Jump to content

insky

Honorary Members
  • Posts

    22
  • Joined

  • Last visited

Reputation

0 Neutral
  1. http://www1.pcpitstop.com/betapit/sec.asp?conid=24474723&report=Summary
  2. I have been free of redirects & other interruptions for the last couple of weeks. I can't thank you enough for your help. Your directions have been thorough, clear, easy to follow & effective. Again, very impressive & many, many thanks. My machine is a bit slow & I did a registry scan which revealed some 1300 errors. I kept the log listing the errors & defining them. Is there a way to delete the errors listed in this log & clean up my registry? This is an example from the first page of the scan: Total problems found: 1343 ________________________________________ System related errors Errors affecting all users on this computer. ________________________________________ Scan subsection: Application paths Entries found: 0 Entries: ________________________________________ Scan subsection: System software settings Entries found: 0 Entries: ________________________________________ Scan subsection: ActiveX, OLE, COM sections Entries found: 881 Entries: Entry: HKEY_CLASSES_ROOT\Interface\{4ACDA08F-21CF-45AE-A5D5-75CB63D3C4EE}\ProxyStubClsid32 Value name: Value: {C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6} Reason: The default value in HKEY_CLASSES_ROOT/Interface/{4ACDA08F-21CF-45AE-A5D5-75CB63D3C4EE}/ProxyStubClsid32 points to a missing reference {C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6} ________________________________________ Entry: HKEY_CLASSES_ROOT\Interface\{6B353825-C58B-4F03-AEC4-8DE179122661}\ProxyStubClsid32 Value name: Value: {C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6} Reason: The default value in HKEY_CLASSES_ROOT/Interface/{6B353825-C58B-4F03-AEC4-8DE179122661}/ProxyStubClsid32 points to a missing reference {C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6} ________________________________________ Entry: HKEY_CLASSES_ROOT\Interface\{DF44CD5D-9AE9-4935-980A-E8ADD2246D41}\ProxyStubClsid32 Value name: Value: {C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6} Reason: The default value in HKEY_CLASSES_ROOT/Interface/{DF44CD5D-9AE9-4935-980A-E8ADD2246D41}/ProxyStubClsid32 points to a missing reference {C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6} ________________________________________ Entry: HKEY_CLASSES_ROOT\Interface\{04BA120E-AD52-4A2D-9807-2DA178D0C3E1}\ProxyStubClsid32 Value name: Value: {C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6} Reason: The default value in HKEY_CLASSES_ROOT/Interface/{04BA120E-AD52-4A2D-9807-2DA178D0C3E1}/ProxyStubClsid32 points to a missing reference {C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6} ________________________________________ Entry: HKEY_CLASSES_ROOT\Interface\{914AA662-1B3B-47FC-B9D3-634DD16AC179}\ProxyStubClsid32 Value name: Value: {C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6} Reason: The default value in HKEY_CLASSES_ROOT/Interface/{914AA662-1B3B-47FC-B9D3-634DD16AC179}/ProxyStubClsid32 points to a missing reference {C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6} ________________________________________ Entry: HKEY_CLASSES_ROOT\Interface\{DE96689E-4499-4B78-AEB8-6D3717564BC3}\ProxyStubClsid32 Value name: Value: {C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6} Reason: The default value in HKEY_CLASSES_ROOT/Interface/{DE96689E-4499-4B78-AEB8-6D3717564BC3}/ProxyStubClsid32 points to a missing reference {C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6} ________________________________________ Entry: HKEY_CLASSES_ROOT\Interface\{BFBFB953-644F-4792-B69C-DFACA4CBF89A}\ProxyStubClsid32 Value name: Value: {C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6} Reason: The default value in HKEY_CLASSES_ROOT/Interface/{BFBFB953-644F-4792-B69C-DFACA4CBF89A}/ProxyStubClsid32 points to a missing reference {C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6} ________________________________________
  3. ESET removed the following: C:\Documents and Settings\dw\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00090c HTML/Iframe.B.Gen virus deleted - quarantined C:\Documents and Settings\dw\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000910 JS/Kryptik.AX.Gen trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP180\A0039507.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined I couldn't find the log file for the entire 3.37 hr scan. I couldn't find Limewire in Contro Panel add/remove programs, but I did find it in the registry with regedit & removed it. Results of screen317's Security Check version 0.99.16 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! McAfee Security Scan Plus McAfee Virtual Technician McAfee SecurityCenter McAfee Online Backup McAfee Anti-Theft McAfee Online Backup ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 24 Java 2 Runtime Environment, SE v1.4.2_03 Out of date Java installed! Adobe Flash Player Adobe Reader X (10.1.0) ```````````````````````````````` Process Check: objlist.exe by Laurent McAfee Online Backup MOBKbackup.exe ``````````End of Log````````````
  4. combofix log is too long so I attached it combo-fix 6-27-11.zip
  5. Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 4/5/2005 7:28:27 PM System Uptime: 6/22/2011 10:00:54 PM (1 hours ago) . Motherboard: Dell Inc. | | 0M3918 Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 146 GiB total, 49.311 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP138: 4/13/2011 9:24:28 AM - System Checkpoint RP139: 4/13/2011 9:25:05 AM - Darn-Computer! RP140: 4/14/2011 1:16:19 PM - Software Distribution Service 3.0 RP141: 4/15/2011 5:44:54 PM - Installed Java 6 Update 24 RP142: 4/15/2011 9:22:08 PM - Installed Windows Internet Explorer 8. RP143: 4/15/2011 9:26:39 PM - Software Distribution Service 3.0 RP144: 4/16/2011 2:27:59 PM - Software Distribution Service 3.0 RP145: 4/16/2011 10:11:36 PM - Software Distribution Service 3.0 RP146: 4/17/2011 10:40:15 AM - Software Distribution Service 3.0 RP147: 4/17/2011 3:50:46 PM - Removed Intel® PRO Network Connections RP148: 4/17/2011 3:58:04 PM - Installed Intel® Network Connections. RP149: 4/18/2011 8:35:16 AM - Software Distribution Service 3.0 RP150: 4/19/2011 10:11:21 AM - System Checkpoint RP151: 4/19/2011 1:06:01 PM - Removed RemoteCapture 2.7.0 RP152: 4/19/2011 1:09:03 PM - Removed LogMeIn RP153: 4/20/2011 3:40:28 PM - Installed Rapport RP154: 4/20/2011 7:32:47 PM - Software Distribution Service 3.0 RP155: 4/24/2011 7:38:59 PM - System Checkpoint RP156: 4/26/2011 1:26:44 PM - Removed Adobe Reader 9.4.4. RP157: 4/26/2011 1:27:41 PM - Installed Adobe Reader X (10.0.1). RP158: 4/27/2011 8:47:59 AM - Software Distribution Service 3.0 RP159: 4/29/2011 3:12:24 PM - System Checkpoint RP160: 4/30/2011 7:27:29 PM - System Checkpoint RP161: 5/2/2011 2:28:54 PM - Removed Windows Defender RP162: 5/4/2011 7:07:04 PM - System Checkpoint RP163: 5/5/2011 7:35:51 PM - System Checkpoint RP164: 5/8/2011 2:53:41 PM - System Checkpoint RP165: 5/9/2011 3:46:56 PM - Installed Rapport RP166: 5/10/2011 4:27:25 PM - System Checkpoint RP167: 5/11/2011 9:08:11 AM - Software Distribution Service 3.0 RP168: 5/12/2011 9:45:52 AM - System Checkpoint RP169: 5/13/2011 5:08:10 PM - System Checkpoint RP170: 5/14/2011 5:33:29 PM - System Checkpoint RP171: 5/15/2011 6:29:54 PM - System Checkpoint RP172: 5/16/2011 7:00:23 PM - System Checkpoint RP173: 5/18/2011 1:43:18 PM - System Checkpoint RP174: 5/19/2011 1:51:53 PM - System Checkpoint RP175: 5/20/2011 1:55:29 PM - System Checkpoint RP176: 5/22/2011 9:12:42 PM - System Checkpoint RP177: 5/23/2011 9:29:55 PM - System Checkpoint RP178: 5/24/2011 9:48:19 AM - Installed WeatherBug RP179: 5/24/2011 9:56:59 AM - Removed RingtoneJunkiez Desktop RP180: 5/24/2011 10:15:23 AM - Removed WeatherBug RP181: 5/24/2011 2:46:21 PM - Installed HiJackThis RP182: 5/25/2011 6:55:46 PM - System Checkpoint RP183: 5/27/2011 7:31:28 AM - System Checkpoint RP184: 5/28/2011 9:38:09 AM - System Checkpoint RP185: 5/29/2011 11:11:38 AM - System Checkpoint RP186: 5/30/2011 6:44:58 PM - System Checkpoint RP187: 5/31/2011 8:10:50 PM - System Checkpoint RP188: 6/2/2011 7:43:35 AM - System Checkpoint RP189: 6/3/2011 7:59:26 AM - System Checkpoint RP190: 6/5/2011 4:01:52 PM - Installed Windows Internet Explorer 8. RP191: 6/5/2011 4:03:14 PM - Software Distribution Service 3.0 RP192: 6/5/2011 6:53:49 PM - Installed TurboTax 2010 wrapper RP193: 6/5/2011 10:11:32 PM - Software Distribution Service 3.0 RP194: 6/7/2011 7:32:20 AM - System Checkpoint RP195: 6/7/2011 7:21:43 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03 RP196: 6/7/2011 7:23:23 PM - Removed Java 6 Update 20 RP197: 6/7/2011 7:31:59 PM - Installed Java 6 Update 26 RP198: 6/8/2011 6:22:43 AM - Software Distribution Service 3.0 RP199: 6/8/2011 1:10:48 PM - Restore Operation RP200: 6/8/2011 1:40:13 PM - Software Distribution Service 3.0 RP201: 6/8/2011 7:04:33 PM - Software Distribution Service 3.0 RP202: 6/10/2011 1:03:21 PM - System Checkpoint RP203: 6/11/2011 1:55:11 PM - System Checkpoint RP204: 6/12/2011 2:41:49 PM - System Checkpoint RP205: 6/13/2011 2:42:03 PM - System Checkpoint RP206: 6/14/2011 8:23:56 PM - System Checkpoint RP207: 6/16/2011 11:07:08 AM - System Checkpoint RP208: 6/16/2011 12:01:55 PM - Software Distribution Service 3.0 RP209: 6/17/2011 12:17:24 PM - System Checkpoint RP210: 6/19/2011 3:49:47 PM - System Checkpoint RP211: 6/20/2011 4:13:08 PM - System Checkpoint RP212: 6/21/2011 3:29:09 PM - Removed HiJackThis . ==== Installed Programs ====================== . Acrobat.com Adobe Acrobat 4.0 Adobe AIR Adobe Atmosphere Player for Acrobat and Adobe Reader Adobe Download Manager Adobe Flash Player 10 ActiveX Adobe Reader X (10.1.0) Adobe SVG Viewer 3.0 Adobe® Photoshop® Album Starter Edition 3.0.1 AnswerWorks 5.0 English Runtime Apple Application Support Apple Mobile Device Support Apple Software Update Auslogics Disk Defrag Bonjour BufferChm Byki Byki Standard Camera Access Library Camera Support Core Library Camera Window DS Camera Window DVC Camera Window MC Canon Camera Access Library Canon Camera Support Core Library Canon Camera WIA Driver Canon Camera WIA Driver 6.0 Canon Camera Window DC_DV 5 for ZoomBrowser EX Canon Camera Window DC_DV 6 for ZoomBrowser EX Canon Camera Window DSLR 5 for ZoomBrowser EX Canon Camera Window MC 6 for ZoomBrowser EX Canon MovieEdit Task for ZoomBrowser EX Canon PhotoRecord Canon RAW Image Task for ZoomBrowser EX Canon Utilities File Viewer Utility 1.2 Canon Utilities PhotoStitch 3.1 Canon Utilities RemoteCapture 2.7 Canon ZoomBrowser EX (E) Compatibility Pack for the 2007 Office system CorePLS_Full_QFolder CorePLS_Min_QFolder CP_AtenaShokunin1Config CP_CalendarTemplates1 cp_OnlineProjectsConfig CP_Package_Basic1 CP_Panorama1Config cp_PosterPrintConfig Crash Analysis Tool Critical Update for Windows Media Player 11 (KB959772) CueTour CustomerResearchQFolder Dell Digital Jukebox Driver Dell Driver Reset Tool Dell Support Dell Support 3.2.1 Dell Support Center (Support Software) Dell System Restore DellSupport Design Manager Destinations DeviceManagementQFolder Digital Line Detect eSupportQFolder ffdshow [rev 2527] [2008-12-19] File Viewer Utility 1.2 FileHippo.com Update Checker FullDPAppQFolder Gimp 2.6.2 Debug Google Earth Google Update Helper GoToMeeting 4.5.0.457 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Color LaserJet 2605 Series 1.0 HP Extended Capabilities 6.0 HP Imaging Device Functions 6.0 HP Photosmart Premier Software 6.0 HP Product Assistant HP Solution Center and Imaging Support Tools 6.0 HP Update hppCLJ2605 hppFonts hppIOFiles hppManuals2605 HPProductAssistant hppTLBXFX2605 hppusg2605 hppWebRegMM hpzTLBXFX InstantShareDevices Intel® 537EP V9x DF PCI Modem Intel® Graphics Media Accelerator Driver Intel® Network Connections 14.0.40.0 Internet Explorer Default Page J2SE Runtime Environment 5.0 Update 9 Jasc Paint Shop Pro Studio, Dell Editon Java 2 Runtime Environment, SE v1.4.2_03 Java Auto Updater Java 6 Update 24 Macromedia Shockwave Player Malwarebytes' Anti-Malware version 1.51.0.1200 MarketResearch McAfee Anti-Theft McAfee Online Backup McAfee Security Scan Plus McAfee SecurityCenter McAfee Virtual Technician Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Calculator Plus Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft National Language Support Downlevel APIs Microsoft Office Basic Edition 2003 Microsoft Plus! Digital Media Edition Installer Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft XML Parser MovieEdit Task MSN MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser (KB925673) MSXML4 Parser My Way Search Assistant Nero 8 Essentials neroxml Netflix Movie Viewer Octoshape add-in for Adobe Flash Player PhotoGallery PhotoStitch PowerDVD Product_SF_Full_QFolder Product_SF_Min_QFolder RandMap Rapport RAW Image Task 2.2 ReaJPEG Pro 3.9 RemoteCapture 2.7.0 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2183461) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360131) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2416400) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2482017) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2497640) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974455) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB976325) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982381) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) SkinsHP1 SolutionCenter Sonic_PrimoSDK System Requirements Lab for Intel TBS WMP Plug-in Transparent Language System TurboTax 2008 TurboTax 2008 WinPerFedFormset TurboTax 2008 WinPerProgramHelp TurboTax 2008 WinPerReleaseEngine TurboTax 2008 WinPerTaxSupport TurboTax 2008 WinPerUserEducation TurboTax 2008 wnmiper TurboTax 2008 wrapper TurboTax 2009 TurboTax 2009 WinPerFedFormset TurboTax 2009 WinPerReleaseEngine TurboTax 2009 WinPerTaxSupport TurboTax 2009 wnmiper TurboTax 2009 wrapper TurboTax 2010 TurboTax 2010 WinPerFedFormset TurboTax 2010 WinPerReleaseEngine TurboTax 2010 WinPerTaxSupport TurboTax 2010 wrapper Unload Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB2447568) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update for Windows XP (KB976749) Update for Windows XP (KB978207) Update for Windows XP (KB980182) User Profile Hive Cleanup Service VCRedistSetup Vivitar Experience Image Manager WebFldrs XP WebReg Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 11 Windows Media Player Firefox Plugin Windows Presentation Foundation Windows XP Service Pack 3 Wireless Wizard ver 3.8 Release Candidate 1 XML Paper Specification Shared Components Pack 1.0 Yahoo! Software Update Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 6/21/2011 3:29:15 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found. 6/20/2011 11:15:54 AM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 001111E9BA91 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 6/19/2011 2:18:01 PM, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified. 6/19/2011 2:10:10 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service NMIndexingService with arguments "" in order to run the server: {E8933C4B-2C90-4A04-A677-E958D9509F1A} 6/19/2011 2:08:20 PM, error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration. 6/16/2011 10:40:22 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL . ==== End Of File ===========================
  6. When I read it I would not have know what it was & I don't know how to identify evidence of P2P, nor do I know what Keygens, Limewire, Keygens are. My son used this computer before he got his own. Can you indicate the bad stuff & help me get rid of it?
  7. 2011/06/15 14:37:48.0234 0640 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48 2011/06/15 14:37:50.0187 0640 ================================================================================ 2011/06/15 14:37:50.0187 0640 SystemInfo: 2011/06/15 14:37:50.0187 0640 2011/06/15 14:37:50.0187 0640 OS Version: 5.1.2600 ServicePack: 3.0 2011/06/15 14:37:50.0187 0640 Product type: Workstation 2011/06/15 14:37:50.0187 0640 ComputerName: OVERINSKY 2011/06/15 14:37:50.0187 0640 UserName: dw 2011/06/15 14:37:50.0187 0640 Windows directory: C:\WINDOWS 2011/06/15 14:37:50.0187 0640 System windows directory: C:\WINDOWS 2011/06/15 14:37:50.0187 0640 Processor architecture: Intel x86 2011/06/15 14:37:50.0187 0640 Number of processors: 1 2011/06/15 14:37:50.0187 0640 Page size: 0x1000 2011/06/15 14:37:50.0187 0640 Boot type: Normal boot 2011/06/15 14:37:50.0187 0640 ================================================================================ 2011/06/15 14:37:52.0187 0640 Initialize success 2011/06/15 14:38:05.0343 2816 ================================================================================ 2011/06/15 14:38:05.0343 2816 Scan started 2011/06/15 14:38:05.0343 2816 Mode: Manual; 2011/06/15 14:38:05.0343 2816 ================================================================================ 2011/06/15 14:38:06.0078 2816 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2011/06/15 14:38:06.0156 2816 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/06/15 14:38:06.0218 2816 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/06/15 14:38:06.0281 2816 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2011/06/15 14:38:06.0328 2816 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys 2011/06/15 14:38:06.0375 2816 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/06/15 14:38:06.0453 2816 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys 2011/06/15 14:38:06.0500 2816 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/06/15 14:38:06.0546 2816 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2011/06/15 14:38:06.0593 2816 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2011/06/15 14:38:06.0625 2816 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2011/06/15 14:38:06.0703 2816 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2011/06/15 14:38:06.0796 2816 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/06/15 14:38:06.0859 2816 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2011/06/15 14:38:06.0921 2816 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2011/06/15 14:38:06.0984 2816 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2011/06/15 14:38:07.0078 2816 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2011/06/15 14:38:07.0140 2816 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2011/06/15 14:38:07.0203 2816 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2011/06/15 14:38:07.0312 2816 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/06/15 14:38:07.0375 2816 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/06/15 14:38:07.0484 2816 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/06/15 14:38:07.0546 2816 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/06/15 14:38:07.0625 2816 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/06/15 14:38:07.0734 2816 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS 2011/06/15 14:38:08.0000 2816 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2011/06/15 14:38:08.0062 2816 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/06/15 14:38:08.0187 2816 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/06/15 14:38:08.0265 2816 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2011/06/15 14:38:08.0343 2816 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/06/15 14:38:08.0375 2816 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/06/15 14:38:08.0437 2816 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys 2011/06/15 14:38:08.0500 2816 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys 2011/06/15 14:38:08.0562 2816 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/06/15 14:38:08.0625 2816 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys 2011/06/15 14:38:08.0765 2816 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2011/06/15 14:38:08.0875 2816 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2011/06/15 14:38:08.0968 2816 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys 2011/06/15 14:38:09.0046 2816 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2011/06/15 14:38:09.0109 2816 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2011/06/15 14:38:09.0187 2816 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/06/15 14:38:09.0281 2816 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/06/15 14:38:09.0375 2816 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/06/15 14:38:09.0453 2816 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/06/15 14:38:09.0515 2816 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/06/15 14:38:09.0578 2816 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys 2011/06/15 14:38:09.0625 2816 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys 2011/06/15 14:38:09.0718 2816 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys 2011/06/15 14:38:09.0906 2816 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2011/06/15 14:38:10.0015 2816 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/06/15 14:38:10.0171 2816 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys 2011/06/15 14:38:10.0250 2816 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 2011/06/15 14:38:10.0328 2816 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/06/15 14:38:10.0421 2816 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/06/15 14:38:10.0500 2816 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/06/15 14:38:10.0562 2816 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/06/15 14:38:10.0640 2816 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/06/15 14:38:10.0703 2816 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/06/15 14:38:10.0765 2816 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/06/15 14:38:10.0843 2816 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/06/15 14:38:10.0937 2816 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 2011/06/15 14:38:11.0015 2816 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/06/15 14:38:11.0125 2816 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/06/15 14:38:11.0203 2816 HPFXBULK (e4e0b356a8756066cf89080d9da69f22) C:\WINDOWS\system32\drivers\hpfxbulk.sys 2011/06/15 14:38:11.0281 2816 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2011/06/15 14:38:11.0359 2816 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/06/15 14:38:11.0421 2816 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/06/15 14:38:11.0484 2816 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2011/06/15 14:38:11.0531 2816 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/06/15 14:38:11.0625 2816 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 2011/06/15 14:38:11.0812 2816 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/06/15 14:38:11.0906 2816 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2011/06/15 14:38:12.0031 2816 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys 2011/06/15 14:38:12.0156 2816 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys 2011/06/15 14:38:12.0218 2816 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys 2011/06/15 14:38:12.0265 2816 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/06/15 14:38:12.0312 2816 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/06/15 14:38:12.0375 2816 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/06/15 14:38:12.0437 2816 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/06/15 14:38:12.0484 2816 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/06/15 14:38:12.0562 2816 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/06/15 14:38:12.0609 2816 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/06/15 14:38:12.0656 2816 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/06/15 14:38:12.0718 2816 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/06/15 14:38:12.0875 2816 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/06/15 14:38:12.0921 2816 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/06/15 14:38:13.0000 2816 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/06/15 14:38:13.0078 2816 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/06/15 14:38:13.0281 2816 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys 2011/06/15 14:38:13.0375 2816 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 2011/06/15 14:38:13.0500 2816 McPvDrv (d1c7dce92a59663bea52244d165b215e) C:\WINDOWS\system32\drivers\McPvDrv.sys 2011/06/15 14:38:13.0593 2816 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\WINDOWS\system32\drivers\mfeapfk.sys 2011/06/15 14:38:13.0656 2816 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys 2011/06/15 14:38:13.0765 2816 mfebopk (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys 2011/06/15 14:38:13.0843 2816 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys 2011/06/15 14:38:13.0968 2816 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\WINDOWS\system32\drivers\mfehidk.sys 2011/06/15 14:38:14.0015 2816 mfendisk (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys 2011/06/15 14:38:14.0046 2816 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys 2011/06/15 14:38:14.0109 2816 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys 2011/06/15 14:38:14.0171 2816 mfetdi2k (25e12c68b49a64ffc873603dfd578236) C:\WINDOWS\system32\drivers\mfetdi2k.sys 2011/06/15 14:38:14.0234 2816 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/06/15 14:38:14.0343 2816 MOBKFilter (e896775837a8bce436348df460522394) C:\WINDOWS\system32\DRIVERS\MOBK.sys 2011/06/15 14:38:14.0421 2816 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/06/15 14:38:14.0484 2816 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 2011/06/15 14:38:14.0562 2816 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys 2011/06/15 14:38:14.0609 2816 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/06/15 14:38:14.0687 2816 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/06/15 14:38:14.0750 2816 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/06/15 14:38:14.0859 2816 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/06/15 14:38:14.0953 2816 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/06/15 14:38:15.0031 2816 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/06/15 14:38:15.0125 2816 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/06/15 14:38:15.0187 2816 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/06/15 14:38:15.0250 2816 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/06/15 14:38:15.0312 2816 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/06/15 14:38:15.0375 2816 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/06/15 14:38:15.0453 2816 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/06/15 14:38:15.0515 2816 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/06/15 14:38:15.0593 2816 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/06/15 14:38:15.0671 2816 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/06/15 14:38:15.0703 2816 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/06/15 14:38:15.0796 2816 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/06/15 14:38:15.0859 2816 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/06/15 14:38:15.0968 2816 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/06/15 14:38:16.0046 2816 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/06/15 14:38:16.0109 2816 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/06/15 14:38:16.0234 2816 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys 2011/06/15 14:38:16.0296 2816 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/06/15 14:38:16.0359 2816 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/06/15 14:38:16.0421 2816 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/06/15 14:38:16.0546 2816 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/06/15 14:38:16.0656 2816 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/06/15 14:38:16.0734 2816 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/06/15 14:38:16.0812 2816 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 2011/06/15 14:38:16.0875 2816 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 2011/06/15 14:38:16.0953 2816 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 2011/06/15 14:38:17.0078 2816 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys 2011/06/15 14:38:17.0140 2816 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/06/15 14:38:17.0187 2816 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/06/15 14:38:17.0234 2816 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/06/15 14:38:17.0281 2816 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/06/15 14:38:17.0390 2816 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/06/15 14:38:17.0453 2816 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/06/15 14:38:17.0671 2816 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2011/06/15 14:38:17.0718 2816 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2011/06/15 14:38:17.0859 2816 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/06/15 14:38:17.0906 2816 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/06/15 14:38:17.0968 2816 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/06/15 14:38:18.0031 2816 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/06/15 14:38:18.0093 2816 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2011/06/15 14:38:18.0140 2816 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2011/06/15 14:38:18.0203 2816 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2011/06/15 14:38:18.0250 2816 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2011/06/15 14:38:18.0296 2816 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2011/06/15 14:38:18.0437 2816 RapportCerberus_26762 (7bf4f7e3ff7067b80b7d3d1e031bcb0e) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys 2011/06/15 14:38:18.0531 2816 RapportEI (1602ff4aec5c2246ac387e49e474dd7b) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys 2011/06/15 14:38:18.0593 2816 RapportKELL (12031844f5ad4126eab4c410623f7789) C:\WINDOWS\system32\Drivers\RapportKELL.sys 2011/06/15 14:38:18.0625 2816 RapportPG (1c303f85986c3dfcb01cc67f185c32e5) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys 2011/06/15 14:38:18.0687 2816 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/06/15 14:38:18.0796 2816 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/06/15 14:38:18.0859 2816 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/06/15 14:38:18.0921 2816 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/06/15 14:38:18.0984 2816 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/06/15 14:38:19.0031 2816 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/06/15 14:38:19.0125 2816 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/06/15 14:38:19.0203 2816 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/06/15 14:38:19.0281 2816 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/06/15 14:38:19.0578 2816 SDDMI2 (8edd7b9e4a4b4c16e2dab9188caa861b) C:\WINDOWS\system32\DDMI2.sys 2011/06/15 14:38:19.0656 2816 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/06/15 14:38:19.0734 2816 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/06/15 14:38:19.0828 2816 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/06/15 14:38:19.0906 2816 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/06/15 14:38:20.0031 2816 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2011/06/15 14:38:20.0093 2816 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/06/15 14:38:20.0218 2816 smwdm (4aa922332433cdeb8b82c072c212e32e) C:\WINDOWS\system32\drivers\smwdm.sys 2011/06/15 14:38:20.0312 2816 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2011/06/15 14:38:20.0343 2816 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/06/15 14:38:20.0421 2816 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/06/15 14:38:20.0515 2816 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/06/15 14:38:20.0593 2816 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/06/15 14:38:20.0671 2816 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/06/15 14:38:20.0718 2816 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/06/15 14:38:20.0812 2816 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2011/06/15 14:38:20.0859 2816 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/06/15 14:38:20.0906 2816 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2011/06/15 14:38:20.0968 2816 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2011/06/15 14:38:21.0031 2816 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/06/15 14:38:21.0125 2816 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/06/15 14:38:21.0218 2816 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys 2011/06/15 14:38:21.0281 2816 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/06/15 14:38:21.0359 2816 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/06/15 14:38:21.0421 2816 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/06/15 14:38:21.0703 2816 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2011/06/15 14:38:21.0968 2816 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys 2011/06/15 14:38:22.0109 2816 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/06/15 14:38:22.0187 2816 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2011/06/15 14:38:22.0343 2816 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/06/15 14:38:22.0593 2816 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/06/15 14:38:22.0781 2816 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/06/15 14:38:22.0921 2816 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/06/15 14:38:23.0078 2816 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/06/15 14:38:23.0234 2816 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/06/15 14:38:23.0390 2816 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/06/15 14:38:23.0515 2816 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/06/15 14:38:23.0593 2816 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/06/15 14:38:23.0718 2816 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sy@ 2011/06/15 14:38:23.0843 2816 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/06/15 14:38:24.0000 2816 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/06/15 14:38:24.0328 2816 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/06/15 14:38:24.0609 2816 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2011/06/15 14:38:24.0828 2816 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/06/15 14:38:25.0625 2816 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys 2011/06/15 14:38:25.0671 2816 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2011/06/15 14:38:25.0734 2816 WscNetDr (2b45412df680a1896dd1f3948a350ecc) C:\WINDOWS\system32\DRIVERS\WscNetDr.sys 2011/06/15 14:38:25.0765 2816 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/06/15 14:38:25.0828 2816 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/06/15 14:38:25.0843 2816 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/06/15 14:38:25.0968 2816 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 2011/06/15 14:38:26.0078 2816 ================================================================================ 2011/06/15 14:38:26.0078 2816 Scan finished 2011/06/15 14:38:26.0078 2816 ================================================================================ 2011/06/15 14:38:26.0093 3596 Detected object count: 0 2011/06/15 14:38:26.0093 3596 Actual detected object count: 0
  8. ComboFix 11-06-15.02 - dw 06/15/2011 14:08:36.4.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.696 [GMT -6:00] Running from: c:\documents and settings\dw\Desktop\ComboFixa.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . . ((((((((((((((((((((((((( Files Created from 2011-05-15 to 2011-06-15 ))))))))))))))))))))))))))))))) . . 2011-06-08 19:18 . 2011-06-08 19:18 -------- d-----w- c:\windows\system32\wbem\Repository 2011-06-08 19:15 . 2011-06-08 19:15 -------- d-----w- c:\program files\ESET 2011-06-08 19:15 . 2011-06-08 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2011-06-08 19:13 . 2011-06-08 19:13 -------- d-----w- c:\program files\Common Files\Adobe AIR 2011-06-08 19:11 . 2011-06-08 19:11 -------- d-----w- c:\program files\ffdshow 2011-06-05 21:59 . 2011-06-05 22:02 -------- dc-h--w- c:\windows\ie8 2011-05-24 20:46 . 2011-05-24 20:46 388096 ----a-r- c:\documents and settings\dw\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-05-24 15:48 . 2011-05-24 15:48 -------- d-----w- c:\documents and settings\dw\Local Settings\Application Data\WeatherBug 2011-05-24 15:48 . 2011-05-24 15:48 -------- d-----w- c:\documents and settings\dw\Application Data\WeatherBug 2011-05-24 15:48 . 2011-05-24 15:48 18944 ----a-r- c:\documents and settings\dw\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe 2011-05-24 15:47 . 2011-05-24 16:01 -------- d-----w- c:\documents and settings\dw\Application Data\kikin 2011-05-24 15:47 . 2011-05-24 15:47 -------- d-----w- c:\program files\kikin 2011-05-24 15:46 . 2011-05-24 16:19 -------- d-----w- c:\program files\Ploose 2011-05-18 18:07 . 2011-06-14 18:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 15:11 . 2011-04-13 13:39 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 15:11 . 2011-04-13 13:38 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-12 22:18 . 2011-05-12 22:18 102400 ----a-w- c:\windows\RegBootClean.exe 2011-04-28 20:34 . 2011-04-28 20:34 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2011-04-14 20:01 . 2011-05-13 23:28 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2011-04-14 20:01 . 2010-04-23 00:23 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-04-14 20:01 . 2010-04-23 00:23 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-04-14 20:01 . 2010-04-23 00:23 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-04-14 20:01 . 2010-04-23 00:23 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-04-14 20:01 . 2010-04-23 00:23 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-04-14 20:01 . 2010-04-23 00:23 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-04-14 20:01 . 2010-04-23 00:23 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-04-14 20:01 . 2010-04-23 00:23 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-04-14 20:01 . 2010-04-23 00:23 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK] @="{3c3f3c1a-9153-7c05-f938-622e7003894d}" [HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}] 2010-02-06 03:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2] @="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}" [HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}] 2010-02-06 03:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3] @="{b4caf489-1eec-c617-49ad-8d7088598c06}" [HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}] 2010-02-06 03:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2008-01-04 202024] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2010-12-08 19:11 87424 ----a-w- c:\windows\SYSTEM32\LMIinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^dw^Start Menu^Programs^Startup^Wireless Wizard.lnk] path=c:\documents and settings\dw\Start Menu\Programs\Startup\Wireless Wizard.lnk backup=c:\windows\pss\Wireless Wizard.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-11-10 18:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] 2007-11-15 16:24 16384 -c--a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DwlClient] 2004-05-28 02:05 323584 ----a-w- c:\program files\Common Files\Dell\EUSW\Support.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX] 2005-11-21 21:55 45056 -c--a-w- c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPod Service"=3 (0x3) "YahooAUService"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "UPHClean"=2 (0x2) "sprtsvc_dellsupportcenter"=3 (0x3) "JavaQuickStarterService"=2 (0x2) "ImapiService"=3 (0x3) "CiSvc"=3 (0x3) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\SYSTEM32\\MMC.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\McAfee\\MWL\\MwlSvc.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\dw\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundTimestampRequest"= 1 (0x1) "AllowInboundMaskRequest"= 1 (0x1) "AllowInboundRouterRequest"= 1 (0x1) "AllowOutboundDestinationUnreachable"= 1 (0x1) "AllowOutboundSourceQuench"= 0 (0x0) "AllowOutboundParameterProblem"= 1 (0x1) "AllowOutboundTimeExceeded"= 1 (0x1) "AllowRedirect"= 1 (0x1) "AllowOutboundPacketTooBig"= 0 (0x0) . R0 McPvDrv;McPvDrv Driver;c:\windows\SYSTEM32\DRIVERS\McPvDrv.sys [11/17/2009 11:15 AM 63080] R0 RapportKELL;RapportKELL;c:\windows\SYSTEM32\DRIVERS\RapportKELL.sys [4/28/2011 2:34 PM 53816] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [4/22/2010 6:23 PM 84200] R1 MOBKFilter;MOBKFilter;c:\windows\SYSTEM32\DRIVERS\MOBK.sys [4/23/2010 10:02 PM 54776] R1 RapportCerberus_26762;RapportCerberus_26762;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys [6/13/2011 7:41 AM 57144] R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [4/28/2011 2:34 PM 66360] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [4/28/2011 2:34 PM 158904] R3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [4/22/2010 6:23 PM 56064] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [4/22/2010 6:23 PM 314088] R3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [5/13/2011 5:28 PM 88736] S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\dw\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\dw\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?] S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\dw\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\dw\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?] S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [5/13/2011 5:28 PM 88736] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [4/22/2010 6:23 PM 84488] . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2011-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 19:34] . 2011-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6ec8405795ec.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-01-29 21:12] . 2011-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-01-29 21:12] . 2011-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2985198652-3350544489-2306102065-1010Core.job - c:\documents and settings\dw\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-24 20:50] . 2011-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2985198652-3350544489-2306102065-1010UA.job - c:\documents and settings\dw\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-24 20:50] . 2011-06-14 c:\windows\Tasks\vtscheduletask.job - c:\program files\McAfee\Supportability\MVT\MvtApp.exe [2010-12-04 20:25] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.azulstar.com/ mWindow Title = scraps, jean, richard overfield uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s Trusted Zone: internet Trusted Zone: intuit.com\ttlc Trusted Zone: mcafee.com TCP: DhcpNameServer = 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-15 14:24 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\viaagp] "ImagePath"="system32\DRIVERS\viaagp.sy@" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2985198652-3350544489-2306102065-1010\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{43984E99-3EA2-4C44-339C-15F61804B24B}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iapfbkfbopkbhiibbk"=hex:6a,61,6c,6b,63,6e,61,68,69,6e,66,6b,6e,67,69,70,67,6c, 65,68,00,00 "hafflideigcegndo"=hex:6a,61,6c,6b,63,6e,61,68,69,6e,66,6b,6e,67,69,70,67,6c, 65,68,00,6a . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1624) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . - - - - - - - > 'explorer.exe'(3540) c:\windows\system32\WININET.dll c:\progra~1\mcafee\SITEAD~1\saHook.dll c:\program files\McAfee Online Backup\MOBKshell.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\LMIRfsClientNP.dll . Completion time: 2011-06-15 14:30:43 ComboFix-quarantined-files.txt 2011-06-15 20:30 ComboFix2.txt 2011-06-02 15:03 ComboFix3.txt 2011-06-01 01:28 ComboFix4.txt 2011-04-13 13:21 . Pre-Run: 56,005,943,296 bytes free Post-Run: 56,158,515,200 bytes free . - - End Of File - - E9F394D5988B887E5FA840B97465DB0B
  9. Yes, I am. When I turn off the computer & later turn it on, I seem to get a redirect right away. I usually copy the URL & put it on the BLOCK list in Privacy at INTERNET OPTIONS.
  10. Checking emails today, I got a redirect. Prior to cleaning when I was getting redirects constantly, I always copied the URL & went to Control Panel, Internet options, Privacy, Sites & placed it on the Block list. This redirect was one to a site I got frequently, but the window did not open, it stayed in the Tab bar at the top of my screen where I closed it.
  11. I did a restore point for last Sunday which restored my sound & doesn't seen to have affected the cleaning.
  12. All done & no redirects so far! Many, many thanks. One problem, after updating Adobe player, I have no system sound. I have sound with CD player only.I can play video online, but no sound.
  13. Results of screen317's Security Check version 0.99.12 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! ESET Online Scanner v3 McAfee Security Scan Plus McAfee Virtual Technician McAfee SecurityCenter McAfee Online Backup McAfee Anti-Theft McAfee Online Backup ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware HijackThis 2.0.2 Java 6 Update 24 Java 2 Runtime Environment, SE v1.4.2_03 Out of date Java installed! Adobe Flash Player 10.3.181.14 Adobe Atmosphere Player for Acrobat and Adobe Reader Adobe Reader X (10.0.1) ```````````````````````````````` Process Check: objlist.exe by Laurent McAfee Online Backup MOBKbackup.exe ``````````End of Log````````````
  14. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6522 # api_version=3.0.2 # EOSSerial=987081a56c03c944ac7b73539c722ede # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-06-06 12:37:51 # local_time=2011-06-05 06:37:51 (-0700, Mountain Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 23323493 23323493 0 0 # compatibility_mode=5121 16777173 100 75 1897534 36460365 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=160017 # found=2 # cleaned=2 # scan_time=7250 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP180\A0039491.exe Win32/Adware.RK.AB application (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP180\A0039503.dll Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  15. I just updated Combofix & ran it again. Here's the log: ComboFix 11-06-01.07 - dw 06/02/2011 8:34.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.764 [GMT -6:00] Running from: c:\documents and settings\dw\My Documents\Downloads\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected Restored copy from - c:\windows\ERDNT\cache\atapi.sys . . ((((((((((((((((((((((((( Files Created from 2011-05-02 to 2011-06-02 ))))))))))))))))))))))))))))))) . . 2011-05-24 20:46 . 2011-05-24 20:46 388096 ----a-r- c:\documents and settings\dw\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-05-24 15:48 . 2011-05-24 15:48 -------- d-----w- c:\documents and settings\dw\Local Settings\Application Data\WeatherBug 2011-05-24 15:48 . 2011-05-24 15:48 -------- d-----w- c:\documents and settings\dw\Application Data\WeatherBug 2011-05-24 15:48 . 2011-05-24 15:48 18944 ----a-r- c:\documents and settings\dw\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe 2011-05-24 15:47 . 2011-05-24 16:01 -------- d-----w- c:\documents and settings\dw\Application Data\kikin 2011-05-24 15:47 . 2011-05-24 15:47 -------- d-----w- c:\program files\kikin 2011-05-24 15:46 . 2011-05-24 16:19 -------- d-----w- c:\program files\Ploose 2011-05-18 18:07 . 2011-05-18 18:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-13 23:28 . 2011-04-14 20:01 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2011-05-12 22:18 . 2011-05-12 22:18 102400 ----a-w- c:\windows\RegBootClean.exe 2011-05-12 14:08 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-28 20:34 . 2011-04-28 20:34 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2011-04-14 20:01 . 2010-04-23 00:23 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-04-14 20:01 . 2010-04-23 00:23 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-04-14 20:01 . 2010-04-23 00:23 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-04-14 20:01 . 2010-04-23 00:23 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-04-14 20:01 . 2010-04-23 00:23 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-04-14 20:01 . 2010-04-23 00:23 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-04-14 20:01 . 2010-04-23 00:23 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-04-14 20:01 . 2010-04-23 00:23 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-04-14 20:01 . 2010-04-23 00:23 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-03-07 05:33 . 2004-08-04 11:00 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-14 20:01 . 2011-02-14 15:38 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK] @="{3c3f3c1a-9153-7c05-f938-622e7003894d}" [HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}] 2010-02-06 03:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2] @="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}" [HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}] 2010-02-06 03:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3] @="{b4caf489-1eec-c617-49ad-8d7088598c06}" [HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}] 2010-02-06 03:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2008-01-04 202024] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2010-12-08 19:11 87424 ----a-w- c:\windows\SYSTEM32\LMIinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^dw^Start Menu^Programs^Startup^Wireless Wizard.lnk] path=c:\documents and settings\dw\Start Menu\Programs\Startup\Wireless Wizard.lnk backup=c:\windows\pss\Wireless Wizard.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-11-10 18:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] 2007-11-15 16:24 16384 -c--a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DwlClient] 2004-05-28 02:05 323584 ----a-w- c:\program files\Common Files\Dell\EUSW\Support.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX] 2005-11-21 21:55 45056 -c--a-w- c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPod Service"=3 (0x3) "YahooAUService"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "UPHClean"=2 (0x2) "sprtsvc_dellsupportcenter"=3 (0x3) "JavaQuickStarterService"=2 (0x2) "ImapiService"=3 (0x3) "CiSvc"=3 (0x3) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\SYSTEM32\\MMC.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\McAfee\\MWL\\MwlSvc.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\dw\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundTimestampRequest"= 1 (0x1) "AllowInboundMaskRequest"= 1 (0x1) "AllowInboundRouterRequest"= 1 (0x1) "AllowOutboundDestinationUnreachable"= 1 (0x1) "AllowOutboundSourceQuench"= 0 (0x0) "AllowOutboundParameterProblem"= 1 (0x1) "AllowOutboundTimeExceeded"= 1 (0x1) "AllowRedirect"= 1 (0x1) "AllowOutboundPacketTooBig"= 0 (0x0) . R1 SASDIFSV;SASDIFSV;c:\docume~1\dw\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [x] R1 SASKUTIL;SASKUTIL;c:\docume~1\dw\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [x] R2 gupdate1c982565c6b24b6;Google Update Service (gupdate1c982565c6b24b6);c:\program files\Google\Update\GoogleUpdate.exe [2009-01-29 133104] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x] R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-01-29 133104] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\DRIVERS\mfendisk.sys [2011-04-14 88736] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 84488] S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2009-11-17 63080] S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-04-28 53816] S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-04-14 84200] S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-02-06 54776] S1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys [2011-05-02 57144] S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-04-28 66360] S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-04-28 158904] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 88176] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 188136] S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-04-14 141792] S2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [2010-02-06 229688] S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-04-28 870200] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 56064] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 314088] S3 mfendiskmp;mfendiskmp;c:\windows\system32\DRIVERS\mfendisk.sys [2011-04-14 88736] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] itlsvc REG_MULTI_SZ itlperf . Contents of the 'Scheduled Tasks' folder . 2011-05-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 19:34] . 2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6ec8405795ec.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-01-29 21:12] . 2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-01-29 21:12] . 2011-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2985198652-3350544489-2306102065-1010Core.job - c:\documents and settings\dw\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-24 20:50] . 2011-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2985198652-3350544489-2306102065-1010UA.job - c:\documents and settings\dw\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-24 20:50] . 2011-05-31 c:\windows\Tasks\vtscheduletask.job - c:\program files\McAfee\Supportability\MVT\MvtApp.exe [2010-12-04 20:25] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.azulstar.com/ mWindow Title = scraps, jean, richard overfield uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s Trusted Zone: internet Trusted Zone: intuit.com\ttlc Trusted Zone: mcafee.com TCP: DhcpNameServer = 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-02 08:56 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\viaagp] "ImagePath"="system32\DRIVERS\viaagp.sy@" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2985198652-3350544489-2306102065-1010\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{43984E99-3EA2-4C44-339C-15F61804B24B}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iapfbkfbopkbhiibbk"=hex:6a,61,6c,6b,63,6e,61,68,69,6e,66,6b,6e,67,69,70,67,6c, 65,68,00,00 "hafflideigcegndo"=hex:6a,61,6c,6b,63,6e,61,68,69,6e,66,6b,6e,67,69,70,67,6c, 65,68,00,6a . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1624) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . - - - - - - - > 'explorer.exe'(3612) c:\progra~1\mcafee\SITEAD~1\saHook.dll c:\program files\McAfee Online Backup\MOBKshell.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\LMIRfsClientNP.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\msdtc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Common Files\McAfee\SystemCore\mcshield.exe c:\program files\Common Files\McAfee\SystemCore\mfefire.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\System32\vssvc.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Completion time: 2011-06-02 09:03:28 - machine was rebooted ComboFix-quarantined-files.txt 2011-06-02 15:03 ComboFix2.txt 2011-06-01 01:28 ComboFix3.txt 2011-04-13 13:21 . Pre-Run: 59,155,415,040 bytes free Post-Run: 59,125,628,928 bytes free . - - End Of File - - F5922D207CCE9E616EC23A0301165522
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.