trusted Zone: ebay.com\www
Trusted Zone: myspace.com\www
Trusted Zone: youtube.com\www
FF - ProfilePath - c:\documents and settings\G-Man\Application Data\Mozilla\Firefox\Profiles\qsc4bbo6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://webauth.comcast.net/auth/login?url=http%253A%252F%252Fwww.comcast.net%252Fqry%252Fgoto%253Fapp%253Dmail%2526CM.src%253Dtop
FF - prefs.js: keyword.URL - hxxp://www.ffsearch.net/search/?q=
FF - component: c:\documents and settings\G-Man\Application Data\Mozilla\Firefox\Profiles\qsc4bbo6.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\G-Man\Application Data\Mozilla\Firefox\Profiles\qsc4bbo6.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-16 20:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3641756411-3923313767-1215939971-1006\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:65,5d,93,04,52,b2,68,9a,1e,71,b5,1a,06,02,e1,40,79,45,4c,99,ec,
df,7e,e4,21,1a,10,de,fb,3f,68,26,dd,cc,65,67,ff,85,3a,76,3b,fb,0a,1b,89,ca,\
"rkeysecu"=hex:1e,54,98,08,30,bf,ac,09,b4,df,88,06,50,90,24,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3724)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\StkASv2K.exe
c:\windows\system32\fxssvc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-01-16 20:39:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-17 04:39
ComboFix2.txt 2010-01-15 20:49
ComboFix3.txt 2009-05-17 19:48

Pre-Run: 113,197,326,336 bytes free
Post-Run: 113,249,492,992 bytes free

- - End Of File - - B82638BAC2967B9C819ECBB2A7A30499

#13 Gordon22

Gordon22

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 17 January 2010 - 04:54 AM

SystemLook v1.0 by jpshortstuff (11.01.10) Log created at 02:53 on 17/01/2010 by G-Man (Administrator - Elevation successful) No Context: *atapi* -=End Of File=- SystemLook v1.0 by jpshortstuff (11.01.10) Log created at 02:53 on 17/01/2010 by G-Man (Administrator - Elevation successful) No Context: atapi -=End Of File=- My computer is running much better now. It is not freezing up all the time and is running much faster as well.

#14 Gordon22

Gordon22

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 17 January 2010 - 04:55 PM

I am not able to run Gmer rootit, it either freezes after it finishes, restarts my computer, or shows a blue screen saying i have some kind of error. I am not sure what to do with it, and with the systemlook, it did nothing.

#15 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 18 January 2010 - 02:01 AM

Hi,

I see that you have two AVs running in your system. How long have you been subscribing to McAfee? It is recommended that you leave only one AV installed on your computer as two AVs will likely to cause more problem than actually offering double protection. You may want to consider removing Microsoft Security Essentials if your subscription has long way to go before expiry.

As for the GMER, please make sure that you have disabled both antivirus and TeaTimer. Then, try to run GMER again and see what happens.

Disabling TeaTimer

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Run Spybot-S&D in Advanced Mode.
  • If it is not already set to do this Go to the Mode menu select "Advanced Mode"
  • On the left hand side, Click on Tools
  • Then click on the Resident Icon in the List
  • Uncheck "Resident TeaTimer" and click OK any prompts.
  • Restart your computer.
===================================================

Please run SystemLook again as there was a slight mistake in the script.
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *atapi*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

===================================================

You have ( Limewire and Vuze ), a P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

References for the risk of these programs can be found in these links:
http://www.microsoft...protection.mspx
http://www.internetw...cles/art053.htm


I would recommend that you uninstall it, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


===================================================

On your next reply please post :
GMER log
SystemLook log


Good Day!

Edited by Conspire, 18 January 2010 - 02:01 AM.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users