Jump to content

jstaduffer

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

 Content Type 

Everything posted by jstaduffer

  1. jstaduffer
    Thanks Chris, All my troubles appear to be resolved!! Yay! I really appreciate your help and patience with getting this fixed. You have been Great!
  2. jstaduffer
    Last 2 scans ( Hopefully!). I will check it out over the weekend and let you know how it acts. Thanks! ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=260fb1462248f045aada403b0388f3a6 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-09-03 08:07:32 # local_time=2010-09-03 04:07:32 (-0500, Eastern Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=5121 16777173 100 75 0 12694556 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=96121 # found=0 # cleaned=0 # scan_time=4016 Results of screen317's Security Check version 0.99.5 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! ESET Online Scanner v3 McAfee SecurityCenter McAfee Virtual Technician Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 21 Java 2 Runtime Environment, SE v1.4.2_03 Adobe Flash Player 10.0.45.2 Adobe Reader 9.3.4 Mozilla Firefox (3.6.) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent ```````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) ``````````End of Log````````````
  3. jstaduffer
    Chris, Thanks for re-opening the thread. I was unavailable for a couple weeks, but would like to continue trying to resolve my issues. here are the combofix and DDS logs. Thanks John ComboFix 10-09-01.02 - John Seidel 09/02/2010 15:24:08.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1972 [GMT -4:00] Running from: c:\documents and settings\John Seidel\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((( Files Created from 2010-08-02 to 2010-09-02 ))))))))))))))))))))))))))))))) . 2010-09-02 05:25 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2010-09-02 05:12 . 2010-06-24 12:21 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll 2010-08-31 17:44 . 2010-08-31 17:44 -------- d-----w- c:\windows\system32\LogFiles 2010-08-31 17:44 . 2010-06-01 00:32 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2010-08-31 17:43 . 2010-06-01 00:32 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2010-08-31 17:43 . 2010-06-01 00:32 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2010-08-31 17:43 . 2010-06-01 00:32 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2010-08-31 17:43 . 2010-06-01 00:32 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2010-08-31 17:43 . 2010-06-01 00:32 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys 2010-08-31 17:43 . 2010-06-01 00:32 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2010-08-31 17:43 . 2010-06-01 00:32 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2010-08-31 17:43 . 2010-06-01 00:32 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2010-08-31 17:43 . 2010-06-01 00:32 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2010-08-10 21:54 . 2010-08-10 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip 2010-08-10 21:51 . 2010-08-10 21:51 14501192 ----a-w- c:\program files\winzip145.exe 2010-08-09 18:29 . 2010-08-09 18:29 503808 ----a-w- c:\documents and settings\John Seidel\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2d254473-n\msvcp71.dll 2010-08-09 18:29 . 2010-08-09 18:29 499712 ----a-w- c:\documents and settings\John Seidel\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2d254473-n\jmc.dll 2010-08-09 18:29 . 2010-08-09 18:29 348160 ----a-w- c:\documents and settings\John Seidel\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2d254473-n\msvcr71.dll 2010-08-09 18:28 . 2010-08-09 18:28 12800 ----a-w- c:\documents and settings\John Seidel\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5089e8b6-n\decora-d3d.dll 2010-08-09 18:28 . 2010-08-09 18:28 61440 ----a-w- c:\documents and settings\John Seidel\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5089e8b6-n\decora-sse.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-02 19:31 . 2010-02-09 00:39 -------- d-----w- c:\documents and settings\John Seidel\Application Data\HughesNet Download Manager 2010-09-01 18:40 . 2005-09-16 11:22 -------- d-----w- c:\program files\McAfee.com 2010-08-31 19:04 . 2008-01-28 16:09 -------- d-----w- c:\program files\McAfee 2010-08-31 19:03 . 2008-01-28 16:09 -------- d-----w- c:\program files\Common Files\McAfee 2010-08-29 04:29 . 2010-06-14 04:43 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-08-25 19:26 . 2005-09-16 11:00 -------- d-----w- c:\program files\Java 2010-07-17 09:00 . 2010-07-12 02:45 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-12 02:38 . 2010-02-08 19:19 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-07-12 02:36 . 2010-07-12 02:39 53632 ----a-w- c:\documents and settings\John Seidel\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-06-30 12:31 . 2004-08-19 20:49 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:22 . 2004-08-19 20:49 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-23 13:44 . 2004-08-19 20:49 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-22 11:22 . 2010-06-22 11:22 300384 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\Supportability\Content\MVT\XMLFiles\detect.dll 2010-06-22 11:22 . 2009-01-31 18:42 300384 ----a-w- c:\documents and settings\John Seidel\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll 2010-06-21 15:27 . 2005-09-16 10:42 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2004-08-19 20:49 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2004-08-19 21:04 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-14 07:41 . 2004-08-19 20:49 1172480 ----a-w- c:\windows\system32\msxml3.dll 2010-06-14 04:43 . 2010-06-14 04:43 552 ----a-w- c:\windows\system32\d3d8caps.dat 2010-06-01 00:32 . 2010-08-31 17:44 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "Eraser"="c:\program files\Eraser\eraser.exe" [2007-12-22 916240] "HughesNet Download Manager"="c:\program files\HughesNet Download Manager\HDM.exe" [2009-10-27 3563566] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968] "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072] "mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "dlbxmon.exe"="c:\program files\Dell Photo AIO Printer 962\dlbxmon.exe" [2005-01-18 425984] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792] "lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-06-13 668328] "lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-06-13 16040] "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-06-13 320168] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-23 202256] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-24 118784] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-07-01 1193848] c:\documents and settings\John Seidel\Start Menu\Programs\Startup\ HughesNetStatusMeter.lnk - c:\program files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe [2010-2-8 95232] Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-5-15 479232] c:\documents and settings\All Users\Start Menu\Programs\Startup\ WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-4-5 494920] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\lxdxcoms.exe"= "c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"= "c:\\WINDOWS\\system32\\lxdxcfg.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"= "c:\\Program Files\\Lexmark 3600-4600 Series\\frun.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxwbgw.exe"= "c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxlscn.exe"= "c:\\Program Files\\Lexmark 3600-4600 Series\\Diagnostics\\LXDXdiag.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\SkyGolf\\SkyCaddie Desktop\\SkyCaddieDesktop.exe"= "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"= R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [8/31/2010 1:43 PM 82952] R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?] R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [12/18/2009 6:18 PM 98984] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/13/2008 1:51 AM 93320] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/31/2010 1:43 PM 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/31/2010 1:43 PM 271480] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [8/31/2010 1:44 PM 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [8/31/2010 1:44 PM 141792] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [8/31/2010 1:43 PM 55456] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [8/31/2010 1:43 PM 312616] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [8/31/2010 1:43 PM 88480] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/22/2010 9:33 PM 135664] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [8/31/2010 1:43 PM 88480] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/31/2010 1:43 PM 83496] S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [4/4/2007 7:50 PM 47360] S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [4/4/2007 7:56 PM 28032] --- Other Services/Drivers In Memory --- *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder 2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 01:33] 2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 01:33] 2010-09-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09] 2010-09-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1787033270-980034794-1290666376-1007.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09] 2010-08-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09] 2010-09-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1787033270-980034794-1290666376-1007.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.myhughesnet.com uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/apps/vso/en-us/vso9/setexp.asp?regwiz=file://c:\program%20files\mcafee.com\agent\mcregwiz.exe&systempopup=true&affid=105-57&dtag=BQJDH81 uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: Download all with HughesNet Download Manager - file://c:\program files\HughesNet Download Manager\dlall.htm IE: Download selected with HughesNet Download Manager - file://c:\program files\HughesNet Download Manager\dlselected.htm IE: Download video with HughesNet Download Manager - file://c:\program files\HughesNet Download Manager\dlfvideo.htm IE: Download with HughesNet Download Manager - file://c:\program files\HughesNet Download Manager\dllink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html Trusted Zone: internet Trusted Zone: mcafee.com FF - ProfilePath - c:\documents and settings\John Seidel\Application Data\Mozilla\Firefox\Profiles\2v0axrqh.default\ FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-02 15:31 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(784) c:\windows\system32\WININET.dll c:\windows\system32\dfshim.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2010-09-02 15:34:04 ComboFix-quarantined-files.txt 2010-09-02 19:34 ComboFix2.txt 2010-09-02 03:07 Pre-Run: 125,945,933,824 bytes free Post-Run: 125,980,991,488 bytes free - - End Of File - - F4D86A58E332E77BE8E74F1F49A0F717 DDS (Ver_10-03-17.01) - NTFSx86 Run by John Seidel at 23:49:00.06 on Wed 09/01/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1979 [GMT -4:00] AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe C:\WINDOWS\system32\lxdxcoms.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Eraser\eraser.exe C:\Program Files\HughesNet Download Manager\HDM.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\dlbxcoms.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\John Seidel\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.myhughesnet.com uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/apps/vso/en-us/vso9/setexp.asp?regwiz=file://c:\program%20files\mcafee.com\agent\mcregwiz.exe&systempopup=true&affid=105-57&dtag=BQJDH81 uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll mURLSearchHooks: H - No File BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100831134409.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: HDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\hughesnet download manager\iefdm2.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter uRun: [Eraser] c:\program files\eraser\eraser.exe -hide uRun: [HughesNet Download Manager] "c:\program files\hughesnet download manager\HDM.exe" -autorun mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [intelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [dlbxmon.exe] "c:\program files\dell photo aio printer 962\dlbxmon.exe" mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [lxdxmon.exe] "c:\program files\lexmark 3600-4600 series\lxdxmon.exe" mRun: [lxdxamon] "c:\program files\lexmark 3600-4600 series\lxdxamon.exe" mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey StartupFolder: c:\docume~1\johnse~1\startm~1\programs\startup\hughes~1.lnk - c:\program files\hughesnetstatusmeter\hughesnetstatusmeter\HughesNetStatusMeter.exe StartupFolder: c:\docume~1\johnse~1\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE IE: Download all with HughesNet Download Manager - file://c:\program files\hughesnet download manager\dlall.htm IE: Download selected with HughesNet Download Manager - file://c:\program files\hughesnet download manager\dlselected.htm IE: Download video with HughesNet Download Manager - file://c:\program files\hughesnet download manager\dlfvideo.htm IE: Download with HughesNet Download Manager - file://c:\program files\hughesnet download manager\dllink.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL Trusted Zone: internet Trusted Zone: mcafee.com DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: igfxcui - igfxdev.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\johnse~1\applic~1\mozilla\firefox\profiles\2v0axrqh.default\ FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-31 385880] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-31 82952] R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?] R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2009-12-18 98984] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-11-13 93320] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-31 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-31 271480] R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-31 271480] R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-31 170144] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-31 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-31 141792] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-31 55456] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-31 152320] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-31 51688] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-31 312616] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-31 88480] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-22 135664] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-31 88480] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-31 83496] S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2007-4-4 47360] S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2007-4-4 28032] =============== Created Last 30 ================ 2010-09-02 02:37:50 0 d-sha-r- C:\cmdcons 2010-09-02 02:28:52 98816 ----a-w- c:\windows\sed.exe 2010-09-02 02:28:52 77312 ----a-w- c:\windows\MBR.exe 2010-09-02 02:28:52 256512 ----a-w- c:\windows\PEV.exe 2010-09-02 02:28:52 161792 ----a-w- c:\windows\SWREG.exe 2010-08-31 17:44:17 0 d-----w- c:\windows\system32\LogFiles 2010-08-31 17:44:08 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2010-08-31 17:43:58 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2010-08-31 17:43:58 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2010-08-31 17:43:58 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2010-08-31 17:43:58 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2010-08-31 17:43:58 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys 2010-08-31 17:43:58 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2010-08-31 17:43:58 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2010-08-31 17:43:58 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2010-08-31 17:43:58 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2010-08-10 21:51:31 14501192 ----a-w- c:\program files\winzip145.exe 2010-08-09 20:53:10 9748 ----a-w- c:\windows\system32\oleguids3.tlb ==================== Find3M ==================== 2010-07-17 09:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll 2009-10-18 17:28:00 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat 2008-09-01 17:37:21 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090120080902\index.dat ============= FINISH: 23:49:43.10 =============== DDS_Attach.zip
  4. jstaduffer
    Hi Chris, here are the MBAM and the DDS files. Wasn't sure about the minimized file so I also attached the "attach" file too. MBAM log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4415 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 8/10/2010 5:13:56 PM mbam-log-2010-08-10 (17-13-56).txt Scan type: Quick scan Objects scanned: 160221 Time elapsed: 13 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> No action taken. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vpgtdkvw (Rogue.AntivirusSuite.Gen) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rywbrgtv (Rogue.AntivirusSuite.Gen) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vpgtdkvw (Rogue.AntivirusSuite.Gen) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rywbrgtv (Rogue.AntivirusSuite.Gen) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ********************************************************* DDS (Ver_10-03-17.01) - NTFSx86 Run by John Seidel at 17:17:40.14 on Tue 08/10/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1624 [GMT -4:00] AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Eraser\eraser.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HughesNet Download Manager\HDM.exe C:\Program Files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe svchost.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe C:\WINDOWS\system32\lxdxcoms.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\dlbxcoms.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\John Seidel\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.myhughesnet.com uSearch Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE uDefault_Page_URL = hxxp://www.dell4me.com/myway uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/apps/vso/en-us/vso9/setexp.asp?regwiz=file://c:\program%20files\mcafee.com\agent\mcregwiz.exe&systempopup=true&affid=105-57&dtag=BQJDH81 uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll mURLSearchHooks: H - No File BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: HDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\hughesnet download manager\iefdm2.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter uRun: [Eraser] c:\program files\eraser\eraser.exe -hide uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [DelayShred] c:\progra~1\mcafee\mshr\shrcl.exe /p7 /q c:\docume~1\johnse~1\locals~1\tempor~1\content.ie5\0pa5mnzd\ajtg_1~1.sh! c:\docume~1\johnse~1\locals~1\tempor~1\content.ie5\4mktneh9\imp_4_~1.sh! c:\docume~1\johnse~1\locals~1\tempor~1\content.ie5\4t7stmxo\imp_2_~1.sh! c:\docume~1\johnse~1\locals~1\tempor~1\content.ie5\e45rp4bm\imp_3_~1.sh! c:\docume~1\johnse~1\locals~1\tempor~1\content.ie5\girw7v7x\imp_1_~1.sh! c:\docume~1\johnse~1\locals~1\tempor~1\content.ie5\84a8kgr0\imp_3_~1.sh! c:\docume~1\johnse~1\locals~1\tempor~1\content.ie5\upb9yod5\imp_1_~1.sh! c:\docume~1\johnse~1\locals~1\tempor~1\content.ie5\7wp2kbhr\imp_3_~1.sh! c:\docume~1\johnse~1\locals~1\tempor~1\content.ie5\7wp2kbhr\imp_2_~1.sh! c:\docume~1\johnse~1\locals~1\tempor~1\content.ie5\rt7vall4\nubile~1.sh! c:\docume~1\johnse~1\locals~1\tempor~1\content.ie5\4ndei0pk\thexam~1.sh! c:\docume~1\johnse~1\locals~1\tempor~1\content.ie5\rt7vall4\dreamy~1.sh! c:\docume~1\johnse~1\locals~1\tempor~1\content.ie5\4ndei0pk\faye_1~1.sh! c:\docume~1\johnse~1\locals~1\tempor~1\content.ie5\9ssny64f\openha~1.sh! c:\docume~1\johnse~1\locals~1\tempor~1\content.ie5\jii1n1a2\iframe~1.sh! c:\docume~1\johnse~1\locals~1\temp\freedo~1.sh! c:\docume~1\johnse~1\locals~1\tempor~1\content.ie5\9ssny64f\8yhim1~1.sh! c:\docume~1\johnse~1\locals~1\tempor~1\content.ie5\84a8kgr0\fac089~1.sh! c:\docume~1\johnse~1\locals~1\tempor~1\content.ie5\tfuq4r3b\palace~1.sh! c:\docume~1\johnse~1\locals~1\tempor~1\content.ie5\6kh1i6kd\favico~1.sh! c:\docume~1\johnse~1\locals~1\tempor~1\content.ie5\tfuq4r3b\blonde~1.sh! c:\docume~1\johnse~1\locals~1\tempor~1\content.ie5\p7qw63q9\fa9455~1.sh! c:\docume~1\johnse~1\locals~1\tempor~1\content.ie5\girw7v7x\7dog_c~1.sh! c:\docume~1\johnse~1\locals~1\tempor~1\content.ie5\ldqk5r21\fa9855~1.sh! c:\docume~1\johnse~1\locals~1\tempor~1\content.ie5\iqud8zry\nunude~1.sh! c:\docume~1\johnse~1\locals~1\tempor~1\content.ie5\2d7zmzym\sh16_1~1.sh! c:\docume~1\johnse~1\locals~1\tempor~1\content.ie5\2d7zmzym\adscat~1.sh! c:\docume~1\johnse~1\locals~1\tempor~1\content.ie5\0ff6w6m0\pick-u~1.sh! c:\docume~1\johnse~1\locals~1\tempor~1\content.ie5\iqud8zry\adsca8~1.sh! c:\docume~1\johnse~1\locals~1\tempor~1\content.ie5\7dupgy93\update~2.sh! c:\docume~1\johnse~1\locals~1\temp\air12.tmp\adobea~1\versions\1.sh! c:\docume~1\johnse~1\locals~1\temp\air12.tmp\adobea~1\versions.sh! c:\docume~1\johnse~1\locals~1\temp\air12.tmp\adobea~1.sh! c:\docume~1\johnse~1\locals~1\temp\AIR12.SH! uRun: [Minisoft] c:\windows\msb.exe uRun: [HughesNet Download Manager] "c:\program files\hughesnet download manager\HDM.exe" -autorun mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [intelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [dlbxmon.exe] "c:\program files\dell photo aio printer 962\dlbxmon.exe" mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [lxdxmon.exe] "c:\program files\lexmark 3600-4600 series\lxdxmon.exe" mRun: [lxdxamon] "c:\program files\lexmark 3600-4600 series\lxdxamon.exe" mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe dRun: [napeepeg] c:\documents and settings\networkservice\local settings\application data\bbexeurin\rjmosjutssd.exe dRun: [ykpsclgy] c:\documents and settings\networkservice\local settings\application data\ecdyflwaq\sesrnthtssd.exe StartupFolder: c:\docume~1\johnse~1\startm~1\programs\startup\hughes~1.lnk - c:\program files\hughesnetstatusmeter\hughesnetstatusmeter\HughesNetStatusMeter.exe StartupFolder: c:\docume~1\johnse~1\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe IE: Download all with HughesNet Download Manager - file://c:\program files\hughesnet download manager\dlall.htm IE: Download selected with HughesNet Download Manager - file://c:\program files\hughesnet download manager\dlselected.htm IE: Download video with HughesNet Download Manager - file://c:\program files\hughesnet download manager\dlfvideo.htm IE: Download with HughesNet Download Manager - file://c:\program files\hughesnet download manager\dllink.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL Trusted Zone: internet Trusted Zone: mcafee.com DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: igfxcui - igfxdev.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\johnse~1\applic~1\mozilla\firefox\profiles\2v0axrqh.default\ FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\documents and settings\john seidel\local settings\application data\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-1-28 214664] R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?] R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2009-12-18 98984] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-11-13 93320] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-1-28 359952] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-1-28 144704] R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-1-28 606736] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-1-28 79816] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-1-28 35272] R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-1-28 40552] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-22 135664] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-1-28 34248] S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2007-4-4 47360] S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2007-4-4 28032] =============== Created Last 30 ================ 2010-07-18 21:30:04 0 ----a-w- c:\documents and settings\john seidel\defogger_reenable 2010-07-12 02:45:51 411368 ----a-w- c:\windows\system32\deployJava1.dll ==================== Find3M ==================== 2010-07-15 19:18:22 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2009-10-18 17:28:00 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat 2008-09-01 17:37:21 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090120080902\index.dat ============= FINISH: 17:19:40.92 =============== DDS_Attach.zip
  5. jstaduffer
    Thank you, Yes, I still need some help ! Although I was able to re-activate Windows, I have not attempted to run the GMER again. Was holding up until I heard from someone. Still trying to solve original problem with search and unrequested web pages displaying.
  6. jstaduffer
    I downloaded GMER and ran the program, the program ended with the Blue screen of death. I rebooted the machine and attempted to run it a second time. This attempt ended with an error msg " doooo144 Unknown Hard Error" after rebooting my windows shows the "Active Desktop Recovery " msg. but will not restore the active desktop. Thanks for your assistance, John
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.