Jump to content

AcrylicCoach

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Okay, re-enabled it in Safe Mode and everything appears to be running smoothly. Thank you so much for your help! I don't have a lot to donate but I hope it's enough to get you a few beers on the weekend
  2. I had the same message appear 'Unable to open File'. Should I try again in Admin safe mode? That's where I originally downloaded the file.
  3. Hi, just one last problem, When running defogger to re-enable it comes up with 'Unable to open File' when I click yes. In the log 'Defogger enable' there was only this: defogger_enable by jpshortstuff (23.02.10.1) Log created at 07:47 on 08/03/2011 (Administrator) Parsing file... -=E.O.F=-
  4. Hi again, Everything seems to be running perfectly now. No pop ups from McAfee, no strange user agreement, all that is left is the desktop icon for a fake 'windows safe mode' but the link appears to be disabled (I haven't tempted fate by clicking it) Here is the new COMBOFIX log: ComboFix 11-03-07.02 - Clown Prince 08/03/2011 9:56.2.3 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3327.2647 [GMT 11:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Clown Prince\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} * Created a new restore point . FILE :: "c:\windows\system32\drivers\fuwd.sys" "c:\windows\system32\drivers\jvxmia.sys" "c:\windows\system32\drivers\lfqeroi.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\Service_eijohl -------\Service_galhw -------\Service_wxlflwh . . ((((((((((((((((((((((((( Files Created from 2011-02-07 to 2011-03-07 ))))))))))))))))))))))))))))))) . . 2011-03-07 22:28 . 2011-03-07 22:28 -------- d-----w- c:\documents and settings\Clown Prince\Application Data\Malwarebytes 2011-03-07 02:10 . 2011-03-07 02:21 -------- d-----w- c:\documents and settings\Back Up 2011-03-07 01:32 . 2011-03-07 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-03-07 01:32 . 2010-12-20 07:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-07 01:32 . 2011-03-07 01:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-07 01:32 . 2010-12-20 07:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-07 01:25 . 2011-03-07 21:06 -------- d-----w- c:\documents and settings\Administrator 2011-02-25 04:18 . 2011-02-25 04:18 -------- d-----w- c:\program files\Common Files\Java 2011-02-15 07:18 . 2011-02-15 07:18 -------- d-----w- c:\documents and settings\Clown Prince\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2011-02-15 07:18 . 2011-02-15 07:18 -------- d-----w- c:\documents and settings\Clown Prince\Application Data\Adobe Mini Bridge CS5 2011-02-15 06:22 . 2011-02-15 06:45 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe 2011-02-15 06:19 . 2011-02-15 06:19 -------- d-----w- c:\program files\Adobe Media Player 2011-02-07 07:32 . 2011-02-07 07:32 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-02 10:40 . 2010-06-07 06:47 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-02 08:19 . 2010-06-07 06:47 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-01-21 14:44 . 2008-04-14 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10 . 2008-04-14 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-28 00:36 . 2009-05-28 07:39 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2010-12-22 12:34 . 2008-04-14 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:08 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:08 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-12-20 23:08 . 2008-04-14 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl 2010-12-20 23:08 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2010-12-20 17:26 . 2008-04-14 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55 . 2008-04-14 12:00 389120 ----a-w- c:\windows\system32\html.iec 2010-12-09 15:15 . 2008-04-14 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 14:30 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2010-12-09 13:42 . 2008-04-14 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 13:07 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-10-13 11:28 . 2010-06-11 15:21 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-12-31 33546240] "Six Engine"="c:\program files\ASUS\EPU\EPU.exe" [2009-01-02 4067840] "nwiz"="nwiz.exe" [2009-04-30 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-10 40048] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152] "D-Link D-Link Wireless G DWA-110"="c:\program files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe" [2008-04-15 1675264] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-23 487424] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"= "c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"= "c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth II\\game.dat"= "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"= "c:\\Program Files\\NAMCO BANDAI Games\\Warhammer Mark of Chaos\\Warhammer.exe"= . R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [12/06/2010 2:21 AM 84072] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [27/11/2009 4:16 PM 88176] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/06/2010 2:21 AM 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [12/06/2010 2:21 AM 271480] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [12/06/2010 2:21 AM 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [12/06/2010 2:21 AM 141792] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [12/06/2010 2:21 AM 55840] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [12/06/2010 2:21 AM 313288] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/06/2010 2:21 AM 88544] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [20/05/2009 2:57 PM 39456] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [20/05/2009 3:01 PM 993280] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [4/11/2009 4:05 PM 25832] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/06/2010 2:21 AM 88544] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [12/06/2010 2:21 AM 84264] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 1:37 PM 517096] . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2011-02-15 c:\windows\Tasks\AdobeAAMUpdater-1.0-STARKINDUSTRIES-Clown Prince.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-02-15 16:44] . 2011-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 01:34] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: %SYSTEMROOT%\system32\nvLsp.dll FF - ProfilePath - c:\documents and settings\Clown Prince\Application Data\Mozilla\Firefox\Profiles\m57rqced.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com.au FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-08 10:01 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-942865864-827501957-470318294-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:4b,5c,bc,a8,a9,f1,06,c2,52,51,2a,3b,8a,da,72,01,98,2f,4b,3a,38,f6,bc, 83,0f,bb,9b,94,65,2f,80,91,f7,aa,14,d3,76,a0,ab,6e,cd,0e,7d,8e,a3,e0,5c,82,\ "??"=hex:49,3c,80,cf,42,bb,09,63,36,08,e3,cd,50,f4,b0,f7 . [HKEY_USERS\S-1-5-21-942865864-827501957-470318294-1005\Software\SecuROM\License information*] "datasecu"=hex:7d,ee,8e,56,f8,10,e7,77,bc,f2,2e,a9,01,6b,f9,bd,04,6d,be,cc,01, a4,16,e5,49,f9,93,6c,12,85,05,d7,8d,7e,9d,d2,21,4c,a8,42,fd,84,56,58,88,8b,\ "rkeysecu"=hex:a6,e9,d0,fb,08,a8,21,98,c0,0f,82,f5,69,1b,87,a8 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters] @DACL=(02 0000) @SACL= "WinSock_Registry_Version"="2.0" "Current_NameSpace_Catalog"="NameSpace_Catalog5" "Current_Protocol_Catalog"="Protocol_Catalog9" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(1404) c:\windows\system32\nvLsp.dll . - - - - - - - > 'explorer.exe'(1732) c:\windows\system32\WININET.dll c:\progra~1\mcafee\SITEAD~1\saHook.dll c:\windows\system32\ieframe.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\McAfee\SystemCore\mcshield.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe c:\windows\system32\rundll32.exe c:\windows\system32\RUNDLL32.EXE . ************************************************************************** . Completion time: 2011-03-08 10:06:09 - machine was rebooted ComboFix-quarantined-files.txt 2011-03-07 23:06 ComboFix2.txt 2011-03-07 22:33 . Pre-Run: 887,373,926,400 bytes free Post-Run: 887,286,829,056 bytes free . - - End Of File - - 913F43D44A995615DA006F2FBE00811B
  5. Okay, I can now run the computer out of safemode (THANKYOU!!!) however a 'SYSINTERNALS SOFTWARE LICENSE TERMS' agreement has shown up when the computer boots, and a windows safemode icon (part of the virus) remains on the desktop. Also a McAfee window continuously popped up for about 10 minutes saying 'Trojan Removed' but I'm not sure if it's a fakealert or not so I didn't click it. Anyway, here is the COMBOFIX report: ComboFix 11-03-07.02 - Administrator 08/03/2011 9:22.1.3 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3327.2921 [GMT 11:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\26375.exe c:\documents and settings\All Users\Application Data\IleLeRrJUXqVhEh.dll c:\windows\system32\LogFiles c:\windows\system32\LogFiles\HTTPERR\httperr1.log c:\windows\system32\twunk_32.exe F:\Autorun.inf . . ((((((((((((((((((((((((( Files Created from 2011-02-07 to 2011-03-07 ))))))))))))))))))))))))))))))) . . 2011-03-07 22:28 . 2011-03-07 22:28 -------- d-----w- c:\documents and settings\Clown Prince\Application Data\Malwarebytes 2011-03-07 02:10 . 2011-03-07 02:21 -------- d-----w- c:\documents and settings\Back Up 2011-03-07 01:32 . 2011-03-07 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-03-07 01:32 . 2010-12-20 07:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-07 01:32 . 2011-03-07 01:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-07 01:32 . 2010-12-20 07:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-07 01:25 . 2011-03-07 21:06 -------- d-----w- c:\documents and settings\Administrator 2011-02-25 04:18 . 2011-02-25 04:18 -------- d-----w- c:\program files\Common Files\Java 2011-02-15 07:18 . 2011-02-15 07:18 -------- d-----w- c:\documents and settings\Clown Prince\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2011-02-15 07:18 . 2011-02-15 07:18 -------- d-----w- c:\documents and settings\Clown Prince\Application Data\Adobe Mini Bridge CS5 2011-02-15 06:22 . 2011-02-15 06:45 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe 2011-02-15 06:19 . 2011-02-15 06:19 -------- d-----w- c:\program files\Adobe Media Player 2011-02-07 07:32 . 2011-02-07 07:32 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-02 10:40 . 2010-06-07 06:47 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-02 08:19 . 2010-06-07 06:47 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-01-21 14:44 . 2008-04-14 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10 . 2008-04-14 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-28 00:36 . 2009-05-28 07:39 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2010-12-22 12:34 . 2008-04-14 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:08 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:08 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-12-20 23:08 . 2008-04-14 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl 2010-12-20 23:08 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2010-12-20 17:26 . 2008-04-14 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55 . 2008-04-14 12:00 389120 ----a-w- c:\windows\system32\html.iec 2010-12-09 15:15 . 2008-04-14 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 14:30 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2010-12-09 13:42 . 2008-04-14 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 13:07 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-10-13 11:28 . 2010-06-11 15:21 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-07-25 288048] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-12-31 33546240] "Six Engine"="c:\program files\ASUS\EPU\EPU.exe" [2009-01-02 4067840] "nwiz"="nwiz.exe" [2009-04-30 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-10 40048] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152] "D-Link D-Link Wireless G DWA-110"="c:\program files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe" [2008-04-15 1675264] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-23 487424] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Taskman"="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"= "c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"= "c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth II\\game.dat"= "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"= "c:\\Program Files\\NAMCO BANDAI Games\\Warhammer Mark of Chaos\\Warhammer.exe"= . R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [12/06/2010 2:21 AM 84072] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [27/11/2009 4:16 PM 88176] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/06/2010 2:21 AM 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [12/06/2010 2:21 AM 271480] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [12/06/2010 2:21 AM 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [12/06/2010 2:21 AM 141792] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [12/06/2010 2:21 AM 55840] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [12/06/2010 2:21 AM 313288] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/06/2010 2:21 AM 88544] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [20/05/2009 2:57 PM 39456] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [20/05/2009 3:01 PM 993280] S0 eijohl;eijohl;c:\windows\system32\drivers\lfqeroi.sys --> c:\windows\system32\drivers\lfqeroi.sys [?] S0 galhw;galhw;c:\windows\system32\drivers\fuwd.sys --> c:\windows\system32\drivers\fuwd.sys [?] S0 wxlflwh;wxlflwh;c:\windows\system32\drivers\jvxmia.sys --> c:\windows\system32\drivers\jvxmia.sys [?] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [4/11/2009 4:05 PM 25832] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/06/2010 2:21 AM 88544] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [12/06/2010 2:21 AM 84264] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 1:37 PM 517096] . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79f32868-4243-11df-b07b-0022b075d41e}] \Shell\AutoRun\command - E:\KICKASS_CLICK_HERE.exe . Contents of the 'Scheduled Tasks' folder . 2011-02-15 c:\windows\Tasks\AdobeAAMUpdater-1.0-STARKINDUSTRIES-Clown Prince.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-02-15 16:44] . 2011-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 01:34] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: %SYSTEMROOT%\system32\nvLsp.dll FF - ProfilePath - c:\documents and settings\Clown Prince\Application Data\Mozilla\Firefox\Profiles\m57rqced.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com.au FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - ORPHANS REMOVED - - - - . HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe HKCU-Run-sjgpswcy - c:\documents and settings\Clown Prince\Local Settings\Application Data\mncbafeol\ctkwvdstssd.exe HKCU-Run-vakwnytn - c:\documents and settings\Clown Prince\Local Settings\Application Data\xycnqxnch\jqfyrqwtssd.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-08 09:27 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-942865864-827501957-470318294-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:4b,5c,bc,a8,a9,f1,06,c2,52,51,2a,3b,8a,da,72,01,98,2f,4b,3a,38,f6,bc, 83,0f,bb,9b,94,65,2f,80,91,f7,aa,14,d3,76,a0,ab,6e,cd,0e,7d,8e,a3,e0,5c,82,\ "??"=hex:49,3c,80,cf,42,bb,09,63,36,08,e3,cd,50,f4,b0,f7 . [HKEY_USERS\S-1-5-21-942865864-827501957-470318294-1005\Software\SecuROM\License information*] "datasecu"=hex:7d,ee,8e,56,f8,10,e7,77,bc,f2,2e,a9,01,6b,f9,bd,04,6d,be,cc,01, a4,16,e5,49,f9,93,6c,12,85,05,d7,8d,7e,9d,d2,21,4c,a8,42,fd,84,56,58,88,8b,\ "rkeysecu"=hex:a6,e9,d0,fb,08,a8,21,98,c0,0f,82,f5,69,1b,87,a8 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters] @DACL=(02 0000) @SACL= "WinSock_Registry_Version"="2.0" "Current_NameSpace_Catalog"="NameSpace_Catalog5" "Current_Protocol_Catalog"="Protocol_Catalog9" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(1400) c:\windows\system32\nvLsp.dll . - - - - - - - > 'explorer.exe'(2080) c:\windows\system32\WININET.dll c:\progra~1\mcafee\SITEAD~1\saHook.dll c:\windows\system32\ieframe.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\McAfee\SystemCore\mcshield.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe c:\windows\system32\rundll32.exe c:\windows\system32\RUNDLL32.EXE c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe c:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe c:\progra~1\mcafee\VIRUSS~1\mcvsmap.exe c:\program files\Common Files\Teleca Shared\Generic.exe c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe . ************************************************************************** . Completion time: 2011-03-08 09:33:29 - machine was rebooted ComboFix-quarantined-files.txt 2011-03-07 22:33 . Pre-Run: 884,376,174,592 bytes free Post-Run: 887,381,766,144 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer . - - End Of File - - 1A77AEF9364DB6B9CEE4DC75EC1D98B0
  6. Hi again, sorry but I can't find any of the processes you listed on task manager. Will these processes only appear when I am not operating in safe mode? Unfortunately I can't open the task manager unless I'm operating as Administrator in safe mode.
  7. Here is the log from RogueKiller, thanks for the quick reply! RogueKiller V4.2.0 by Tigzy contact at http://www.sur-la-toile.com mail: tigzyRK<at>gmail<dot>com Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Safe mode with network support User: Administrator [Admin rights] Mode: Scan -- Date : 03/08/2011 08:47:38 Bad processes: 0 Registry Entries: 0 HOSTS File: 127.0.0.1 localhost 127.0.0.1 activate.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com ::1 localhost Finished : << RKreport[1].txt >> RKreport[1].txt
  8. Hi to the Mods and thanks in advance for any asssitance. Yesterday my computer recieved a nasty little virus that has utterly crippled it. It will now only run in safe mode (admin) and I can only access the task manager. The start menu, toolbar, and desktop icons are not visible when I load the computer. I have performed several quick scans and one full scan with malwarebytes and every time it detects 5-11 mlaware related files to delete. I am currently running McAfee anti-virus but its quick/full scans don't detect any viruses. Here are my logs: . DDS (Ver_11-03-05.01) - NTFSx86 NETWORK Run by Administrator at 8:07:50.56 on Tue 08/03/2011 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_24 Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3327.2973 [GMT 11:00] . AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Documents and Settings\Administrator\My Documents\Downloads\Defogger.exe C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr . ============== Pseudo HJT Report =============== . uInternet Connection Wizard,ShellNext = hxxp://download.mcafee.com/products/webhelp/4/3081/?appid=MPF&applist=MSC,VSO,mpf,MSAD,MSK,MPS,mnm,nmc&topic=D7F02C76-391C-4B32-B54D-512395085D90#GUID-D7F02C76-391C-4B32-B54D-512395085D90.html BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101027193254.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll uRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1 mRun: [six Engine] "c:\program files\asus\epu\EPU.exe" -r mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe mRun: [D-Link D-Link Wireless G DWA-110] c:\program files\d-link\d-link wireless g dwa-110\AirGCFG.exe mRun: [sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL LSP: %SYSTEMROOT%\system32\nvLsp.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\c34bv7hf.default\ FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-6-12 386840] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-6-12 84072] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-6-12 271480] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-6-12 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-6-12 141792] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-6-12 313288] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-6-12 88544] S0 eijohl;eijohl;c:\windows\system32\drivers\lfqeroi.sys --> c:\windows\system32\drivers\lfqeroi.sys [?] S0 galhw;galhw;c:\windows\system32\drivers\fuwd.sys --> c:\windows\system32\drivers\fuwd.sys [?] S0 wxlflwh;wxlflwh;c:\windows\system32\drivers\jvxmia.sys --> c:\windows\system32\drivers\jvxmia.sys [?] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-11-27 88176] S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-6-12 271480] S2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-6-12 271480] S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-6-12 171168] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-6-12 55840] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-11-4 25832] S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-6-12 152960] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-6-12 52104] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-6-12 88544] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-6-12 84264] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2009-5-20 39456] S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-5-20 993280] . =============== Created Last 30 ================ . 2011-03-07 21:00:51 672256 ----a-w- c:\docume~1\alluse~1\applic~1\26375.exe 2011-03-07 20:57:18 -------- d-----w- c:\docume~1\admini~1\applic~1\Sony Ericsson 2011-03-07 02:16:57 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Adobe 2011-03-07 01:32:49 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes 2011-03-07 01:32:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-07 01:32:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-03-07 01:32:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-07 01:32:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-07 01:26:33 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Mozilla 2011-03-06 23:31:28 696320 ----a-w- c:\docume~1\alluse~1\applic~1\IleLeRrJUXqVhEh.dll 2011-02-15 06:22:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe 2011-02-07 07:32:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\ALM . ==================== Find3M ==================== . 2011-02-02 10:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-02 08:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-28 00:36:26 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:08:45 832512 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:08:45 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-12-20 23:08:45 1830912 ----a-w- c:\windows\system32\inetcpl.cpl 2010-12-20 23:08:45 17408 ----a-w- c:\windows\system32\corpol.dll 2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55:25 389120 ----a-w- c:\windows\system32\html.iec 2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll 2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe . ============= FINISH: 8:08:19.45 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-03-05.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 28/05/2009 2:36:05 PM System Uptime: 8/03/2011 8:00:25 AM (0 hours ago) . Motherboard: ASUSTeK Computer INC. | | M4N78 PRO Processor: AMD Phenom II X3 720 Processor | AM2/AM3 | 2799/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 932 GiB total, 823.732 GiB free. D: is CDROM (UDF) F: is FIXED (NTFS) - 233 GiB total, 211.758 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP285: 9/12/2010 3:12:54 PM - System Checkpoint RP286: 13/12/2010 11:49:20 AM - System Checkpoint RP287: 15/12/2010 2:58:49 PM - System Checkpoint RP288: 25/12/2010 12:27:42 PM - Software Distribution Service 3.0 RP289: 6/01/2011 12:59:34 PM - System Checkpoint RP290: 31/01/2011 12:25:04 PM - System Checkpoint RP291: 1/02/2011 9:57:11 AM - Software Distribution Service 3.0 RP292: 3/02/2011 3:30:05 PM - System Checkpoint RP293: 6/02/2011 11:24:14 AM - System Checkpoint RP294: 9/02/2011 5:58:02 PM - System Checkpoint RP295: 10/02/2011 6:43:07 PM - System Checkpoint RP296: 11/02/2011 12:39:47 AM - Software Distribution Service 3.0 RP297: 15/02/2011 1:13:14 PM - System Checkpoint RP298: 18/02/2011 10:29:44 AM - System Checkpoint RP299: 22/02/2011 12:11:03 PM - System Checkpoint RP300: 24/02/2011 5:13:56 PM - System Checkpoint RP301: 25/02/2011 3:17:55 PM - Installed Java 6 Update 24 RP302: 27/02/2011 12:30:11 PM - System Checkpoint RP303: 2/03/2011 4:24:35 PM - System Checkpoint RP304: 5/03/2011 1:26:54 PM - System Checkpoint . ==== Installed Programs ====================== . Adobe AIR Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Community Help Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Fonts All Adobe Help Viewer CS3 Adobe Illustrator CS3 Adobe Linguistics CS3 Adobe Media Player Adobe PDF Library Files Adobe Photoshop CS3 Adobe Photoshop CS5 Adobe Reader 8.1.0 Adobe Setup Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 AMD Processor Driver ANIO Service ANIWZCS2 Service Apple Application Support Apple Software Update BigPond Broadband Cable Caesar IV Command & Conquer The First Decade Command & Conquer
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.