Jump to content

Steveg4owt

Members
  • Posts

    15
  • Joined

  • Last visited

Reputation

0 Neutral

About Steveg4owt

  • Birthday 04/14/1960

Profile Information

  • Location
    Lewes
  1. Hi Blade a very big thank you to you all is now working as it should. All the Windows updates have been completed and the hosts file has been changed as per you recommendations. I have just finished running the Kaspersky on line scan and ther are no problems. Thanks again and have a good day. Steve kaspersky_report2.html
  2. Well I say its OK I assume the ones in system restore are OK as they have all been caught? Steve
  3. I have just done a full scan with malaware and its ok so i reinstalled McAfee and did an online scan with kaspersky and this is the result. kaspersky_report.html
  4. I have just run combo fix again and here is the result. After runing it it wanted to upload the results to the server so I allowed it to do so. I tried connecting to windows update and it did! so it all looks like its ok. Shall I run the Kaspersky online scan to make sure and shall I install McAfee etc. Very many thanks for your help. ComboFix 10-06-10.06 - Neil 12/06/2010 18:07:43.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.682 [GMT 1:00] Running from: c:\documents and settings\Neil\Desktop\combofix.exe.exe Command switches used :: c:\documents and settings\Neil\Desktop\CFScript.txt * Created a new restore point file zipped: c:\documents and settings\All Users\Application Data\Gxogga1H.dat . ((((((((((((((((((((((((( Files Created from 2010-05-12 to 2010-06-12 ))))))))))))))))))))))))))))))) . 2010-06-12 15:27 . 2010-06-12 15:28 -------- d-----w- C:\TDSSKiller 2010-06-12 07:34 . 2010-06-12 07:58 -------- d-----w- C:\combofix.exe 2010-06-12 07:33 . 2010-06-12 10:50 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-06-08 17:27 . 2010-06-08 17:27 -------- d-----w- c:\documents and settings\Neil\Application Data\ElevatedDiagnostics 2010-06-08 17:20 . 2010-06-08 17:20 -------- d-----w- c:\windows\system32\LogFiles 2010-06-07 22:17 . 2010-06-07 22:17 63488 ----a-w- c:\documents and settings\Neil\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-06-07 22:17 . 2010-06-07 22:17 52224 ----a-w- c:\documents and settings\Neil\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-06-07 22:17 . 2010-06-07 22:17 117760 ----a-w- c:\documents and settings\Neil\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-06-07 22:16 . 2010-06-07 22:16 -------- d-----w- c:\documents and settings\Neil\Application Data\SUPERAntiSpyware.com 2010-06-07 22:16 . 2010-06-07 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-06-07 22:16 . 2010-06-07 22:16 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-06-07 17:56 . 2010-06-07 17:56 -------- d-----w- c:\documents and settings\Neil\Local Settings\Application Data\Supremus Corporation 2010-06-07 17:56 . 2010-06-07 17:56 -------- d-----w- c:\program files\Windows Updates Downloader 2010-06-07 06:29 . 2010-06-07 06:29 -------- d-----w- C:\spybot 2010-06-06 18:48 . 2010-06-06 18:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-06-06 17:42 . 2010-06-07 06:30 -------- dc-h--w- c:\windows\ie8 2010-06-06 17:26 . 2010-06-06 17:26 -------- d-----w- c:\program files\Common Files\Java 2010-06-06 17:26 . 2010-04-12 16:29 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-06 17:23 . 2010-06-06 17:23 503808 ----a-w- c:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6f24bc57-n\msvcp71.dll 2010-06-06 17:23 . 2010-06-06 17:23 499712 ----a-w- c:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6f24bc57-n\jmc.dll 2010-06-06 17:23 . 2010-06-06 17:23 348160 ----a-w- c:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6f24bc57-n\msvcr71.dll 2010-06-06 17:05 . 2010-06-07 06:29 -------- d-----w- c:\program files\BBC iPlayer Desktop 2010-06-06 16:24 . 2010-06-07 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-06-06 16:24 . 2010-06-07 06:29 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-06-06 14:37 . 2010-06-06 14:37 -------- d-----w- c:\program files\Trend Micro 2010-06-06 12:47 . 2010-06-06 12:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2010-06-06 12:45 . 2010-06-06 12:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor 2010-06-06 12:28 . 2010-06-12 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2010-05-30 20:47 . 2010-05-30 20:47 -------- d-----w- c:\documents and settings\Neil\Application Data\Sky-Banners 2010-05-30 20:46 . 2010-05-30 20:46 0 ----a-w- c:\documents and settings\Neil\Application Data\Trusteer\Rapport\RapportBukaExt.dll 2010-05-30 20:46 . 2010-05-30 20:46 339968 ----a-w- c:\windows\system32\RapportBuka.dll 2010-05-30 20:46 . 2010-05-30 20:46 -------- d-----w- c:\documents and settings\Neil\Application Data\Street-Ads 2010-05-30 20:45 . 2010-06-06 11:56 -------- d-----w- c:\documents and settings\Neil\Local Settings\Application Data\swthcrcap 2010-05-30 20:44 . 2010-05-30 20:44 -------- d-----w- c:\program files\$NtUninstallWTF1012$ 2010-05-30 20:44 . 2010-05-30 20:44 -------- d-----w- C:\spoolerlogs . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-12 15:29 . 2003-03-31 12:00 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2010-06-10 17:35 . 2009-10-20 13:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-09 04:55 . 2010-06-06 20:20 112 ----a-w- c:\documents and settings\All Users\Application Data\Gxogga1H.dat 2010-06-07 22:06 . 2009-03-25 09:01 18992 ----a-w- c:\documents and settings\Neil\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-06 17:26 . 2009-03-25 16:45 -------- d-----w- c:\program files\Java 2010-06-06 11:46 . 2010-03-08 15:24 -------- d-----w- c:\documents and settings\Neil\Application Data\Ezzi 2010-05-31 18:50 . 2010-04-10 00:33 -------- d-----w- c:\documents and settings\Neil\Application Data\Absei 2010-05-27 20:27 . 2009-03-25 18:45 -------- d-----w- c:\program files\Common Files\Adobe 2010-04-29 14:39 . 2009-10-20 13:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 14:39 . 2009-10-20 13:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys . ((((((((((((((((((((((((((((( SnapShot@2010-06-10_17.35.19 ))))))))))))))))))))))))))))))))))))))))) . + 2009-03-25 08:15 . 2010-06-11 18:49 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2009-03-25 08:15 . 2010-06-09 04:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-03-25 08:15 . 2010-06-11 18:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2009-03-25 08:15 . 2010-06-09 04:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2010-06-11 20:11 . 2010-06-11 20:11 231888 c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe + 2010-06-11 20:11 . 2010-06-11 20:11 311760 c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-01 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15961088] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "nwiz"="nwiz.exe" [2008-09-17 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\WINDOWS\\system32\\spoolsv.exe"= R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [27/02/2010 11:00 390528] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [20/10/2009 14:56 304464] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [03/05/2005 12:25 710144] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20/10/2009 14:56 20952] R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [25/03/2009 17:54 7040] S0 qtsgs;qtsgs; [x] S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [15/03/2010 14:47 0] S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [15/03/2010 14:47 0] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/02/2010 12:58 135664] S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [15/03/2010 14:47 0] . Contents of the 'Scheduled Tasks' folder 2010-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 11:58] 2010-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 11:58] 2010-06-12 c:\windows\Tasks\User_Feed_Synchronization-{8959302F-D951-401A-AA54-755F876C0499}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = <local> IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\windowsupdate . - - - - ORPHANS REMOVED - - - - SafeBoot-klmdb.sys SafeBoot-mcmscsvc SafeBoot-MCODS ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-12 18:11 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(656) c:\program files\SUPERAntiSpyware\SASWINLO.DLL - - - - - - - > 'explorer.exe'(13840) c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll . Completion time: 2010-06-12 18:13:12 ComboFix-quarantined-files.txt 2010-06-12 17:13 ComboFix2.txt 2010-06-12 11:15 ComboFix3.txt 2010-06-12 07:58 ComboFix4.txt 2010-06-10 17:44 Pre-Run: 62,963,073,024 bytes free Post-Run: 62,926,622,720 bytes free - - End Of File - - A824B2D92E49A94302CE71787CF1AF26 Upload was successful
  5. I have removed McAfee as requested and uploaded the file you asked me to. Here is the TDSSKiller log you asked for. Thanks for your help Steve 16:28:35:140 3532 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48 16:28:35:140 3532 ================================================================================ 16:28:35:156 3532 SystemInfo: 16:28:35:156 3532 OS Version: 5.1.2600 ServicePack: 3.0 16:28:35:156 3532 Product type: Workstation 16:28:35:156 3532 ComputerName: PACKARD-BELL 16:28:35:156 3532 UserName: Neil 16:28:35:156 3532 Windows directory: C:\WINDOWS 16:28:35:156 3532 Processor architecture: Intel x86 16:28:35:156 3532 Number of processors: 2 16:28:35:156 3532 Page size: 0x1000 16:28:35:156 3532 Boot type: Normal boot 16:28:35:156 3532 ================================================================================ 16:28:35:406 3532 Initialize success 16:28:35:406 3532 16:28:35:406 3532 Scanning Services ... 16:28:35:750 3532 Raw services enum returned 337 services 16:28:35:750 3532 16:28:35:750 3532 Scanning Drivers ... 16:28:36:125 3532 3xHybrid (8c859744bb069a86e9159dd7b5b92629) C:\WINDOWS\system32\DRIVERS\3xHybrid.sys 16:28:36:250 3532 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 16:28:36:312 3532 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 16:28:36:406 3532 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 16:28:36:484 3532 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 16:28:36:531 3532 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 16:28:36:578 3532 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16:28:36:640 3532 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 16:28:36:671 3532 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 16:28:36:703 3532 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 16:28:36:765 3532 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 16:28:36:796 3532 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 16:28:36:828 3532 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 16:28:36:859 3532 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 16:28:36:890 3532 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 16:28:36:953 3532 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 16:28:37:031 3532 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 16:28:37:109 3532 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 16:28:37:218 3532 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 16:28:37:234 3532 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 16:28:37:265 3532 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 16:28:37:296 3532 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 16:28:37:312 3532 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 16:28:37:343 3532 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 16:28:37:359 3532 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 16:28:37:375 3532 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 16:28:37:437 3532 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 16:28:37:468 3532 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 16:28:37:515 3532 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 16:28:37:562 3532 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 16:28:37:609 3532 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 16:28:37:625 3532 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 16:28:37:671 3532 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 16:28:37:687 3532 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16:28:37:703 3532 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 16:28:37:734 3532 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 16:28:37:812 3532 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 16:28:37:828 3532 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 16:28:37:984 3532 IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) C:\WINDOWS\system32\drivers\RtkHDAud.sys 16:28:38:046 3532 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 16:28:38:062 3532 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 16:28:38:109 3532 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 16:28:38:109 3532 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 16:28:38:140 3532 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 16:28:38:156 3532 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 16:28:38:187 3532 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 16:28:38:234 3532 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 16:28:38:265 3532 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 16:28:38:281 3532 kbdhid (45f1b087d18265b316846816c1f47095) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16:28:38:281 3532 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\kbdhid.sys. Real md5: 45f1b087d18265b316846816c1f47095, Fake md5: 9ef487a186dea361aa06913a75b3fa99 16:28:38:281 3532 File "C:\WINDOWS\system32\DRIVERS\kbdhid.sys" infected by TDSS rootkit ... 16:28:40:031 3532 Backup copy found, using it.. 16:28:40:031 3532 will be cured on next reboot 16:28:40:125 3532 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys 16:28:40:171 3532 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 16:28:40:203 3532 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 16:28:40:234 3532 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys 16:28:40:265 3532 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 16:28:40:296 3532 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 16:28:40:375 3532 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 16:28:40:421 3532 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 16:28:40:453 3532 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 16:28:40:468 3532 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys 16:28:40:500 3532 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 16:28:40:546 3532 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 16:28:40:578 3532 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 16:28:40:593 3532 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 16:28:40:609 3532 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 16:28:40:625 3532 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 16:28:40:671 3532 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16:28:40:703 3532 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 16:28:40:734 3532 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 16:28:40:750 3532 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 16:28:40:781 3532 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 16:28:40:796 3532 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 16:28:40:796 3532 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 16:28:40:812 3532 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16:28:40:828 3532 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 16:28:40:843 3532 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 16:28:40:859 3532 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 16:28:40:875 3532 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 16:28:40:906 3532 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 16:28:40:906 3532 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 16:28:40:937 3532 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 16:28:40:984 3532 NuidFltr (e8717d9b0d1919cadafd8896a8e23e17) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys 16:28:41:031 3532 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 16:28:41:234 3532 nv (70cb8915895ccb92ddf23ce890c4f5be) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 16:28:41:406 3532 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 16:28:41:421 3532 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 16:28:41:468 3532 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 16:28:41:515 3532 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 16:28:41:546 3532 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 16:28:41:562 3532 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 16:28:41:609 3532 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 16:28:41:640 3532 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 16:28:41:671 3532 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 16:28:41:750 3532 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 16:28:41:765 3532 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 16:28:41:765 3532 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 16:28:41:781 3532 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 16:28:41:859 3532 RapportBuka (e2aa111b00f5205ffd52a57f48b4f642) C:\WINDOWS\system32\drivers\RapportBuka.sys 16:28:41:953 3532 !dthrs6 16:28:41:953 3532 !dthrs6 16:28:41:968 3532 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 16:28:42:015 3532 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 16:28:42:031 3532 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 16:28:42:046 3532 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 16:28:42:062 3532 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 16:28:42:078 3532 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 16:28:42:093 3532 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 16:28:42:109 3532 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 16:28:42:156 3532 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 16:28:42:203 3532 RT61 (b1a055f3b4cf2a60ada63009f157126c) C:\WINDOWS\system32\DRIVERS\RT61.sys 16:28:42:234 3532 RTL8023xp (67c9511a760149797e806ffd9f14ad37) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 16:28:42:250 3532 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 16:28:42:328 3532 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 16:28:42:328 3532 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 16:28:42:359 3532 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 16:28:42:390 3532 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 16:28:42:406 3532 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 16:28:42:437 3532 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 16:28:42:468 3532 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 16:28:42:515 3532 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 16:28:42:578 3532 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys 16:28:42:640 3532 ss_bus (5a1d0ca8a5f1e7b4ec50b9d76c001f0e) C:\WINDOWS\system32\DRIVERS\ss_bus.sys 16:28:42:671 3532 ss_mdfl (f0a85580e36a3a85059037d39a9cf079) C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys 16:28:42:687 3532 ss_mdm (84c3dbfd1bfa4adc0a950b3d5506cb00) C:\WINDOWS\system32\DRIVERS\ss_mdm.sys 16:28:42:718 3532 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys 16:28:42:765 3532 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 16:28:42:781 3532 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 16:28:42:796 3532 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 16:28:42:859 3532 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 16:28:42:906 3532 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 16:28:42:953 3532 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 16:28:42:968 3532 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 16:28:43:000 3532 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 16:28:43:031 3532 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 16:28:43:093 3532 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 16:28:43:109 3532 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 16:28:43:125 3532 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 16:28:43:140 3532 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 16:28:43:140 3532 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 16:28:43:187 3532 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 16:28:43:218 3532 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 16:28:43:250 3532 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:28:43:296 3532 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 16:28:43:359 3532 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 16:28:43:375 3532 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 16:28:43:421 3532 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 16:28:43:500 3532 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 16:28:43:531 3532 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys 16:28:43:578 3532 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 16:28:43:609 3532 X10Hid (81e8da36ce70858898d5eb81e28a47d2) C:\WINDOWS\system32\Drivers\x10hid.sys 16:28:43:656 3532 XUIF (41cf36a3cc7786575247ed456918e112) C:\WINDOWS\system32\Drivers\x10ufx2.sys 16:28:43:656 3532 Reboot required for cure complete.. 16:28:44:046 3532 Cure on reboot scheduled successfully 16:28:44:046 3532 16:28:44:046 3532 Completed 16:28:44:046 3532 16:28:44:046 3532 Results: 16:28:44:046 3532 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 16:28:44:046 3532 File objects infected / cured / cured on reboot: 1 / 0 / 1 16:28:44:046 3532 16:28:44:046 3532 KLMD(ARK) unloaded successfully
  6. here you go this is another attempt Steve ComboFix 10-06-10.06 - Neil 12/06/2010 12:00:02.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.609 [GMT 1:00] Running from: c:\documents and settings\Neil\Desktop\combofix.exe.exe Command switches used :: c:\documents and settings\Neil\Desktop\CFScript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} file zipped: c:\documents and settings\All Users\Application Data\Gxogga1H.dat . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . Infected copy of c:\windows\system32\drivers\kbdhid.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((( Files Created from 2010-05-12 to 2010-06-12 ))))))))))))))))))))))))))))))) . 2010-06-12 07:34 . 2010-06-12 07:58 -------- d-----w- C:\combofix.exe 2010-06-12 07:33 . 2010-06-12 10:50 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-06-08 17:27 . 2010-06-08 17:27 -------- d-----w- c:\documents and settings\Neil\Application Data\ElevatedDiagnostics 2010-06-08 17:20 . 2010-06-08 17:20 -------- d-----w- c:\windows\system32\LogFiles 2010-06-07 22:17 . 2010-06-07 22:17 63488 ----a-w- c:\documents and settings\Neil\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-06-07 22:17 . 2010-06-07 22:17 52224 ----a-w- c:\documents and settings\Neil\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-06-07 22:17 . 2010-06-07 22:17 117760 ----a-w- c:\documents and settings\Neil\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-06-07 22:16 . 2010-06-07 22:16 -------- d-----w- c:\documents and settings\Neil\Application Data\SUPERAntiSpyware.com 2010-06-07 22:16 . 2010-06-07 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-06-07 22:16 . 2010-06-07 22:16 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-06-07 17:56 . 2010-06-07 17:56 -------- d-----w- c:\documents and settings\Neil\Local Settings\Application Data\Supremus Corporation 2010-06-07 17:56 . 2010-06-07 17:56 -------- d-----w- c:\program files\Windows Updates Downloader 2010-06-07 06:29 . 2010-06-07 06:29 -------- d-----w- C:\spybot 2010-06-06 18:48 . 2010-06-06 18:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-06-06 17:42 . 2010-06-07 06:30 -------- dc-h--w- c:\windows\ie8 2010-06-06 17:26 . 2010-06-06 17:26 -------- d-----w- c:\program files\Common Files\Java 2010-06-06 17:26 . 2010-04-12 16:29 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-06 17:23 . 2010-06-06 17:23 503808 ----a-w- c:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6f24bc57-n\msvcp71.dll 2010-06-06 17:23 . 2010-06-06 17:23 499712 ----a-w- c:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6f24bc57-n\jmc.dll 2010-06-06 17:23 . 2010-06-06 17:23 348160 ----a-w- c:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6f24bc57-n\msvcr71.dll 2010-06-06 17:05 . 2010-06-07 06:29 -------- d-----w- c:\program files\BBC iPlayer Desktop 2010-06-06 16:24 . 2010-06-07 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-06-06 16:24 . 2010-06-07 06:29 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-06-06 14:37 . 2010-06-06 14:37 -------- d-----w- c:\program files\Trend Micro 2010-06-06 12:47 . 2010-06-06 12:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2010-06-06 12:45 . 2010-06-06 12:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor 2010-06-06 12:42 . 2010-02-17 15:52 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2010-06-06 12:42 . 2010-02-17 15:52 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2010-06-06 12:42 . 2010-02-17 15:52 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2010-06-06 12:42 . 2009-07-16 11:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2010-06-06 12:41 . 2010-06-06 12:42 -------- d-----w- c:\program files\Common Files\McAfee 2010-06-06 12:41 . 2010-06-06 12:41 -------- d-----w- c:\program files\McAfee.com 2010-06-06 12:41 . 2010-06-11 18:48 -------- d-----w- c:\program files\McAfee 2010-06-06 12:39 . 2010-02-17 15:52 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2010-06-06 12:28 . 2010-06-06 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2010-05-30 20:47 . 2010-05-30 20:47 -------- d-----w- c:\documents and settings\Neil\Application Data\Sky-Banners 2010-05-30 20:46 . 2010-05-30 20:46 0 ----a-w- c:\documents and settings\Neil\Application Data\Trusteer\Rapport\RapportBukaExt.dll 2010-05-30 20:46 . 2010-05-30 20:46 339968 ----a-w- c:\windows\system32\RapportBuka.dll 2010-05-30 20:46 . 2010-05-30 20:46 -------- d-----w- c:\documents and settings\Neil\Application Data\Street-Ads 2010-05-30 20:45 . 2010-06-06 11:56 -------- d-----w- c:\documents and settings\Neil\Local Settings\Application Data\swthcrcap 2010-05-30 20:44 . 2010-05-30 20:44 -------- d-----w- c:\program files\$NtUninstallWTF1012$ 2010-05-30 20:44 . 2010-05-30 20:44 -------- d-----w- C:\spoolerlogs . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-10 17:35 . 2009-10-20 13:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-09 04:55 . 2010-06-06 20:20 112 ----a-w- c:\documents and settings\All Users\Application Data\Gxogga1H.dat 2010-06-07 22:06 . 2009-03-25 09:01 18992 ----a-w- c:\documents and settings\Neil\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-06 17:26 . 2009-03-25 16:45 -------- d-----w- c:\program files\Java 2010-06-06 11:46 . 2010-03-08 15:24 -------- d-----w- c:\documents and settings\Neil\Application Data\Ezzi 2010-05-31 18:50 . 2010-04-10 00:33 -------- d-----w- c:\documents and settings\Neil\Application Data\Absei 2010-05-27 20:27 . 2009-03-25 18:45 -------- d-----w- c:\program files\Common Files\Adobe 2010-04-29 14:39 . 2009-10-20 13:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 14:39 . 2009-10-20 13:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-14 11:50 . 2010-04-14 11:50 385536 ----a-w- c:\windows\system32\drivers\mfehidk.sys . <pre> c:\program files\McAfee.com\Agent\mcagent .exe </pre> ((((((((((((((((((((((((((((( SnapShot@2010-06-10_17.35.19 ))))))))))))))))))))))))))))))))))))))))) . + 2009-03-25 08:15 . 2010-06-11 18:49 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2009-03-25 08:15 . 2010-06-09 04:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-03-25 08:15 . 2010-06-11 18:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2009-03-25 08:15 . 2010-06-09 04:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2010-06-11 20:11 . 2010-06-11 20:11 231888 c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe + 2010-06-11 20:11 . 2010-06-11 20:11 311760 c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-01 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15961088] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "nwiz"="nwiz.exe" [2008-09-17 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\WINDOWS\\system32\\spoolsv.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [27/02/2010 11:00 390528] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [20/10/2009 14:56 304464] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [06/06/2010 13:44 203280] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [03/05/2005 12:25 710144] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20/10/2009 14:56 20952] R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [25/03/2009 17:54 7040] S0 qtsgs;qtsgs; [x] S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [15/03/2010 14:47 0] S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [15/03/2010 14:47 0] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/02/2010 12:58 135664] S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [15/03/2010 14:47 0] . Contents of the 'Scheduled Tasks' folder 2010-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 11:58] 2010-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 11:58] 2010-06-06 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2010-06-06 11:22] 2010-06-06 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2010-06-06 11:22] 2010-06-12 c:\windows\Tasks\User_Feed_Synchronization-{8959302F-D951-401A-AA54-755F876C0499}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = <local> IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\windowsupdate . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-12 12:10 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86C09EC5]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf76b4f28 \Driver\ACPI -> ACPI.sys @ 0xf7527cb8 \Driver\atapi -> atapi.sys @ 0xf74b9852 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf73c5bb0 PacketIndicateHandler -> NDIS.sys @ 0xf73b4a0d SendHandler -> NDIS.sys @ 0xf73c8b40 user & kernel MBR OK ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(680) c:\program files\SUPERAntiSpyware\SASWINLO.DLL - - - - - - - > 'explorer.exe'(1064) c:\program files\McAfee\SiteAdvisor\saHook.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\progra~1\McAfee\VIRUSS~1\mcshield.exe c:\program files\McAfee\MPF\MPFSrv.exe c:\windows\system32\nvsvc32.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\progra~1\mcafee.com\agent\mcagent.exe c:\windows\system32\wdfmgr.exe c:\progra~1\COMMON~1\X10\Common\x10nets.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\system32\RUNDLL32.EXE . ************************************************************************** . Completion time: 2010-06-12 12:15:53 - machine was rebooted ComboFix-quarantined-files.txt 2010-06-12 11:15 ComboFix2.txt 2010-06-12 07:58 ComboFix3.txt 2010-06-10 17:44 Pre-Run: 62,815,698,944 bytes free Post-Run: 62,775,197,696 bytes free - - End Of File - - 55A2F037C4EED8CCFDE29CF9B4624356
  7. Thanks much better that time it ran all the way to the end Steve ComboFix 10-06-10.06 - Neil 12/06/2010 8:43.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.612 [GMT 1:00] Running from: c:\documents and settings\Neil\Desktop\combofix.exe.exe Command switches used :: c:\documents and settings\Neil\Desktop\CFScript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . Infected copy of c:\windows\system32\drivers\kbdhid.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((( Files Created from 2010-05-12 to 2010-06-12 ))))))))))))))))))))))))))))))) . 2010-06-12 07:33 . 2010-06-12 07:33 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-06-08 17:27 . 2010-06-08 17:27 -------- d-----w- c:\documents and settings\Neil\Application Data\ElevatedDiagnostics 2010-06-08 17:20 . 2010-06-08 17:20 -------- d-----w- c:\windows\system32\LogFiles 2010-06-07 22:17 . 2010-06-07 22:17 63488 ----a-w- c:\documents and settings\Neil\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-06-07 22:17 . 2010-06-07 22:17 52224 ----a-w- c:\documents and settings\Neil\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-06-07 22:17 . 2010-06-07 22:17 117760 ----a-w- c:\documents and settings\Neil\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-06-07 22:16 . 2010-06-07 22:16 -------- d-----w- c:\documents and settings\Neil\Application Data\SUPERAntiSpyware.com 2010-06-07 22:16 . 2010-06-07 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-06-07 22:16 . 2010-06-07 22:16 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-06-07 17:56 . 2010-06-07 17:56 -------- d-----w- c:\documents and settings\Neil\Local Settings\Application Data\Supremus Corporation 2010-06-07 17:56 . 2010-06-07 17:56 -------- d-----w- c:\program files\Windows Updates Downloader 2010-06-07 06:29 . 2010-06-07 06:29 -------- d-----w- C:\spybot 2010-06-06 18:48 . 2010-06-06 18:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-06-06 17:42 . 2010-06-07 06:30 -------- dc-h--w- c:\windows\ie8 2010-06-06 17:26 . 2010-06-06 17:26 -------- d-----w- c:\program files\Common Files\Java 2010-06-06 17:26 . 2010-04-12 16:29 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-06 17:23 . 2010-06-06 17:23 503808 ----a-w- c:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6f24bc57-n\msvcp71.dll 2010-06-06 17:23 . 2010-06-06 17:23 499712 ----a-w- c:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6f24bc57-n\jmc.dll 2010-06-06 17:23 . 2010-06-06 17:23 348160 ----a-w- c:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6f24bc57-n\msvcr71.dll 2010-06-06 17:05 . 2010-06-07 06:29 -------- d-----w- c:\program files\BBC iPlayer Desktop 2010-06-06 16:24 . 2010-06-07 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-06-06 16:24 . 2010-06-07 06:29 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-06-06 14:37 . 2010-06-06 14:37 -------- d-----w- c:\program files\Trend Micro 2010-06-06 12:47 . 2010-06-06 12:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2010-06-06 12:45 . 2010-06-06 12:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor 2010-06-06 12:42 . 2010-02-17 15:52 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2010-06-06 12:42 . 2010-02-17 15:52 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2010-06-06 12:42 . 2010-02-17 15:52 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2010-06-06 12:42 . 2009-07-16 11:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2010-06-06 12:41 . 2010-06-06 12:42 -------- d-----w- c:\program files\Common Files\McAfee 2010-06-06 12:41 . 2010-06-06 12:41 -------- d-----w- c:\program files\McAfee.com 2010-06-06 12:41 . 2010-06-11 18:48 -------- d-----w- c:\program files\McAfee 2010-06-06 12:39 . 2010-02-17 15:52 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2010-06-06 12:28 . 2010-06-06 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2010-05-30 20:47 . 2010-05-30 20:47 -------- d-----w- c:\documents and settings\Neil\Application Data\Sky-Banners 2010-05-30 20:46 . 2010-05-30 20:46 0 ----a-w- c:\documents and settings\Neil\Application Data\Trusteer\Rapport\RapportBukaExt.dll 2010-05-30 20:46 . 2010-05-30 20:46 339968 ----a-w- c:\windows\system32\RapportBuka.dll 2010-05-30 20:46 . 2010-05-30 20:46 -------- d-----w- c:\documents and settings\Neil\Application Data\Street-Ads 2010-05-30 20:45 . 2010-06-06 11:56 -------- d-----w- c:\documents and settings\Neil\Local Settings\Application Data\swthcrcap 2010-05-30 20:44 . 2010-05-30 20:44 -------- d-----w- c:\program files\$NtUninstallWTF1012$ 2010-05-30 20:44 . 2010-05-30 20:44 -------- d-----w- C:\spoolerlogs . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-10 17:35 . 2009-10-20 13:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-09 04:55 . 2010-06-06 20:20 112 ----a-w- c:\documents and settings\All Users\Application Data\Gxogga1H.dat 2010-06-07 22:06 . 2009-03-25 09:01 18992 ----a-w- c:\documents and settings\Neil\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-06 17:26 . 2009-03-25 16:45 -------- d-----w- c:\program files\Java 2010-06-06 11:46 . 2010-03-08 15:24 -------- d-----w- c:\documents and settings\Neil\Application Data\Ezzi 2010-05-31 18:50 . 2010-04-10 00:33 -------- d-----w- c:\documents and settings\Neil\Application Data\Absei 2010-05-27 20:27 . 2009-03-25 18:45 -------- d-----w- c:\program files\Common Files\Adobe 2010-04-29 14:39 . 2009-10-20 13:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 14:39 . 2009-10-20 13:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-14 11:50 . 2010-04-14 11:50 385536 ----a-w- c:\windows\system32\drivers\mfehidk.sys . <pre> c:\program files\McAfee.com\Agent\mcagent .exe </pre> ((((((((((((((((((((((((((((( SnapShot@2010-06-10_17.35.19 ))))))))))))))))))))))))))))))))))))))))) . + 2009-03-25 08:15 . 2010-06-11 18:49 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2009-03-25 08:15 . 2010-06-09 04:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-03-25 08:15 . 2010-06-11 18:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2009-03-25 08:15 . 2010-06-09 04:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2010-06-11 01:29 . 2010-06-11 18:49 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-03-25 08:15 . 2010-06-09 04:45 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2010-06-11 20:11 . 2010-06-11 20:11 231888 c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe + 2010-06-11 20:11 . 2010-06-11 20:11 311760 c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-01 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15961088] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "nwiz"="nwiz.exe" [2008-09-17 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\WINDOWS\\system32\\spoolsv.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [27/02/2010 11:00 390528] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [20/10/2009 14:56 304464] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [06/06/2010 13:44 203280] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [03/05/2005 12:25 710144] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20/10/2009 14:56 20952] R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [25/03/2009 17:54 7040] S0 qtsgs;qtsgs; [x] S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [15/03/2010 14:47 0] S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [15/03/2010 14:47 0] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/02/2010 12:58 135664] S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [15/03/2010 14:47 0] . Contents of the 'Scheduled Tasks' folder 2010-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 11:58] 2010-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 11:58] 2010-06-06 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2010-06-06 11:22] 2010-06-06 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2010-06-06 11:22] 2010-06-12 c:\windows\Tasks\User_Feed_Synchronization-{8959302F-D951-401A-AA54-755F876C0499}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = <local> IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\windowsupdate . ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(680) c:\program files\SUPERAntiSpyware\SASWINLO.DLL - - - - - - - > 'explorer.exe'(5244) c:\program files\McAfee\SiteAdvisor\saHook.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\progra~1\McAfee\VIRUSS~1\mcshield.exe c:\program files\McAfee\MPF\MPFSrv.exe c:\windows\system32\nvsvc32.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\wdfmgr.exe c:\progra~1\COMMON~1\X10\Common\x10nets.exe c:\progra~1\mcafee.com\agent\mcagent.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\system32\RUNDLL32.EXE . ************************************************************************** . Completion time: 2010-06-12 08:58:43 - machine was rebooted ComboFix-quarantined-files.txt 2010-06-12 07:58 ComboFix2.txt 2010-06-10 17:44 Pre-Run: 62,715,670,528 bytes free Post-Run: 62,805,942,272 bytes free - - End Of File - - F04A9C51B8F0834C1B8EAEAEFB4E3205
  8. I have tried again but every time I run combofix its starts to scan and the pc reboots. I does not create a log file either I have just run the dds file again here is the log. DDS (Ver_10-03-17.01) - NTFSx86 Run by Neil at 21:34:08.01 on 11/06/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.563 [GMT 1:00] AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe svchost.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Neil\Desktop\dds.com C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = <local> BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\windowsupdate DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ============= SERVICES / DRIVERS =============== R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-4-14 385536] R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-2-27 390528] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-5-3 710144] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-10-20 20952] R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2009-3-25 7040] S0 qtsgs;qtsgs; [x] S1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-3-15 0] S1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-3-15 0] S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-6-6 79816] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-6-6 35272] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-6-6 34248] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-6-6 40552] =============== Created Last 30 ================ 2010-06-11 20:30:37 0 d-s---w- C:\combofix.exe 2010-06-10 14:01:00 0 ----a-w- C:\debug 2010-06-08 21:45:16 0 ----a-w- c:\documents and settings\neil\defogger_reenable 2010-06-08 17:27:59 0 d-----w- c:\docume~1\neil\applic~1\ElevatedDiagnostics 2010-06-08 17:20:00 0 d-----w- c:\windows\system32\LogFiles 2010-06-07 22:16:44 0 d-----w- c:\docume~1\neil\applic~1\SUPERAntiSpyware.com 2010-06-07 22:16:44 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2010-06-07 22:16:30 0 d-----w- c:\program files\SUPERAntiSpyware 2010-06-07 21:52:08 0 d-sha-r- C:\cmdcons 2010-06-07 21:48:28 98816 ----a-w- c:\windows\sed.exe 2010-06-07 21:48:28 77312 ----a-w- c:\windows\MBR.exe 2010-06-07 21:48:28 256512 ----a-w- c:\windows\PEV.exe 2010-06-07 21:48:28 161792 ----a-w- c:\windows\SWREG.exe 2010-06-07 17:56:34 0 d-----w- c:\program files\Windows Updates Downloader 2010-06-07 06:29:52 0 d-----w- C:\spybot 2010-06-06 20:31:23 107 ----a-w- c:\windows\wininit.ini 2010-06-06 20:20:03 112 ----a-w- c:\docume~1\alluse~1\applic~1\Gxogga1H.dat 2010-06-06 17:42:03 0 dc-h--w- c:\windows\ie8 2010-06-06 17:26:12 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-06 17:05:44 0 d-----w- c:\program files\BBC iPlayer Desktop 2010-06-06 16:24:00 0 d-----w- c:\program files\Spybot - Search & Destroy 2010-06-06 16:24:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2010-06-06 14:37:27 0 d-----w- c:\program files\Trend Micro 2010-06-06 12:45:27 12353 ----a-w- c:\windows\system32\Config.MPF 2010-06-06 12:42:12 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2010-06-06 12:42:12 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2010-06-06 12:42:12 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2010-06-06 12:42:07 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2010-06-06 12:41:39 0 d-----w- c:\program files\common files\McAfee 2010-06-06 12:41:38 0 d-----w- c:\program files\McAfee.com 2010-06-06 12:41:29 0 d-----w- c:\program files\McAfee 2010-06-06 12:39:13 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2010-05-30 20:47:06 0 d-----w- c:\docume~1\neil\applic~1\Sky-Banners 2010-05-30 20:46:50 339968 ----a-w- c:\windows\system32\RapportBuka.dll 2010-05-30 20:46:04 0 d-----w- c:\docume~1\neil\applic~1\Street-Ads 2010-05-30 20:44:33 0 d-----w- C:\spoolerlogs ==================== Find3M ==================== 2010-04-29 14:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 14:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-14 11:50:14 385536 ----a-w- c:\windows\system32\drivers\mfehidk.sys ============= FINISH: 21:35:59.23 ===============
  9. Sorry about that wrong log, here is the one you asked for DDS (Ver_10-03-17.01) - NTFSx86 Run by Neil at 9:09:14.92 on 11/06/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.643 [GMT 1:00] AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe C:\Documents and Settings\Neil\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = <local> BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\neil\startm~1\programs\startup\bbcipl~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\windowsupdate DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ============= SERVICES / DRIVERS =============== R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-4-14 385536] R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-2-27 390528] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-10-20 304464] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-6-6 203280] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-6-6 359952] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-6-6 144704] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-5-3 710144] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-10-20 20952] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-6-6 79816] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-6-6 35272] R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-6-6 34248] R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2009-3-25 7040] S0 qtsgs;qtsgs; [x] S1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-3-15 0] S1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-3-15 0] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664] S2 PEVSystemStart;PEVSystemStart;c:\combofix\PEV.cfxxe [2010-6-10 256512] S2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-3-15 0] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-6-6 40552] S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-6-6 606736] =============== Created Last 30 ================ 2010-06-10 21:08:41 0 d-s---w- C:\ComboFix 2010-06-10 14:01:00 0 ----a-w- C:\debug 2010-06-08 21:45:16 0 ----a-w- c:\documents and settings\neil\defogger_reenable 2010-06-08 17:27:59 0 d-----w- c:\docume~1\neil\applic~1\ElevatedDiagnostics 2010-06-08 17:20:00 0 d-----w- c:\windows\system32\LogFiles 2010-06-07 22:16:44 0 d-----w- c:\docume~1\neil\applic~1\SUPERAntiSpyware.com 2010-06-07 22:16:44 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2010-06-07 22:16:30 0 d-----w- c:\program files\SUPERAntiSpyware 2010-06-07 21:52:08 0 d-sha-r- C:\cmdcons 2010-06-07 21:48:28 98816 ----a-w- c:\windows\sed.exe 2010-06-07 21:48:28 77312 ----a-w- c:\windows\MBR.exe 2010-06-07 21:48:28 256512 ----a-w- c:\windows\PEV.exe 2010-06-07 21:48:28 161792 ----a-w- c:\windows\SWREG.exe 2010-06-07 17:56:34 0 d-----w- c:\program files\Windows Updates Downloader 2010-06-07 06:29:52 0 d-----w- C:\spybot 2010-06-06 20:31:23 107 ----a-w- c:\windows\wininit.ini 2010-06-06 20:20:03 112 ----a-w- c:\docume~1\alluse~1\applic~1\Gxogga1H.dat 2010-06-06 17:42:03 0 dc-h--w- c:\windows\ie8 2010-06-06 17:26:12 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-06 17:05:44 0 d-----w- c:\program files\BBC iPlayer Desktop 2010-06-06 16:24:00 0 d-----w- c:\program files\Spybot - Search & Destroy 2010-06-06 16:24:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2010-06-06 14:37:27 0 d-----w- c:\program files\Trend Micro 2010-06-06 12:45:27 12179 ----a-w- c:\windows\system32\Config.MPF 2010-06-06 12:42:12 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2010-06-06 12:42:12 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2010-06-06 12:42:12 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2010-06-06 12:42:07 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2010-06-06 12:41:39 0 d-----w- c:\program files\common files\McAfee 2010-06-06 12:41:38 0 d-----w- c:\program files\McAfee.com 2010-06-06 12:41:29 0 d-----w- c:\program files\McAfee 2010-06-06 12:39:13 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2010-05-30 20:47:06 0 d-----w- c:\docume~1\neil\applic~1\Sky-Banners 2010-05-30 20:46:50 339968 ----a-w- c:\windows\system32\RapportBuka.dll 2010-05-30 20:46:04 0 d-----w- c:\docume~1\neil\applic~1\Street-Ads 2010-05-30 20:44:33 0 d-----w- C:\spoolerlogs ==================== Find3M ==================== 2010-04-29 14:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 14:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-14 11:50:14 385536 ----a-w- c:\windows\system32\drivers\mfehidk.sys ============= FINISH: 9:10:49.07 =============== Kaspersky has finished and here is the result scan.html
  10. I tried to run combofix but half way through PC did a reboot and went back to start ? There was no combofix log on drive C:? I have run ATF cleaner and did a new scan here is the dds log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:22:25, on 10/06/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Java\jre6\bin\java.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Rapport Management Service (RapportMgmtService) - Unknown owner - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 8645 bytes Still scanning with Kaspersky at the minute Thank you for your help Steve
  11. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:52:50, on 10/06/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe C:\Program Files\HP\HP Software Update\HPWuSchd .exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Rapport Management Service (RapportMgmtService) - Unknown owner - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 8027 bytes
  12. Unfortunately I did not have this Machine to start with so I don
  13. I have just installed malwarebytes as I keep getting annoying pop ups from news 11 today. I ran malwarebytes and it shows no problems. I also tried McAfee on a full scan and its shows as clear as well? I have just noticed I am now getting lots of blocks from 00:01:34 Neil IP-BLOCK 83.133.119.139 00:01:35 Neil IP-BLOCK 83.133.119.139 00:01:36 Neil IP-BLOCK 83.133.119.139 Steve DDS (Ver_10-03-17.01) - NTFSx86 Run by Neil at 23:13:30.67 on 08/06/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.489 [GMT 1:00] AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe svchost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Common Files\Java\Java Update\jusched .exe C:\Program Files\HP\HP Software Update\HPWuSchd .exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Neil\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = <local> BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll EB: {2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe" mRun: [Alcmtr] ALCMTR.EXE mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\neil\startm~1\programs\startup\bbcipl~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\windowsupdate DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ============= SERVICES / DRIVERS =============== R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-4-14 385536] R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-2-27 390528] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-10-20 304464] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-6-6 203280] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-6-6 359952] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-6-6 144704] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-5-3 710144] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-10-20 20952] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-6-6 79816] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-6-6 35272] R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2009-3-25 7040] S0 qtsgs;qtsgs; [x] S1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-3-15 0] S1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-3-15 0] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664] S2 PEVSystemStart;PEVSystemStart;"c:\combofix\pev.cfxxe" exec /i "c:\combofix\hidec.exe" "c:\combofix\swreg.exe" acl "hkey_local_machine\system\currentcontrolset\enum\root\legacy_beep" /reset /q --> c:\combofix\PEV.cfxxe [?] S2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-3-15 0] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-6-6 34248] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-6-6 40552] S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-6-6 606736] =============== Created Last 30 ================ 2010-06-08 21:45:16 0 ----a-w- c:\documents and settings\neil\defogger_reenable 2010-06-08 17:27:59 0 d-----w- c:\docume~1\neil\applic~1\ElevatedDiagnostics 2010-06-08 17:20:00 0 d-----w- c:\windows\system32\LogFiles 2010-06-08 06:23:56 0 ----a-w- C:\debug 2010-06-08 06:20:56 70148 ----a-w- c:\docume~1\alluse~1\applic~1\Ia60Fd8y.exe 2010-06-07 22:16:44 0 d-----w- c:\docume~1\neil\applic~1\SUPERAntiSpyware.com 2010-06-07 22:16:44 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2010-06-07 22:16:30 0 d-----w- c:\program files\SUPERAntiSpyware 2010-06-07 21:52:08 0 d-sha-r- C:\cmdcons 2010-06-07 21:48:28 98816 ----a-w- c:\windows\sed.exe 2010-06-07 21:48:28 77312 ----a-w- c:\windows\MBR.exe 2010-06-07 21:48:28 256512 ----a-w- c:\windows\PEV.exe 2010-06-07 21:48:28 161792 ----a-w- c:\windows\SWREG.exe 2010-06-07 17:56:34 0 d-----w- c:\program files\Windows Updates Downloader 2010-06-07 06:29:52 0 d-----w- C:\spybot 2010-06-06 20:31:23 107 ----a-w- c:\windows\wininit.ini 2010-06-06 20:20:03 112 ----a-w- c:\docume~1\alluse~1\applic~1\Gxogga1H.dat 2010-06-06 17:42:03 0 dc-h--w- c:\windows\ie8 2010-06-06 17:26:12 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-06 17:05:44 0 d-----w- c:\program files\BBC iPlayer Desktop 2010-06-06 16:24:00 0 d-----w- c:\program files\Spybot - Search & Destroy 2010-06-06 16:24:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2010-06-06 14:37:27 0 d-----w- c:\program files\Trend Micro 2010-06-06 12:45:27 11743 ----a-w- c:\windows\system32\Config.MPF 2010-06-06 12:42:12 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2010-06-06 12:42:12 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2010-06-06 12:42:12 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2010-06-06 12:42:07 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2010-06-06 12:41:39 0 d-----w- c:\program files\common files\McAfee 2010-06-06 12:41:38 0 d-----w- c:\program files\McAfee.com 2010-06-06 12:41:29 0 d-----w- c:\program files\McAfee 2010-06-06 12:39:13 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2010-05-30 20:47:06 0 d-----w- c:\docume~1\neil\applic~1\Sky-Banners 2010-05-30 20:46:50 339968 ----a-w- c:\windows\system32\RapportBuka.dll 2010-05-30 20:46:04 0 d-----w- c:\docume~1\neil\applic~1\Street-Ads 2010-05-30 20:44:33 0 d-----w- C:\spoolerlogs 2010-05-30 20:43:32 0 d-----w- c:\docume~1\neil\applic~1\111BE277258CC614BBE131647BE8AF4E ==================== Find3M ==================== 2010-04-29 14:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 14:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-14 11:50:14 385536 ----a-w- c:\windows\system32\drivers\mfehidk.sys ============= FINISH: 23:15:24.82 =============== Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4180 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 08/06/2010 20:44:03 mbam-log-2010-06-08 (20-44-03).txt Scan type: Quick scan Objects scanned: 130117 Time elapsed: 9 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) GMER 1.0.15.15281 - http://www.gmer.net Rootkit quick scan 2010-06-09 08:32:11 Windows 5.1.2600 Service Pack 3 Running: vzyrrnmk.exe; Driver: C:\DOCUME~1\Neil\LOCALS~1\Temp\ufriqaob.sys ---- System - GMER 1.0.15 ---- Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0xF736CCA2] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xF736CC78] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF736CC8C] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF736CCE2] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF736CC14] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF736CC28] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF736CCB6] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xF736CC64] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF736CC50] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF736CD11] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF736CCF8] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF736CCCC] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) ---- EOF - GMER 1.0.15 ---- Attach.zip
  14. I have just installed malwarebytes as I keep getting annoying pop ups from news 11 today. I ran malwarebytes and it shows no problems. I also tried McAfee on a full scan and its shows as clear as well? Its driving me mad any ideas? Steve
  15. The address 85.17.184.2 is being reported as IP-Block. The provider claim there is no malware on the site. Is there a problem with this site?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.