Jump to content

alfars

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

 Content Type 

Everything posted by alfars

  1. alfars
    Kenny, Do you ever sleep? Latest scans look good. Should I run the flash drive scan on every flash drive/memory card that I have? Thanks, Dave Log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4291 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 7/8/2010 8:00:21 AM mbam-log-2010-07-08 (08-00-21).txt Scan type: Quick scan Objects scanned: 137022 Time elapsed: 4 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  2. alfars
    I actually don't see the folder NetworkServices under documents and settings even though I have show hidden files and folders checked. A search doesn't find "nosgytuoi" No idea what it is. My system is much more stable now. Definatly making some progress Thanks for all the help, Dave New Log: ComboFix 10-07-07.01 - Owner 07/08/2010 5:06.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.416 [GMT -4:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_638c3e07 -------\Service_a419ce07 -------\Service_cfa672ae ((((((((((((((((((((((((( Files Created from 2010-06-08 to 2010-07-08 ))))))))))))))))))))))))))))))) . 2010-07-08 08:55 . 2010-07-08 08:55 -------- d-sh--w- c:\documents and settings\Owner\UserData 2010-07-07 23:00 . 2008-04-14 00:12 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe 2010-07-07 23:00 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe 2010-06-30 02:16 . 2010-06-30 02:16 -------- d-----w- c:\temp\qt-common 2010-06-28 21:03 . 2010-06-28 21:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer 2010-06-28 21:03 . 2010-06-28 21:03 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer 2010-06-28 05:00 . 2010-06-28 05:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\nosgytuoi . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-07 21:52 . 2005-01-12 17:37 4992 ----a-w- c:\windows\system32\drivers\toside.sys 2010-07-02 02:17 . 2010-06-19 12:19 63488 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-07-02 02:17 . 2009-05-02 23:29 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-07-02 02:16 . 2009-05-02 23:28 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-06-27 14:30 . 2010-06-27 14:30 -------- d-----w- c:\documents and settings\Owner\Application Data\MoveFab 2010-06-27 13:19 . 2010-06-27 12:44 -------- d-----w- c:\program files\DVDFab 7 2010-06-27 13:04 . 2006-05-12 03:26 -------- d-----w- c:\program files\Google 2010-06-27 12:44 . 2007-01-20 20:24 -------- d-----w- c:\documents and settings\Owner\Application Data\Vso 2010-06-03 14:06 . 2006-05-12 03:40 -------- d-----w- c:\program files\McAfee 2010-05-17 09:07 . 2009-05-02 20:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-11 21:11 . 2010-05-11 21:11 -------- d-----w- c:\program files\The Learning Company 2010-04-29 19:39 . 2009-05-02 20:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:39 . 2009-05-02 20:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-27 21:16 . 2010-04-27 22:19 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2010-04-27 21:16 . 2010-04-27 22:19 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2010-04-27 21:16 . 2010-04-27 22:19 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2010-04-27 21:16 . 2010-04-27 22:19 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2010-04-27 21:16 . 2010-04-27 22:19 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2010-04-27 21:16 . 2010-04-27 22:19 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys 2010-04-27 21:16 . 2010-04-27 22:19 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2010-04-27 21:16 . 2007-02-11 20:32 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2010-04-27 21:16 . 2007-02-11 20:32 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2010-04-27 21:16 . 2007-02-11 20:32 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-02 2403568] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048] "nwiz"="nwiz.exe" [2005-09-17 1519616] "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-02-05 356352] "CHotkey"="zHotkey.exe" [2004-12-09 550912] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-17 7204864] "RTHDCPL"="RTHDCPL.EXE" [2005-09-14 14820864] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-17 86016] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-21 1193336] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress"="NA" [X] c:\documents and settings\All Users\Start Menu\Programs\Startup\ APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2006-8-5 209016] BigFix.lnk - c:\program files\BigFix\bigfix.exe [2006-5-11 2168360] DVD@ccess.lnk - c:\program files\Apple Computer\DVD@ccess\DVDAccess.exe [2007-2-3 888832] Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-7-11 122880] Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-11 61440] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-11-16 12:07 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [5/2/2009 1:13 PM 28544] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [4/27/2010 6:19 PM 82952] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [4/28/2009 11:33 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 67656] R2 DVDAccss;DVDAccss;c:\windows\system32\drivers\DVDAccss.sys [2/3/2007 6:46 PM 29156] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/27/2010 6:19 PM 271480] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/27/2010 6:19 PM 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/27/2010 6:19 PM 271480] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [4/27/2010 6:20 PM 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [4/27/2010 6:19 PM 141792] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [4/27/2010 6:19 PM 55456] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [4/27/2010 6:19 PM 312616] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [4/27/2010 6:19 PM 88480] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [4/27/2010 6:19 PM 88480] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [4/27/2010 6:19 PM 83496] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 12872] --- Other Services/Drivers In Memory --- *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder 2010-06-28 c:\windows\Tasks\My Documents backup.job - c:\windows\system32\ntbackup.exe [2005-01-09 00:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=67qMTGRA6lgqH0ZR7AwIDymzh58 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-08 05:16 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1020) c:\program files\SUPERAntiSpyware\SASWINLO.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\program files\Common Files\McAfee\SystemCore\mcshield.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\windows\zHotkey.exe c:\windows\RTHDCPL.EXE c:\windows\eHome\ehmsas.exe c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2010-07-08 05:23:19 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-08 09:23 ComboFix2.txt 2010-07-07 23:15 Pre-Run: 157,570,662,400 bytes free Post-Run: 157,541,756,928 bytes free - - End Of File - - ABB0F73EC0E41EED266E64DE3C9482B8
  3. alfars
    Kenny, It took a little while but seemed to work ok. Thanks Dave Log: ComboFix 10-07-06.05 - Owner 07/07/2010 18:55:21.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.553 [GMT -4:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\811197608.dat c:\windows\system32\drivers\pbwiey.sys c:\windows\xpsp1hfm.log D:\Autorun.inf J:\Autorun.inf c:\windows\system32\grpconv.exe was missing Restored copy from - c:\windows\ServicePackFiles\i386\grpconv.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_iruyaeo -------\Service_iruyaeo ((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 ))))))))))))))))))))))))))))))) . 2010-07-07 23:00 . 2008-04-14 00:12 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe 2010-07-07 23:00 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe 2010-06-30 02:16 . 2010-06-30 02:16 -------- d-----w- c:\temp\qt-common 2010-06-28 21:03 . 2010-06-28 21:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer 2010-06-28 21:03 . 2010-06-28 21:03 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer 2010-06-28 05:00 . 2010-06-28 05:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\nosgytuoi . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-07 21:52 . 2005-01-12 17:37 4992 ----a-w- c:\windows\system32\drivers\toside.sys 2010-07-02 02:17 . 2010-06-19 12:19 63488 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-07-02 02:17 . 2009-05-02 23:29 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-07-02 02:16 . 2009-05-02 23:28 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-06-27 14:30 . 2010-06-27 14:30 -------- d-----w- c:\documents and settings\Owner\Application Data\MoveFab 2010-06-27 13:19 . 2010-06-27 12:44 -------- d-----w- c:\program files\DVDFab 7 2010-06-27 13:04 . 2006-05-12 03:26 -------- d-----w- c:\program files\Google 2010-06-27 12:44 . 2007-01-20 20:24 -------- d-----w- c:\documents and settings\Owner\Application Data\Vso 2010-06-03 14:06 . 2006-05-12 03:40 -------- d-----w- c:\program files\McAfee 2010-05-17 09:07 . 2009-05-02 20:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-11 21:11 . 2010-05-11 21:11 -------- d-----w- c:\program files\The Learning Company 2010-04-29 19:39 . 2009-05-02 20:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:39 . 2009-05-02 20:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-27 21:16 . 2010-04-27 22:19 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2010-04-27 21:16 . 2010-04-27 22:19 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2010-04-27 21:16 . 2010-04-27 22:19 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2010-04-27 21:16 . 2010-04-27 22:19 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2010-04-27 21:16 . 2010-04-27 22:19 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2010-04-27 21:16 . 2010-04-27 22:19 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys 2010-04-27 21:16 . 2010-04-27 22:19 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2010-04-27 21:16 . 2007-02-11 20:32 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2010-04-27 21:16 . 2007-02-11 20:32 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2010-04-27 21:16 . 2007-02-11 20:32 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-02 2403568] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048] "nwiz"="nwiz.exe" [2005-09-17 1519616] "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-02-05 356352] "CHotkey"="zHotkey.exe" [2004-12-09 550912] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-17 7204864] "RTHDCPL"="RTHDCPL.EXE" [2005-09-14 14820864] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-17 86016] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-21 1193336] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress"="NA" [X] c:\documents and settings\All Users\Start Menu\Programs\Startup\ APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2006-8-5 209016] BigFix.lnk - c:\program files\BigFix\bigfix.exe [2006-5-11 2168360] DVD@ccess.lnk - c:\program files\Apple Computer\DVD@ccess\DVDAccess.exe [2007-2-3 888832] Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-7-11 122880] Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-11 61440] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-11-16 12:07 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [5/2/2009 1:13 PM 28544] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [4/27/2010 6:19 PM 82952] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [4/28/2009 11:33 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 67656] R2 DVDAccss;DVDAccss;c:\windows\system32\drivers\DVDAccss.sys [2/3/2007 6:46 PM 29156] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/27/2010 6:19 PM 271480] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/27/2010 6:19 PM 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/27/2010 6:19 PM 271480] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [4/27/2010 6:20 PM 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [4/27/2010 6:19 PM 141792] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [4/27/2010 6:19 PM 55456] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [4/27/2010 6:19 PM 312616] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [4/27/2010 6:19 PM 88480] S1 638c3e07;638c3e07;c:\windows\system32\drivers\638c3e07.sys --> c:\windows\system32\drivers\638c3e07.sys [?] S1 a419ce07;a419ce07;c:\windows\system32\drivers\a419ce07.sys --> c:\windows\system32\drivers\a419ce07.sys [?] S1 cfa672ae;cfa672ae;c:\windows\system32\drivers\cfa672ae.sys --> c:\windows\system32\drivers\cfa672ae.sys [?] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [4/27/2010 6:19 PM 88480] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [4/27/2010 6:19 PM 83496] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 12872] --- Other Services/Drivers In Memory --- *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder 2010-06-28 c:\windows\Tasks\My Documents backup.job - c:\windows\system32\ntbackup.exe [2005-01-09 00:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=67qMTGRA6lgqH0ZR7AwIDymzh58 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html . - - - - ORPHANS REMOVED - - - - SafeBoot-klmdb.sys MSConfigStartUp-ttool - c:\windows\9129837.exe AddRemove-McAfee Uninstall Utility - c:\progra~1\McAfee.com\Shared\mcappins.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-07 19:07 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1024) c:\program files\SUPERAntiSpyware\SASWINLO.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\program files\Common Files\McAfee\SystemCore\mcshield.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\windows\zHotkey.exe c:\windows\RTHDCPL.EXE c:\windows\eHome\ehmsas.exe c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2010-07-07 19:15:45 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-07 23:15 Pre-Run: 156,810,604,544 bytes free Post-Run: 157,312,946,176 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect - - End Of File - - C72C610B346BFD89F9085C48FFE5DB38
  4. alfars
    Kenny, Thanks for the support, Dave This is the log from TDSS: 17:49:59:851 2596 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49 17:49:59:851 2596 ================================================================================ 17:49:59:851 2596 SystemInfo: 17:49:59:851 2596 OS Version: 5.1.2600 ServicePack: 3.0 17:49:59:851 2596 Product type: Workstation 17:49:59:851 2596 ComputerName: OFFICE-EMACHINE 17:49:59:851 2596 UserName: Owner 17:49:59:851 2596 Windows directory: C:\WINDOWS 17:49:59:851 2596 System windows directory: C:\WINDOWS 17:49:59:851 2596 Processor architecture: Intel x86 17:49:59:851 2596 Number of processors: 1 17:49:59:851 2596 Page size: 0x1000 17:49:59:851 2596 Boot type: Normal boot 17:49:59:851 2596 ================================================================================ 17:50:00:226 2596 Initialize success 17:50:00:226 2596 17:50:00:226 2596 Scanning Services ... 17:50:00:648 2596 Raw services enum returned 368 services 17:50:00:664 2596 17:50:00:664 2596 Scanning Drivers ... 17:50:01:164 2596 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 17:50:01:242 2596 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 17:50:01:273 2596 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 17:50:01:304 2596 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 17:50:01:398 2596 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 17:50:01:429 2596 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 17:50:01:476 2596 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 17:50:01:492 2596 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 17:50:01:539 2596 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 17:50:01:617 2596 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 17:50:01:679 2596 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 17:50:01:726 2596 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 17:50:01:820 2596 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 17:50:01:836 2596 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 17:50:01:898 2596 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 17:50:01:961 2596 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 17:50:02:023 2596 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 17:50:02:070 2596 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 17:50:02:132 2596 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 17:50:02:226 2596 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 17:50:02:257 2596 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 17:50:02:351 2596 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 17:50:02:414 2596 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 17:50:02:445 2596 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 17:50:02:492 2596 BVRPMPR5 (2120b6607cbbe426ce821643838ea1d3) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS 17:50:02:586 2596 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 17:50:02:601 2596 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 17:50:02:945 2596 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 17:50:03:070 2596 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 17:50:03:148 2596 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 17:50:03:164 2596 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 17:50:03:211 2596 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys 17:50:03:226 2596 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys 17:50:03:242 2596 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 17:50:03:304 2596 cfwids (44e4a7dded054dd55ae995c3aed719ae) C:\WINDOWS\system32\drivers\cfwids.sys 17:50:03:398 2596 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 17:50:03:429 2596 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 17:50:03:445 2596 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 17:50:03:461 2596 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 17:50:03:492 2596 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 17:50:03:539 2596 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 17:50:03:586 2596 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 17:50:03:695 2596 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 17:50:03:726 2596 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 17:50:03:757 2596 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 17:50:03:773 2596 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 17:50:03:804 2596 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 17:50:03:836 2596 DVDAccss (937ac237c80b2f0a1b7f88c40bc30334) C:\WINDOWS\system32\drivers\DVDAccss.sys 17:50:03:929 2596 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 17:50:04:007 2596 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 17:50:04:039 2596 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 17:50:04:086 2596 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 17:50:04:117 2596 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 17:50:04:164 2596 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 17:50:04:179 2596 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 17:50:04:195 2596 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 17:50:04:242 2596 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 17:50:04:320 2596 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 17:50:04:367 2596 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys 17:50:04:414 2596 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 17:50:04:445 2596 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys 17:50:04:476 2596 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 17:50:04:492 2596 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 17:50:04:586 2596 HSFHWBS2 (c02dc9d4358e43d088f2061c2b2bf30e) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 17:50:04:664 2596 HSF_DPV (cbf6831420a97e8fbb91e5f52b707ef7) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 17:50:04:789 2596 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys 17:50:04:867 2596 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 17:50:04:898 2596 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 17:50:04:914 2596 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 17:50:04:929 2596 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 17:50:04:945 2596 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 17:50:05:132 2596 IntcAzAudAddService (98b7fab86755a42fe8eb04538a4cd6c8) C:\WINDOWS\system32\drivers\RtkHDAud.sys 17:50:05:523 2596 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 17:50:05:586 2596 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 17:50:05:632 2596 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 17:50:05:695 2596 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 17:50:05:726 2596 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 17:50:05:757 2596 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 17:50:05:789 2596 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 17:50:05:820 2596 iruyaeo (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\pbwiey.sys 17:50:05:945 2596 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 17:50:05:976 2596 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 17:50:05:992 2596 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 17:50:06:039 2596 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys 17:50:06:070 2596 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 17:50:06:101 2596 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys 17:50:06:164 2596 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 17:50:06:195 2596 mfeapfk (b77e959e1c50d3e3a9d9ef423be62e09) C:\WINDOWS\system32\drivers\mfeapfk.sys 17:50:06:289 2596 mfeavfk (e84596fcb591117f5597498a5f82ad97) C:\WINDOWS\system32\drivers\mfeavfk.sys 17:50:06:398 2596 mfebopk (d40ce01e2d3fe0c079cd2d6b3e4b823b) C:\WINDOWS\system32\drivers\mfebopk.sys 17:50:06:476 2596 mfefirek (3962c6a9e35c4319dcdab0497614fd69) C:\WINDOWS\system32\drivers\mfefirek.sys 17:50:06:554 2596 mfehidk (e7ecf7872bf8f2897ae5a696d908c2f7) C:\WINDOWS\system32\drivers\mfehidk.sys 17:50:06:648 2596 mfendisk (554dbbdc8c3b4f380b21269239bd29bb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys 17:50:06:695 2596 mfendiskmp (554dbbdc8c3b4f380b21269239bd29bb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys 17:50:06:742 2596 mferkdet (e411594ac94baef7f8ea991cc8f47fd1) C:\WINDOWS\system32\drivers\mferkdet.sys 17:50:06:820 2596 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys 17:50:06:914 2596 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys 17:50:06:992 2596 mfetdi2k (1bfe4c4ccf8cd2d7deaffb424e691196) C:\WINDOWS\system32\drivers\mfetdi2k.sys 17:50:07:070 2596 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 17:50:07:195 2596 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 17:50:07:226 2596 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 17:50:07:242 2596 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 17:50:07:289 2596 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 17:50:07:304 2596 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 17:50:07:351 2596 mr7910 (e3274b2b7bbd44391e84d244e8bcc555) C:\WINDOWS\system32\DRIVERS\mr7910.sys 17:50:07:476 2596 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 17:50:07:554 2596 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 17:50:07:586 2596 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 17:50:07:632 2596 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 17:50:07:664 2596 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 17:50:07:711 2596 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 17:50:07:726 2596 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 17:50:07:757 2596 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 17:50:07:789 2596 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 17:50:07:820 2596 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 17:50:07:867 2596 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys 17:50:07:945 2596 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 17:50:07:976 2596 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 17:50:08:007 2596 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 17:50:08:039 2596 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 17:50:08:070 2596 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 17:50:08:086 2596 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 17:50:08:117 2596 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 17:50:08:132 2596 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 17:50:08:148 2596 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 17:50:08:179 2596 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 17:50:08:195 2596 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 17:50:08:257 2596 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 17:50:08:382 2596 nv (84c65aa58ae1ede93716439267a23d40) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 17:50:08:695 2596 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 17:50:08:757 2596 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 17:50:08:836 2596 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 17:50:08:851 2596 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 17:50:08:898 2596 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys 17:50:08:914 2596 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 17:50:08:945 2596 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 17:50:08:992 2596 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 17:50:09:007 2596 pavboot (210a628a0d7b3f45257850efbff27538) C:\WINDOWS\system32\drivers\pavboot.sys 17:50:09:117 2596 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 17:50:09:164 2596 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 17:50:09:195 2596 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 17:50:09:242 2596 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys 17:50:09:351 2596 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 17:50:09:414 2596 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 17:50:09:461 2596 pfc (d1779c14abb7992f5c20c262ba5c7af2) C:\WINDOWS\system32\drivers\pfc.sys 17:50:09:539 2596 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 17:50:09:554 2596 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 17:50:09:570 2596 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 17:50:09:632 2596 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 17:50:09:664 2596 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 17:50:09:726 2596 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 17:50:09:742 2596 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 17:50:09:773 2596 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 17:50:09:789 2596 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 17:50:09:804 2596 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 17:50:09:836 2596 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 17:50:09:882 2596 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 17:50:09:898 2596 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 17:50:09:914 2596 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 17:50:09:945 2596 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 17:50:09:976 2596 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 17:50:10:023 2596 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 17:50:10:054 2596 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 17:50:10:086 2596 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 17:50:10:164 2596 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 17:50:10:195 2596 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS 17:50:10:226 2596 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 17:50:10:320 2596 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 17:50:10:367 2596 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 17:50:10:382 2596 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 17:50:10:445 2596 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 17:50:10:476 2596 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 17:50:10:507 2596 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 17:50:10:554 2596 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 17:50:10:570 2596 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 17:50:10:601 2596 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys 17:50:10:632 2596 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 17:50:10:679 2596 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 17:50:10:695 2596 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 17:50:10:726 2596 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 17:50:10:789 2596 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 17:50:10:851 2596 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 17:50:10:867 2596 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 17:50:10:945 2596 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 17:50:10:992 2596 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 17:50:11:039 2596 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 17:50:11:086 2596 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 17:50:11:117 2596 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 17:50:11:164 2596 TosIde (d4253fa9f870e6d7c0d3f4c155684b8e) C:\WINDOWS\system32\DRIVERS\toside.sys 17:50:11:164 2596 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\toside.sys. Real md5: d4253fa9f870e6d7c0d3f4c155684b8e, Fake md5: f2790f6af01321b172aa62f8e1e187d9 17:50:11:164 2596 File "C:\WINDOWS\system32\DRIVERS\toside.sys" infected by TDSS rootkit ... 17:50:18:664 2596 Backup copy found, using it.. 17:50:18:664 2596 will be cured on next reboot 17:50:18:789 2596 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 17:50:18:836 2596 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 17:50:18:945 2596 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 17:50:18:976 2596 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 17:50:19:008 2596 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 17:50:19:023 2596 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 17:50:19:039 2596 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 17:50:19:054 2596 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 17:50:19:101 2596 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 17:50:19:133 2596 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 17:50:19:179 2596 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 17:50:19:195 2596 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 17:50:19:226 2596 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 17:50:19:258 2596 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 17:50:19:258 2596 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 17:50:19:289 2596 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 17:50:19:336 2596 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys 17:50:19:383 2596 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 17:50:19:461 2596 winachsf (59d043485a6eda2ed2685c81489ae5bd) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 17:50:19:601 2596 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 17:50:19:601 2596 Reboot required for cure complete.. 17:50:19:851 2596 Cure on reboot scheduled successfully 17:50:19:851 2596 17:50:19:851 2596 Completed 17:50:19:851 2596 17:50:19:851 2596 Results: 17:50:19:851 2596 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 17:50:19:851 2596 File objects infected / cured / cured on reboot: 1 / 0 / 1 17:50:19:851 2596 17:50:19:867 2596 KLMD(ARK) unloaded successfully
  5. alfars
    Folks, First of all I apologize if this is a duplicate post but my system keeps crashing when I hit "Post New Topic". I'm posting this from my work computer now. I could really use some help with this one. I've been fighting it for a few weeks and it's winning. Symptoms: Random computer lock-ups Rogue svchost processes (sometimes exceeding 100mb) MCshield (McAfee) process exceeds 100mb Memory card reader no longer works (shows card but not contents) Browser redirects and pop-ups Google redirects Windows updates seem disabled Redirects when I try to go to Microsoft site Random failures of Win32services Start menu turns grey Every scan I run shows a change to the registry to %fystemRoot% from %systemRoot%. Malware tries to change it back but it just changes again. Regedit won't allow me to change it. My logs and files are attached but when I try to run GMER the system reboots on it's own before the scan finishes. I have also tried to run it from safe mode but when I hit scan it just shuts down, so I don't have a log from this scan. Thanks for any and all help, Dave Mbam Log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4282 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 7/6/2010 6:40:07 PM mbam-log-2010-07-06 (18-40-07).txt Scan type: Full scan (C:\|D:\|J:\|) Objects scanned: 330972 Time elapsed: 1 hour(s), 27 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS.txt: DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 7:06:47.70 on Wed 07/07/2010 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.432 [GMT -4:00] AV: Defense Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9} AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe C:\WINDOWS\zHotkey.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Digital Media Reader\readericon45G.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\BigFix\bigfix.exe C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Program Files\Microsoft Office\Office\OSA.EXE C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Documents and Settings\Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uSearch Bar = hxxp://www.google.com/ie uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=67qMTGRA6lgqH0ZR7AwIDymzh58 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100518025104.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [nwiz] nwiz.exe /install mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe" mRun: [CHotkey] zHotkey.exe mRun: [Alcmtr] ALCMTR.EXE mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE mRun: [readericon] c:\program files\digital media reader\readericon45G.exe mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u dRun: [Power2GoExpress] NA StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvd@cc~1.lnk - c:\program files\apple computer\dvd@ccess\DVDAccess.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - hxxp://www.eaglegps.com/Downloads/Emulators/FishElite_320/isetup.cab DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ============= SERVICES / DRIVERS =============== R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-11 385880] R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-5-2 28544] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-27 82952] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-4-28 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-4-28 67656] R2 DVDAccss;DVDAccss;c:\windows\system32\drivers\DVDAccss.sys [2007-2-3 29156] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-27 271480] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-27 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-27 271480] R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-27 271480] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328] R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-27 170144] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-27 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-27 141792] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-27 55456] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-11 152320] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-11 51688] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-27 312616] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-4-27 88480] S1 638c3e07;638c3e07;c:\windows\system32\drivers\638c3e07.sys --> c:\windows\system32\drivers\638c3e07.sys [?] S1 a419ce07;a419ce07;c:\windows\system32\drivers\a419ce07.sys --> c:\windows\system32\drivers\a419ce07.sys [?] S1 cfa672ae;cfa672ae;c:\windows\system32\drivers\cfa672ae.sys --> c:\windows\system32\drivers\cfa672ae.sys [?] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-4-27 88480] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-27 83496] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-11 34248] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-11 40552] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-4-28 12872] S4 iruyaeo;iruyaeo;c:\windows\system32\drivers\pbwiey.sys [2010-6-29 54016] =============== Created Last 30 ================ 2010-07-07 10:55:37 0 ----a-w- c:\documents and settings\owner\defogger_reenable 2010-06-30 02:16:20 0 d-----w- c:\temp\qt-common 2010-06-30 02:14:35 54016 ----a-w- c:\windows\system32\drivers\pbwiey.sys 2010-06-27 14:30:24 0 d-----w- c:\docume~1\owner\applic~1\MoveFab 2010-06-27 12:44:29 0 d-----w- c:\program files\DVDFab 7 2010-06-18 16:48:22 5632 ----a-w- c:\windows\system32\ptpusb.dll 2010-06-18 16:48:21 159232 ----a-w- c:\windows\system32\ptpusd.dll 2010-06-18 16:48:21 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2010-06-18 16:48:21 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys ==================== Find3M ==================== Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.