krome Posted May 18, 2012 ID:552485 Share Posted May 18, 2012 Hello,A few days ago I was redirected to a Windows Security Warning (centerwreckdanger.in/78dee9e271084cb/40) and nothing happened at first. Today the same thing happened. This time I was redirected to wormsutilityagent.in/78dee9e271084cb/40. As you may have noticed after ".in/" all of the characters are the same so i'm a little suspicious of this. It said I had a worm or something and started scanning. When I tried to close it asked me if I was sure I wanted to leave so I immediately shutdown my computer. I was at work when it happened so I left malwarebytes and mcafee scanning before I left. The first time I scanned after this issue came up nothing showed up on malwarebytes. I don't know what the results are since i'm not at work. I'll be back on Monday. Of special note, the very first time I scanned after downloading malwarebytes there were 3 things that needed to be deleted. Evidently I had some sort of malware that kept opening multiple browsers after clicking on a yahoo article. After that incident came the whole Windows Security Warning issues. Any ideas on what this could be?Thanks,KR Link to post Share on other sites More sharing options...
Maniac Posted May 18, 2012 ID:552554 Share Posted May 18, 2012 Hello krome! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Please follow the instructions here:http://forums.malwarebytes.org/index.php?showtopic=9573Post both log files in your next reply. Link to post Share on other sites More sharing options...
krome Posted May 20, 2012 Author ID:553017 Share Posted May 20, 2012 Thanks i'll try it out when I get back to work Monday.KR Link to post Share on other sites More sharing options...
Maniac Posted May 20, 2012 ID:553062 Share Posted May 20, 2012 Thanks for letting me know! Link to post Share on other sites More sharing options...
krome Posted May 21, 2012 Author ID:553367 Share Posted May 21, 2012 Hello Maniac,I read the info and below are the attachments that I'm supposed to send to you. Hope this is what's need. Let me know if there's any other info you may need.Thanks,KRdds.txtattach.txt Link to post Share on other sites More sharing options...
krome Posted May 21, 2012 Author ID:553375 Share Posted May 21, 2012 Almost forgot to say, in the "i'm infected" forum it said, "After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification". I didn't see these options, well at least I did see "follow this topic" but the email notification I didnt see. I did go to settings and change a setting regarding email so maybe that was it. I'll stay logged on until 4:55pm central time to see if any replies are made.Thanks,KR Link to post Share on other sites More sharing options...
Maniac Posted May 21, 2012 ID:553382 Share Posted May 21, 2012 About e-mail notification, take a look here:http://forums.malwarebytes.org/index.php?showtopic=109106About your log files:Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Post both log files in your next reply. Please include the following logs in your next reply: DDS.txt and Attach.txtYou can ignore the note about zipping the Attach.txt file in most cases. Link to post Share on other sites More sharing options...
krome Posted May 21, 2012 Author ID:553388 Share Posted May 21, 2012 Oh ok sorry about that. Here's the attach.txt file....UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows XP Home EditionBoot Device: \Device\HarddiskVolume2Install Date: 9/24/2004 1:36:59 PMSystem Uptime: 5/17/2012 3:03:58 PM (93 hours ago).Motherboard: Dell Computer Corp. | | 0N6381Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/533mhz.==== Disk Partitions =========================.A: is RemovableC: is FIXED (NTFS) - 71 GiB total, 36.827 GiB free.D: is CDROM ()Z: is NetworkDisk (NTFS) - 149 GiB total, 94.773 GiB free..==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP2706: 2/22/2012 9:44:14 AM - System CheckpointRP2707: 2/23/2012 10:52:12 AM - System CheckpointRP2708: 2/24/2012 11:44:16 AM - System CheckpointRP2709: 2/24/2012 2:57:19 PM - Installed Akamai NetSession InterfaceRP2710: 2/24/2012 3:46:32 PM - Installed DirectXRP2711: 2/25/2012 4:44:12 PM - System CheckpointRP2712: 2/26/2012 5:44:13 PM - System CheckpointRP2713: 2/27/2012 5:59:28 PM - System CheckpointRP2714: 2/28/2012 6:21:59 PM - System CheckpointRP2715: 2/29/2012 7:21:59 PM - System CheckpointRP2716: 3/1/2012 8:21:53 PM - System CheckpointRP2717: 3/2/2012 9:22:02 PM - System CheckpointRP2718: 3/3/2012 10:21:58 PM - System CheckpointRP2719: 3/4/2012 11:21:55 PM - System CheckpointRP2720: 3/6/2012 12:21:56 AM - System CheckpointRP2721: 3/7/2012 1:21:56 AM - System CheckpointRP2722: 3/8/2012 2:21:53 AM - System CheckpointRP2723: 3/9/2012 3:22:00 AM - System CheckpointRP2724: 3/10/2012 4:21:58 AM - System CheckpointRP2725: 3/11/2012 6:21:53 AM - System CheckpointRP2726: 3/12/2012 7:21:53 AM - System CheckpointRP2727: 3/13/2012 8:22:02 AM - System CheckpointRP2728: 3/14/2012 3:00:22 AM - Software Distribution Service 3.0RP2729: 3/15/2012 3:21:59 AM - System CheckpointRP2730: 3/16/2012 4:22:00 AM - System CheckpointRP2731: 3/17/2012 5:21:56 AM - System CheckpointRP2732: 3/18/2012 6:21:52 AM - System CheckpointRP2733: 3/19/2012 7:21:53 AM - System CheckpointRP2734: 3/19/2012 3:20:05 PM - Removed Autodesk Material Library Base Resolution Image Library 2012.RP2735: 3/19/2012 3:25:24 PM - Removed Autodesk Material Library 2012.RP2736: 3/19/2012 3:28:20 PM - Removed Autodesk Content ServiceRP2737: 3/20/2012 4:53:17 PM - System CheckpointRP2738: 3/21/2012 4:56:53 PM - System CheckpointRP2739: 3/22/2012 5:44:53 PM - System CheckpointRP2740: 3/23/2012 6:44:55 PM - System CheckpointRP2741: 3/24/2012 7:44:47 PM - System CheckpointRP2742: 3/25/2012 8:44:47 PM - System CheckpointRP2743: 3/26/2012 9:44:55 PM - System CheckpointRP2744: 3/27/2012 10:44:52 PM - System CheckpointRP2745: 3/28/2012 11:44:52 PM - System CheckpointRP2746: 3/30/2012 12:44:48 AM - System CheckpointRP2747: 3/31/2012 1:44:52 AM - System CheckpointRP2748: 4/1/2012 2:44:47 AM - System CheckpointRP2749: 4/2/2012 3:44:47 AM - System CheckpointRP2750: 4/3/2012 4:44:53 AM - System CheckpointRP2751: 4/4/2012 5:44:48 AM - System CheckpointRP2752: 4/5/2012 6:44:56 AM - System CheckpointRP2753: 4/6/2012 7:44:53 AM - System CheckpointRP2754: 4/7/2012 8:44:48 AM - System CheckpointRP2755: 4/8/2012 9:44:47 AM - System CheckpointRP2756: 4/9/2012 10:44:47 AM - System CheckpointRP2757: 4/10/2012 1:54:52 PM - System CheckpointRP2758: 4/11/2012 4:53:46 PM - System CheckpointRP2759: 4/12/2012 3:00:18 AM - Software Distribution Service 3.0RP2760: 4/13/2012 3:44:57 AM - System CheckpointRP2761: 4/14/2012 4:44:53 AM - System CheckpointRP2762: 4/15/2012 5:44:47 AM - System CheckpointRP2763: 4/16/2012 6:44:47 AM - System CheckpointRP2764: 4/17/2012 7:44:52 AM - System CheckpointRP2765: 4/18/2012 8:50:40 AM - System CheckpointRP2766: 4/19/2012 9:44:52 AM - System CheckpointRP2767: 4/20/2012 10:44:53 AM - System CheckpointRP2768: 4/21/2012 11:44:56 AM - System CheckpointRP2769: 4/22/2012 12:44:49 PM - System CheckpointRP2770: 4/23/2012 2:45:48 PM - System CheckpointRP2771: 4/24/2012 4:08:08 PM - System CheckpointRP2772: 4/25/2012 4:58:05 PM - System CheckpointRP2773: 4/26/2012 5:21:55 PM - System CheckpointRP2774: 4/27/2012 3:38:06 PM - Software Distribution Service 3.0RP2775: 4/27/2012 4:03:36 PM - Software Distribution Service 3.0RP2776: 4/28/2012 4:28:10 PM - System CheckpointRP2777: 4/29/2012 5:28:07 PM - System CheckpointRP2778: 4/30/2012 5:45:23 PM - System CheckpointRP2779: 5/1/2012 5:46:27 PM - System CheckpointRP2780: 5/2/2012 6:45:23 PM - System CheckpointRP2781: 5/3/2012 7:45:24 PM - System CheckpointRP2782: 5/4/2012 8:45:36 PM - System CheckpointRP2783: 5/5/2012 9:45:23 PM - System CheckpointRP2784: 5/6/2012 10:45:18 PM - System CheckpointRP2785: 5/7/2012 11:45:18 PM - System CheckpointRP2786: 5/9/2012 12:45:23 AM - System CheckpointRP2787: 5/10/2012 1:45:26 AM - System CheckpointRP2788: 5/11/2012 2:05:36 AM - System CheckpointRP2789: 5/12/2012 3:00:24 AM - Software Distribution Service 3.0RP2790: 5/13/2012 3:05:35 AM - System CheckpointRP2791: 5/14/2012 4:05:34 AM - System CheckpointRP2792: 5/15/2012 5:05:39 AM - System CheckpointRP2793: 5/16/2012 6:05:38 AM - System CheckpointRP2794: 5/17/2012 7:05:34 AM - System CheckpointRP2795: 5/18/2012 7:08:38 AM - System CheckpointRP2796: 5/19/2012 8:08:34 AM - System CheckpointRP2797: 5/20/2012 9:08:39 AM - System CheckpointRP2798: 5/21/2012 10:08:34 AM - System Checkpoint.==== Installed Programs ======================.Adobe Flash Player 11 ActiveXAdobe Reader 7.0Akamai NetSession InterfaceApple Mobile Device SupportApple Software UpdateAutoCAD R13Banctec Service AgreementCCleanerCompatibility Pack for the 2007 Office systemCoupon Printer for WindowsCritical Update for Windows Media Player 11 (KB959772)Dell Driver Reset ToolDell Media ExperienceDell Networking GuideDell Solution CenterDellSupportDrawPlus 3.0DWG TrueView 2011DWGeditoreDrawings 2008ESET Online ScannerFARO LS 1.1.406.58Help and Support CustomizationHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB915800)Hotfix for Windows XP (KB915865)Hotfix for Windows XP (KB919880)Hotfix for Windows XP (KB926239)Hotfix for Windows XP (KB942288-v3)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)Intel® 537EP V9x DF PCI ModemIntel® Extreme Graphics 2 DriverIntel® PRO Network Adapters and DriversIntel® PROSet for Wired ConnectionsInternet Explorer Default PageiTunesJava 2 Runtime Environment, SE v1.4.2_03Java 2 Runtime Environment, SE v1.4.2_05Maintenance Samsung CLP-320 SeriesMalwarebytes Anti-Malware version 1.61.0.1400McAfee AntiVirus PlusMcAfee Virtual TechnicianMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Office 2000 ProfessionalMicrosoft Office 2003 Web ComponentsMicrosoft Office Access Runtime (English) 2007Microsoft Office Word Viewer 2003Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Web Publishing Wizard 1.52MillWizard 1.3Modem Event MonitorModem HelperModem On HoldMSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 6 Service Pack 2 (KB973686)PartWizard 3.2QuickTimeRealPlayer BasicSamsung CLP-300 SeriesSecurity Update for Step By Step Interactive Training (KB898458)Security Update for Step By Step Interactive Training (KB923723)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB976325)Security Update for Windows Internet Explorer 8 (KB978207)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows Media Player 6.4 (KB925398)Security Update for Windows Media Player 9 (KB911565)Security Update for Windows Media Player 9 (KB917734)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB883939)Security Update for Windows XP (KB890046)Security Update for Windows XP (KB893756)Security Update for Windows XP (KB896358)Security Update for Windows XP (KB896422)Security Update for Windows XP (KB896423)Security Update for Windows XP (KB896424)Security Update for Windows XP (KB896428)Security Update for Windows XP (KB896688)Security Update for Windows XP (KB899587)Security Update for Windows XP (KB899588)Security Update for Windows XP (KB899591)Security Update for Windows XP (KB900725)Security Update for Windows XP (KB901017)Security Update for Windows XP (KB901214)Security Update for Windows XP (KB902400)Security Update for Windows XP (KB903235)Security Update for Windows XP (KB904706)Security Update for Windows XP (KB905414)Security Update for Windows XP (KB905749)Security Update for Windows XP (KB905915)Security Update for Windows XP (KB908519)Security Update for Windows XP (KB908531)Security Update for Windows XP (KB911280)Security Update for Windows XP (KB911562)Security Update for Windows XP (KB911567)Security Update for Windows XP (KB911927)Security Update for Windows XP (KB912812)Security Update for Windows XP (KB912919)Security Update for Windows XP (KB913446)Security Update for Windows XP (KB913580)Security Update for Windows XP (KB914388)Security Update for Windows XP (KB914389)Security Update for Windows XP (KB916281)Security Update for Windows XP (KB917159)Security Update for Windows XP (KB917344)Security Update for Windows XP (KB917422)Security Update for Windows XP (KB917953)Security Update for Windows XP (KB918118)Security Update for Windows XP (KB918439)Security Update for Windows XP (KB918899)Security Update for Windows XP (KB919007)Security Update for Windows XP (KB920213)Security Update for Windows XP (KB920214)Security Update for Windows XP (KB920670)Security Update for Windows XP (KB920683)Security Update for Windows XP (KB920685)Security Update for Windows XP (KB921398)Security Update for Windows XP (KB921503)Security Update for Windows XP (KB921883)Security Update for Windows XP (KB922616)Security Update for Windows XP (KB922760)Security Update for Windows XP (KB922819)Security Update for Windows XP (KB923191)Security Update for Windows XP (KB923414)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB923694)Security Update for Windows XP (KB923789)Security Update for Windows XP (KB923980)Security Update for Windows XP (KB924191)Security Update for Windows XP (KB924270)Security Update for Windows XP (KB924496)Security Update for Windows XP (KB924667)Security Update for Windows XP (KB925454)Security Update for Windows XP (KB925486)Security Update for Windows XP (KB925902)Security Update for Windows XP (KB926255)Security Update for Windows XP (KB926436)Security Update for Windows XP (KB927779)Security Update for Windows XP (KB927802)Security Update for Windows XP (KB928090)Security Update for Windows XP (KB928255)Security Update for Windows XP (KB928843)Security Update for Windows XP (KB929123)Security Update for Windows XP (KB929969)Security Update for Windows XP (KB930178)Security Update for Windows XP (KB931261)Security Update for Windows XP (KB931768)Security Update for Windows XP (KB931784)Security Update for Windows XP (KB932168)Security Update for Windows XP (KB933566)Security Update for Windows XP (KB933729)Security Update for Windows XP (KB935839)Security Update for Windows XP (KB935840)Security Update for Windows XP (KB936021)Security Update for Windows XP (KB937143)Security Update for Windows XP (KB938127)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB938829)Security Update for Windows XP (KB939653)Security Update for Windows XP (KB941202)Security Update for Windows XP (KB941568)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB941644)Security Update for Windows XP (KB941693)Security Update for Windows XP (KB942615)Security Update for Windows XP (KB943055)Security Update for Windows XP (KB943460)Security Update for Windows XP (KB943485)Security Update for Windows XP (KB944338)Security Update for Windows XP (KB944533)Security Update for Windows XP (KB944653)Security Update for Windows XP (KB945553)Security Update for Windows XP (KB946026)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB947864)Security Update for Windows XP (KB948590)Security Update for Windows XP (KB948881)Security Update for Windows XP (KB950749)Security Update for Windows XP (KB950759)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951376)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB953838)Security Update for Windows XP (KB953839)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956390)Security Update for Windows XP (KB956391)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957095)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958215)Security Update for Windows XP (KB958470)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958690)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960714)Security Update for Windows XP (KB960715)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961373)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969898)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977165)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)SmartDraw 2007SolidWorks 2008 SP05SolidWorks Explorer 2008 sp05Sonic DLASonic RecordNow!Sonic Update ManagerThe Print ShopUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Windows Internet Explorer 8 (KB976662)Update for Windows Internet Explorer 8 (KB978506)Update for Windows Internet Explorer 8 (KB980182)Update for Windows XP (KB894391)Update for Windows XP (KB896727)Update for Windows XP (KB898461)Update for Windows XP (KB900485)Update for Windows XP (KB910437)Update for Windows XP (KB916595)Update for Windows XP (KB920872)Update for Windows XP (KB922582)Update for Windows XP (KB925720)Update for Windows XP (KB927891)Update for Windows XP (KB929338)Update for Windows XP (KB930916)Update for Windows XP (KB931836)Update for Windows XP (KB933360)Update for Windows XP (KB936357)Update for Windows XP (KB938828)Update for Windows XP (KB942763)Update for Windows XP (KB942840)Update for Windows XP (KB946627)Update for Windows XP (KB951072-v2)Update for Windows XP (KB955759)Update for Windows XP (KB955839)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)WebFldrs XPWindows Desktop Search 3.01Windows Genuine Advantage v1.3.0254.0Windows Genuine Advantage Validation Tool (KB892130)Windows Imaging ComponentWindows Installer 3.1 (KB893803)Windows Internet Explorer 8Windows Media Format 11 runtimeWindows Media Player 11Windows Presentation FoundationWindows XP Hotfix - KB834707Windows XP Hotfix - KB867282Windows XP Hotfix - KB873333Windows XP Hotfix - KB873339Windows XP Hotfix - KB885250Windows XP Hotfix - KB885835Windows XP Hotfix - KB885836Windows XP Hotfix - KB886185Windows XP Hotfix - KB887472Windows XP Hotfix - KB887742Windows XP Hotfix - KB888113Windows XP Hotfix - KB888302Windows XP Hotfix - KB890047Windows XP Hotfix - KB890175Windows XP Hotfix - KB890859Windows XP Hotfix - KB890923Windows XP Hotfix - KB891781Windows XP Hotfix - KB893066Windows XP Hotfix - KB893086Windows XP Service Pack 2XML Paper Specification Shared Components Pack 1.0Yahoo! Install ManagerYahoo! Software UpdateYahoo! Toolbar.==== End Of File ===========================And here's the dds.txt file....DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 8.0.6001.18702Run by Keith Krome at 12:49:56 on 2012-05-21Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.326 [GMT -5:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Firewall *Disabled*.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exeC:\WINDOWS\system32\mfevtps.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\SiteAdvisor\6253\SiteAdv.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\WINDOWS\Samsung\PanelMgr\SSMMgr.exeC:\WINDOWS\system32\ctfmon.exeC:\Documents and Settings\Keith Krome\Local Settings\Application Data\Akamai\netsession_win.exeC:\Documents and Settings\Keith Krome\Local Settings\Application Data\Akamai\netsession_win.exeC:\WINDOWS\system32\SearchIndexer.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Program Files\iPod\bin\iPodService.exeC:\PROGRA~1\McAfee\MSM\McSmtFwk.exeC:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exeC:\r13\win\acad.exeC:\r13\win\acadapp.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Yahoo!\Companion\Installs\cpn3\ytbb.exeC:\WINDOWS\system32\drwtsn32.exeC:\WINDOWS\system32\drwtsn32.exeC:\WINDOWS\system32\SearchProtocolHost.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8uSearch Page =uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8uWindow Title = Windows Internet Explorer provided by Yahoo!uInternet Settings,ProxyOverride = <local>uSearchAssistant =mSearchAssistant =uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dlluURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn3\yt.dllBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dllBHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dllBHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6261\SiteAdv.dllBHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120425161702.dllBHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dllTB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6261\SiteAdv.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dllEB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dllEB: {32683183-48a0-441b-a342-7c2a440a9478} - No FileuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [Akamai NetSession Interface] "c:\documents and settings\keith krome\local settings\application data\akamai\netsession_win.exe"mRun: [intelMeM] c:\program files\intel\modem event monitor\IntelMEM.exemRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"mRun: [dla] c:\windows\system32\dla\tfswctrl.exemRun: [igfxtray] c:\windows\system32\igfxtray.exemRun: [igfxhkcmd] c:\windows\system32\hkcmd.exemRun: [igfxpers] c:\windows\system32\igfxpers.exemRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [siteAdvisor] c:\program files\siteadvisor\6253\SiteAdv.exemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [solidWorks_CheckForUpdates] "c:\program files\common files\solidworks installation manager\scheduler\sldIMScheduler.exe" /schedulermRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkeymRun: [samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorunStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exeIE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.htmlIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dllTrusted Zone: internetTrusted Zone: mcafee.comTrusted Zone: samsungsetup.com\wwwDPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dllDPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cabDPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cabTCP: Interfaces\{53E050C9-0FCD-4EB4-A6AF-D9847E7F0364} : NameServer = 192.168.0.1Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dllHandler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6261\SiteAdv.dllNotify: igfxcui - igfxdev.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dllmASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12Hosts: 192.168.0.2 backup.kidstuffplaysystems.com.============= SERVICES / DRIVERS ===============.R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-3 464304]R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-5-3 89792]R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-5-3 214904]R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-5-3 214904]R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-5-3 214904]R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-7-11 166288]R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-7-11 161632]R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-7-11 151880]R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-5-3 57600]R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-5-3 180848]R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-5-3 59456]R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-5-3 340920]R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-5-3 83856]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 257696]S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-5-3 83856]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-3 87656]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504].=============== File Associations ===============..scr=DWGTrueViewScriptFile.=============== Created Last 30 ================.2012-05-10 20:05:52 -------- d-----w- c:\program files\CCleaner2012-05-09 20:02:46 -------- d-----w- c:\documents and settings\keith krome\application data\Malwarebytes2012-05-09 20:02:12 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes2012-05-09 20:02:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-05-09 20:02:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-04-30 21:36:53 -------- d-----w- C:\visi2012-04-30 21:36:50 -------- d-----w- C:\w2012-04-30 21:36:50 -------- d-----w- C:\skins2012-04-25 21:39:20 -------- d-----w- C:\e2012-04-25 21:39:13 -------- d-----w- C:\Data2012-04-23 17:28:26 -------- d-----w- c:\program files\SamsungPrinterLiveUpdate2012-04-23 17:27:43 -------- d-----w- c:\documents and settings\all users\application data\Samsung2012-04-23 17:26:42 24064 ----a-w- c:\windows\system32\sst3cl3.dll2012-04-23 17:26:33 24576 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\sst3cpc.dll2012-04-23 17:26:26 65536 ----a-w- c:\windows\system32\sst3cci.dll2012-04-23 17:26:26 151552 ----a-w- c:\windows\system32\sst3cci.exe2012-04-23 17:26:20 81920 ----a-w- c:\windows\system32\ssdevm.dll.==================== Find3M ====================.2012-05-05 02:04:40 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-05-05 02:04:39 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-03-20 18:11:32 151880 ----a-w- c:\windows\system32\mfevtps.exe2012-02-24 21:08:27 1144011680 ----a-w- C:\AutoCAD_2012_English_Win_32bit.exe2012-02-22 18:29:46 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys2012-02-22 18:29:46 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys2012-02-22 18:29:46 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys2012-02-22 18:29:46 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys2012-02-22 18:29:46 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys2012-02-22 18:29:46 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys2012-02-22 18:29:46 464304 ----a-w- c:\windows\system32\drivers\mfehidk.sys2012-02-22 18:29:46 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys2012-02-22 18:29:46 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys2012-02-22 18:29:46 121544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys2010-09-30 20:34:01 190714928 ----a-w- c:\program files\SetupDWGTrueView2011_32bit.exe2010-08-18 20:30:17 9442584 ----a-w- c:\program files\VueMinder_Lite_Setup_7.2.1.exe.============= FINISH: 12:58:18.73 ===============I guess this is it then. I'll still be here, thanks. Link to post Share on other sites More sharing options...
Maniac Posted May 21, 2012 ID:553399 Share Posted May 21, 2012 Thanks!Step 1Download aswMBR.exe ( 1.8mB ) to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan On completion of the scan click save log, save it to your desktop and post in your next reply Step 2Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version. Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately. Link to post Share on other sites More sharing options...
krome Posted May 21, 2012 Author ID:553411 Share Posted May 21, 2012 Ok here we go...aswMBR version 0.9.9.1665 Copyright© 2011 AVAST SoftwareRun date: 2012-05-21 14:34:35-----------------------------14:34:35.687 OS Version: Windows 5.1.2600 Service Pack 214:34:35.687 Number of processors: 1 586 0x30414:34:35.687 ComputerName: AUTOCAD2 UserName:14:34:37.437 Initialize success14:38:47.187 AVAST engine defs: 1205210114:39:33.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-314:39:33.015 Disk 0 Vendor: ST380011A 8.16 Size: 76293MB BusType: 314:39:33.046 Disk 0 MBR read successfully14:39:33.046 Disk 0 MBR scan14:39:33.156 Disk 0 unknown MBR code14:39:33.156 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 47 MB offset 6314:39:33.171 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 72653 MB offset 9639014:39:33.203 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 3584 MB offset 14889042014:39:33.203 Disk 0 scanning sectors +15623212514:39:33.328 Disk 0 scanning C:\WINDOWS\system32\drivers14:39:56.203 Service scanning14:40:27.968 Modules scanning14:40:45.593 Disk 0 trace - called modules:14:40:45.625 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS14:40:45.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f8dab8]14:40:45.625 3 CLASSPNP.SYS[f769805b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86fc9d98]14:40:46.343 AVAST engine scan C:\WINDOWS14:40:57.500 AVAST engine scan C:\WINDOWS\system3214:46:54.531 AVAST engine scan C:\WINDOWS\system32\drivers14:47:28.234 AVAST engine scan C:\Documents and Settings\Keith Krome15:06:07.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Keith Krome\Desktop\MBR.dat"15:06:07.859 The log file has been saved successfully to "C:\Documents and Settings\Keith Krome\Desktop\aswMBR.txt"I'll go on and perform step 2 and post the info as soon as I get it. Link to post Share on other sites More sharing options...
krome Posted May 21, 2012 Author ID:553443 Share Posted May 21, 2012 Ok here's the mbam scan log...Malwarebytes Anti-Malware 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.05.17.08Windows XP Service Pack 2 x86 NTFSInternet Explorer 8.0.6001.18702Keith Krome :: AUTOCAD2 [administrator]5/21/2012 3:11:12 PMmbam-log-2012-05-21 (15-11-12).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 219777Time elapsed: 58 minute(s), 20 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)Looks like nothing was detected in the scan, but what do you think? Link to post Share on other sites More sharing options...
Maniac Posted May 22, 2012 ID:553597 Share Posted May 22, 2012 I think you should update your database version as I suggest.Database version: v2012.05.17.08 Link to post Share on other sites More sharing options...
krome Posted May 22, 2012 Author ID:553675 Share Posted May 22, 2012 Ok I updated my version of mbam and here are the scan results...Malwarebytes Anti-Malware 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.05.22.03Windows XP Service Pack 2 x86 NTFSInternet Explorer 8.0.6001.18702Keith Krome :: AUTOCAD2 [administrator]5/22/2012 12:25:11 PMmbam-log-2012-05-22 (12-25-11).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 219151Time elapsed: 29 minute(s), 34 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)Still appears to have no threats. Did you notice anything unusual in the logs that the scan isn't picking up? Link to post Share on other sites More sharing options...
Maniac Posted May 22, 2012 ID:553712 Share Posted May 22, 2012 Yes, I found.14:39:33.156 Disk 0 unknown MBR codeLet's try this:Please download MBRCheck.exe to your Desktop. Run the application.If no infection is found, it will produce a report on the desktop. Post that report in your next reply.If an infection is found, you will be presented with the following dialog:Enter 'Y' and hit ENTER for more options, or 'N' to exit: Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply. Link to post Share on other sites More sharing options...
krome Posted May 22, 2012 Author ID:553717 Share Posted May 22, 2012 Alright here's the report...MBRCheck, version 1.2.3© 2010, ADCommand-line: Windows Version: Windows XP Home EditionWindows Information: Service Pack 2 (build 2600)Logical Drives Mask: 0x0200000dKernel Drivers (total 147): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x806ED000 \WINDOWS\system32\hal.dll 0xF7B57000 \WINDOWS\system32\KDCOM.DLL 0xF7A67000 \WINDOWS\system32\BOOTVID.dll 0xF7608000 ACPI.sys 0xF7B59000 \WINDOWS\System32\DRIVERS\WMILIB.SYS 0xF75F7000 pci.sys 0xF7657000 isapnp.sys 0xF7C1F000 pciide.sys 0xF78D7000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS 0xF7667000 MountMgr.sys 0xF75D8000 ftdisk.sys 0xF78DF000 PartMgr.sys 0xF7677000 VolSnap.sys 0xF75C0000 atapi.sys 0xF7687000 disk.sys 0xF7697000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS 0xF75A0000 fltmgr.sys 0xF758E000 sr.sys 0xF751F000 mfehidk.sys 0xF750A000 drvmcdb.sys 0xF78E7000 PxHelp20.sys 0xF74F3000 KSecDD.sys 0xF74E0000 WudfPf.sys 0xF7453000 Ntfs.sys 0xF7426000 NDIS.sys 0xF740B000 Mup.sys 0xF7747000 \SystemRoot\System32\DRIVERS\intelppm.sys 0xF6E70000 \SystemRoot\System32\DRIVERS\ialmnt5.sys 0xF6E5C000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS 0xF79F7000 \SystemRoot\System32\DRIVERS\usbuhci.sys 0xF6E39000 \SystemRoot\System32\DRIVERS\USBPORT.SYS 0xF79FF000 \SystemRoot\System32\DRIVERS\usbehci.sys 0xF7757000 \SystemRoot\System32\DRIVERS\IntelC53.sys 0xF6E16000 \SystemRoot\System32\DRIVERS\ks.sys 0xF6CEF000 \SystemRoot\System32\DRIVERS\IntelC51.sys 0xF6C5A000 \SystemRoot\System32\DRIVERS\IntelC52.sys 0xF7A07000 \SystemRoot\System32\DRIVERS\mohfilt.sys 0xF7A0F000 \SystemRoot\System32\Drivers\Modem.SYS 0xF6C34000 \SystemRoot\System32\DRIVERS\e100b325.sys 0xF7A17000 \SystemRoot\System32\DRIVERS\fdc.sys 0xF7767000 \SystemRoot\System32\DRIVERS\i8042prt.sys 0xF7A1F000 \SystemRoot\System32\DRIVERS\kbdclass.sys 0xF77E7000 \SystemRoot\System32\DRIVERS\serial.sys 0xF73CA000 \SystemRoot\System32\DRIVERS\serenum.sys 0xF6C20000 \SystemRoot\System32\DRIVERS\parport.sys 0xF7777000 \SystemRoot\System32\DRIVERS\imapi.sys 0xF7B93000 \SystemRoot\system32\drivers\sscdbhk5.sys 0xF7787000 \SystemRoot\System32\DRIVERS\cdrom.sys 0xF7797000 \SystemRoot\System32\DRIVERS\redbook.sys 0xF7A27000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys 0xF6B8A000 \SystemRoot\system32\drivers\smwdm.sys 0xF6B66000 \SystemRoot\system32\drivers\portcls.sys 0xF77A7000 \SystemRoot\system32\drivers\drmk.sys 0xF7B95000 \SystemRoot\system32\drivers\aeaudio.sys 0xF7D8A000 \SystemRoot\System32\DRIVERS\audstub.sys 0xF6B53000 \SystemRoot\system32\DRIVERS\mfendisk.sys 0xF77C7000 \SystemRoot\System32\DRIVERS\rasl2tp.sys 0xF73BE000 \SystemRoot\System32\DRIVERS\ndistapi.sys 0xF6B3C000 \SystemRoot\System32\DRIVERS\ndiswan.sys 0xF77D7000 \SystemRoot\System32\DRIVERS\raspppoe.sys 0xF77F7000 \SystemRoot\System32\DRIVERS\raspptp.sys 0xF7A2F000 \SystemRoot\System32\DRIVERS\TDI.SYS 0xF6B2B000 \SystemRoot\System32\DRIVERS\psched.sys 0xF7807000 \SystemRoot\System32\DRIVERS\msgpc.sys 0xF6B00000 \SystemRoot\system32\drivers\mfeavfk.sys 0xF6AAE000 \SystemRoot\system32\drivers\mfefirek.sys 0xF7A37000 \SystemRoot\System32\DRIVERS\ptilink.sys 0xF7A3F000 \SystemRoot\System32\DRIVERS\raspti.sys 0xF7817000 \SystemRoot\System32\DRIVERS\termdd.sys 0xF7A47000 \SystemRoot\System32\DRIVERS\mouclass.sys 0xF7B99000 \SystemRoot\System32\DRIVERS\swenum.sys 0xF6A55000 \SystemRoot\System32\DRIVERS\update.sys 0xF6FB6000 \SystemRoot\System32\DRIVERS\mssmbios.sys 0xF7827000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF7847000 \SystemRoot\System32\DRIVERS\usbhub.sys 0xF7BA7000 \SystemRoot\System32\DRIVERS\USBD.SYS 0xF7B13000 \SystemRoot\system32\drivers\MODEMCSA.sys 0xF7A5F000 \SystemRoot\System32\DRIVERS\flpydisk.sys 0xF7BA9000 \SystemRoot\System32\Drivers\i2omgmt.SYS 0xF7BAB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7D8E000 \SystemRoot\System32\Drivers\Null.SYS 0xF7BAD000 \SystemRoot\System32\Drivers\Beep.SYS 0xF7907000 \SystemRoot\system32\drivers\ssrtln.sys 0xF790F000 \SystemRoot\System32\drivers\vga.sys 0xF7BAF000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF7BB1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF7917000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF791F000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF7B27000 \SystemRoot\System32\DRIVERS\rasacd.sys 0xEE8B2000 \SystemRoot\System32\DRIVERS\ipsec.sys 0xEE85A000 \SystemRoot\System32\DRIVERS\tcpip.sys 0xEE845000 \SystemRoot\system32\drivers\mfetdi2k.sys 0xEE824000 \SystemRoot\System32\DRIVERS\ipnat.sys 0xEE7FC000 \SystemRoot\System32\DRIVERS\netbt.sys 0xEE7DA000 \SystemRoot\System32\drivers\afd.sys 0xF7867000 \SystemRoot\System32\DRIVERS\netbios.sys 0xEE7AF000 \SystemRoot\System32\DRIVERS\rdbss.sys 0xEE718000 \SystemRoot\System32\DRIVERS\mrxsmb.sys 0xF7897000 \SystemRoot\System32\Drivers\Fips.SYS 0xF78A7000 \SystemRoot\System32\DRIVERS\wanarp.sys 0xF7B47000 \SystemRoot\System32\DRIVERS\hidusb.sys 0xF78C7000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS 0xF7927000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS 0xF792F000 \SystemRoot\System32\DRIVERS\usbprint.sys 0xF7B4B000 \SystemRoot\System32\DRIVERS\mouhid.sys 0xF77B7000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xEE700000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF7B5B000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xF6A49000 \SystemRoot\System32\drivers\Dxapi.sys 0xF79AF000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF7D18000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF020000 \SystemRoot\System32\ialmdnt5.dll 0xBF012000 \SystemRoot\System32\ialmrnt5.dll 0xBF042000 \SystemRoot\System32\ialmdev5.DLL 0xBF077000 \SystemRoot\System32\ialmdd5.DLL 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xF76E7000 \SystemRoot\system32\drivers\drvnddm.sys 0xF7D68000 \SystemRoot\system32\dla\tfsndres.sys 0xEE5AB000 \SystemRoot\system32\dla\tfsnifs.sys 0xEE650000 \SystemRoot\system32\dla\tfsnopio.sys 0xF7B63000 \SystemRoot\system32\dla\tfsnpool.sys 0xF79BF000 \SystemRoot\system32\dla\tfsnboio.sys 0xF76F7000 \SystemRoot\system32\dla\tfsncofs.sys 0xF7D60000 \SystemRoot\system32\dla\tfsndrct.sys 0xEE592000 \SystemRoot\system32\dla\tfsnudf.sys 0xEE579000 \SystemRoot\system32\dla\tfsnudfa.sys 0xEE5C0000 \SystemRoot\System32\DRIVERS\ndisuio.sys 0xEE31D000 \SystemRoot\System32\DRIVERS\mrxdav.sys 0xEE240000 \SystemRoot\system32\drivers\wdmaud.sys 0xEE3E9000 \SystemRoot\system32\drivers\sysaudio.sys 0xF7BA5000 \SystemRoot\System32\Drivers\ParVdm.SYS 0xF7BB3000 \SystemRoot\System32\Drivers\ASCTRM.SYS 0xEE2D5000 \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys 0xF7BB5000 \SystemRoot\system32\DRIVERS\dsunidrv.sys 0xEDFD9000 \SystemRoot\System32\DRIVERS\srv.sys 0xED6ED000 \SystemRoot\system32\drivers\mfeapfk.sys 0xED61B000 \SystemRoot\System32\Drivers\HTTP.sys 0xED423000 \SystemRoot\system32\drivers\cfwids.sys 0xED94E000 \SystemRoot\system32\drivers\mfebopk.sys 0xECC71000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xF7967000 \??\C:\DOCUME~1\KEITHK~1\LOCALS~1\Temp\mbr.sys 0xED0BC000 \??\C:\DOCUME~1\KEITHK~1\LOCALS~1\Temp\aswMBR.sys 0xEC58B000 \SystemRoot\system32\drivers\kmixer.sys 0x7C900000 \WINDOWS\SYSTEM32\ntdll.dllProcesses (total 48): 0 System Idle Process 4 System 924 C:\WINDOWS\SYSTEM32\smss.exe 1024 csrss.exe 1048 C:\WINDOWS\SYSTEM32\winlogon.exe 1092 C:\WINDOWS\SYSTEM32\services.exe 1104 C:\WINDOWS\SYSTEM32\lsass.exe 1276 C:\WINDOWS\SYSTEM32\svchost.exe 1360 svchost.exe 1468 C:\WINDOWS\SYSTEM32\svchost.exe 1508 C:\WINDOWS\SYSTEM32\svchost.exe 1616 svchost.exe 1756 svchost.exe 1904 C:\WINDOWS\SYSTEM32\spoolsv.exe 2020 svchost.exe 408 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 516 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 564 C:\WINDOWS\SYSTEM32\mfevtps.exe 1856 C:\WINDOWS\SYSTEM32\searchindexer.exe 296 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 664 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe 2084 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe 4024 alg.exe 2528 C:\Program Files\iPod\bin\iPodService.exe 2756 mcupdmgr.exe 2124 C:\PROGRA~1\McAfee.com\Agent\mcagent.exe 1436 C:\WINDOWS\explorer.exe 1732 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe 3228 C:\Program Files\Dell\Media Experience\PCMService.exe 2472 C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe 2872 C:\WINDOWS\SYSTEM32\hkcmd.exe 2532 C:\WINDOWS\SYSTEM32\igfxpers.exe 784 C:\Program Files\SiteAdvisor\6253\SiteAdv.exe 3392 C:\Program Files\iTunes\iTunesHelper.exe 1008 C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe 2560 C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe 1460 C:\WINDOWS\SYSTEM32\ctfmon.exe 3780 C:\Documents and Settings\Keith Krome\Local Settings\Application Data\Akamai\netsession_win.exe 248 C:\Documents and Settings\Keith Krome\Local Settings\Application Data\Akamai\netsession_win.exe 644 C:\r13\win\acad.exe 2604 C:\r13\win\acadapp.exe 3612 C:\Program Files\Internet Explorer\iexplore.exe 3200 C:\Program Files\Internet Explorer\iexplore.exe 548 C:\Program Files\Yahoo!\Companion\Installs\cpn3\ytbb.exe 3188 C:\Program Files\Internet Explorer\iexplore.exe 892 C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe 4076 C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe 2832 C:\Documents and Settings\Keith Krome\Local Settings\Temporary Internet Files\Content.IE5\85T1WHXY\MBRCheck[1].exe\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)PhysicalDrive0 Model Number: ST380011A, Rev: 8.16 Size Device Name MBR Status -------------------------------------------- 74 GB \\.\PhysicalDrive0 Dell MBR code detected SHA1: 84B95CE8A54B7C5C3AAF149934FC46FB70FF8365Done! Link to post Share on other sites More sharing options...
Maniac Posted May 22, 2012 ID:553721 Share Posted May 22, 2012 That's good. Your MBR is legitimate.Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review. Link to post Share on other sites More sharing options...
krome Posted May 22, 2012 Author ID:553755 Share Posted May 22, 2012 This may take a while so i'll leave it running while im gone. Hopefully it should be done by tomorrow. thanks Link to post Share on other sites More sharing options...
Maniac Posted May 22, 2012 ID:553761 Share Posted May 22, 2012 Take your time! Link to post Share on other sites More sharing options...
krome Posted May 23, 2012 Author ID:554043 Share Posted May 23, 2012 Ok so i did the scan overnight but when I came back to work today my computer had been restarted. When i logged in I received a msg that my computer recovered from a serious error. My virus protection and firewalls etc were all turned off so I dont know what happened there. I also can't find a log for combofix. Im not sure whether the scan finished or not. What do you think i should do? Link to post Share on other sites More sharing options...
krome Posted May 23, 2012 Author ID:554093 Share Posted May 23, 2012 Ok so I decided to run the scan again after seeing another forum with the same combofix issue I had. I ran it again and got the log...ComboFix 12-05-22.02 - Keith Krome 05/23/2012 14:40:02.2.1 - x86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.517 [GMT -5:00]Running from: c:\documents and settings\Keith Krome\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Keith Krome\Desktop\CFScript.txtAV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\A$C235.tmpC:\A$C242.tmpC:\A$CF0.tmpc:\documents and settings\All Users\Application Data\microsoft\media index\wmplibrary_v_0_12.lrdc:\documents and settings\Keith Krome\My Documents\~WRL0001.tmpc:\documents and settings\Keith Krome\My Documents\~WRL0002.tmpc:\documents and settings\Keith Krome\My Documents\~WRL0004.tmpc:\documents and settings\Keith Krome\My Documents\~WRL0587.tmpc:\documents and settings\Keith Krome\My Documents\~WRL1136.tmpc:\documents and settings\Keith Krome\My Documents\~WRL2591.tmpc:\documents and settings\Keith Krome\Systemc:\documents and settings\Keith Krome\System\win_qs8.jqxc:\documents and settings\Keith Krome\WINDOWSc:\program files\SetupDWGTrueView2011_32bit.exe..((((((((((((((((((((((((( Files Created from 2012-04-23 to 2012-05-23 )))))))))))))))))))))))))))))))..2012-05-10 20:05 . 2012-05-10 20:06 -------- d-----w- c:\program files\CCleaner2012-05-09 20:02 . 2012-05-09 20:02 -------- d-----w- c:\documents and settings\Keith Krome\Application Data\Malwarebytes2012-05-09 20:02 . 2012-05-09 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2012-05-09 20:02 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-05-09 20:02 . 2012-05-09 20:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-04-30 21:36 . 2012-04-30 21:36 -------- d-----w- C:\visi2012-04-30 21:36 . 2012-04-30 21:36 -------- d-----w- C:\skins2012-04-30 21:36 . 2012-04-30 21:36 -------- d-----w- C:\w2012-04-25 21:39 . 2012-04-30 21:37 -------- d-----w- C:\e2012-04-25 21:39 . 2012-04-25 21:39 -------- d-----w- C:\Data...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-05-05 02:04 . 2012-03-30 17:35 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-05-05 02:04 . 2011-06-08 15:49 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-03-20 18:11 . 2011-07-11 16:54 151880 ----a-w- c:\windows\system32\mfevtps.exe2012-02-24 21:08 . 2012-02-24 20:59 1144011680 ----a-w- C:\AutoCAD_2012_English_Win_32bit.exe2010-08-18 20:30 . 2010-08-18 20:30 9442584 ----a-w- c:\program files\VueMinder_Lite_Setup_7.2.1.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn3\yt.dll" [2012-01-12 1517368].[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}][HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1][HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}][HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Akamai NetSession Interface"="c:\documents and settings\Keith Krome\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-08 3331872].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]"SiteAdvisor"="c:\program files\SiteAdvisor\6253\SiteAdv.exe" [2007-03-30 36904]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-10 270648]"SolidWorks_CheckForUpdates"="c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2008-10-18 6862120]"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128].c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2007-06-29 11:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]2004-09-22 18:20 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]2004-06-04 04:05 32881 ----a-w- c:\program files\Java\j2re1.4.2_05\bin\jusched.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]2003-08-19 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"="c:\\Documents and Settings\\Keith Krome\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"135:TCP"= 135:TCP:More File Sharing"3020:TCP"= 3020:TCP:Akamai NetSession Interface"5000:UDP"= 5000:UDP:Akamai NetSession Interface.R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [5/3/2010 4:40 PM 89792]R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [5/3/2010 4:40 PM 214904]R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [5/3/2010 4:40 PM 214904]R3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [5/3/2010 4:40 PM 57600]R3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [5/3/2010 4:40 PM 340920]R3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [5/3/2010 4:40 PM 83856]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe [3/30/2012 12:35 PM 257696]S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [5/3/2010 4:40 PM 83856]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [5/3/2010 4:40 PM 87656].--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL*Deregistered* - mfeavfk01.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]2009-03-08 09:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll.Contents of the 'Scheduled Tasks' folder.2012-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 02:04].2012-05-19 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]..------- Supplementary Scan -------.uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8uInternet Settings,ProxyOverride = <local>uSearchAssistant =Trusted Zone: internetTrusted Zone: mcafee.comTrusted Zone: samsungsetup.com\wwwTCP: Interfaces\{53E050C9-0FCD-4EB4-A6AF-D9847E7F0364}: NameServer = 192.168.0.1..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-05-23 15:04Windows 5.1.2600 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-1311766860-1594948574-118835363-1007\Software\Microsoft\SystemCertificates\AddressBook*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode).Completion time: 2012-05-23 15:11:31ComboFix-quarantined-files.txt 2012-05-23 20:11.Pre-Run: 39,359,815,680 bytes freePost-Run: 40,060,129,280 bytes free.- - End Of File - - 34B256739058C009CC9DDE78CB4495F6See anything? Link to post Share on other sites More sharing options...
Maniac Posted May 24, 2012 ID:554265 Share Posted May 24, 2012 Still nothing serious. Do you know anything about these folders?C:\visiC:\skinsC:\wC:\eC:\Data Link to post Share on other sites More sharing options...
krome Posted May 24, 2012 Author ID:554383 Share Posted May 24, 2012 Not a clue. Are those the files that were infected? If so then I want to uninstall combofix, and I know it will get rid of the infected files too so if those files are useless then I can uninstall. Can I turn on my mcafee anti-virus now or should I wait until I uninstall it? Link to post Share on other sites More sharing options...
Maniac Posted May 25, 2012 ID:554576 Share Posted May 25, 2012 We are not ready. These things need to be checked. If you don't know about them:1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it:DirLook::C:\visiC:\skinsC:\wC:\eC:\DataSave this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Link to post Share on other sites More sharing options...
krome Posted May 25, 2012 Author ID:554716 Share Posted May 25, 2012 Here it is...ComboFix 12-05-25.03 - Keith Krome 05/25/2012 12:23:27.3.1 - x86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.507 [GMT -5:00]Running from: c:\documents and settings\Keith Krome\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Keith Krome\Desktop\CFscript.txtAV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} * Created a new restore point..((((((((((((((((((((((((( Files Created from 2012-04-25 to 2012-05-25 )))))))))))))))))))))))))))))))..2012-05-10 20:05 . 2012-05-10 20:06 -------- d-----w- c:\program files\CCleaner2012-05-09 20:02 . 2012-05-09 20:02 -------- d-----w- c:\documents and settings\Keith Krome\Application Data\Malwarebytes2012-05-09 20:02 . 2012-05-09 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2012-05-09 20:02 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-05-09 20:02 . 2012-05-09 20:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-04-30 21:36 . 2012-04-30 21:36 -------- d-----w- C:\visi2012-04-30 21:36 . 2012-04-30 21:36 -------- d-----w- C:\skins2012-04-30 21:36 . 2012-04-30 21:36 -------- d-----w- C:\w2012-04-25 21:39 . 2012-04-30 21:37 -------- d-----w- C:\e2012-04-25 21:39 . 2012-04-25 21:39 -------- d-----w- C:\Data...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-05-05 02:04 . 2012-03-30 17:35 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-05-05 02:04 . 2011-06-08 15:49 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-03-20 18:11 . 2011-07-11 16:54 151880 ----a-w- c:\windows\system32\mfevtps.exe2010-08-18 20:30 . 2010-08-18 20:30 9442584 ----a-w- c:\program files\VueMinder_Lite_Setup_7.2.1.exe..(((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))).---- Directory of C:\Data ----.2012-04-30 21:36 . 2012-04-30 21:36 40892 ----a-w- c:\data\default\feed4.data2012-04-30 21:36 . 2012-04-30 21:36 32989 ----a-w- c:\data\default\us_yb_c.data2012-04-25 21:39 . 2012-04-30 21:35 1573 ----a-w- c:\data\default\us_sres.data.---- Directory of C:\e ----.2012-04-30 21:37 . 2012-04-30 21:37 778 ----a-w- c:\e\tb_face_s.png2012-04-30 21:36 . 2012-04-30 21:36 193 ----a-w- c:\e\sbx.png2012-04-30 21:36 . 2012-04-30 21:36 209 ----a-w- c:\e\sbx_h.png2012-04-30 21:36 . 2012-04-30 21:36 631 ----a-w- c:\e\tb_travel.png2012-04-30 21:36 . 2012-04-30 21:36 925 ----a-w- c:\e\tb_personals.png2012-04-30 21:36 . 2012-04-30 21:36 502 ----a-w- c:\e\tb_news2.png2012-04-30 21:36 . 2012-04-30 21:36 575 ----a-w- c:\e\tb_games2.png2012-04-30 21:36 . 2012-04-30 21:36 790 ----a-w- c:\e\tb_answ_sq.png2012-04-30 21:36 . 2012-04-30 21:36 747 ----a-w- c:\e\tb_sports.png2012-04-30 21:36 . 2012-04-30 21:36 772 ----a-w- c:\e\tbmy22_1.png2012-04-30 21:36 . 2012-04-30 21:36 534 ----a-w- c:\e\tb_shop_std.png2012-04-30 21:36 . 2012-04-30 21:36 1155 ----a-w- c:\e\tb_fac_burst3.png2012-04-30 21:36 . 2012-04-30 21:36 2051 ----a-w- c:\e\ybang_pp.png2012-04-25 21:39 . 2012-04-25 21:39 163 ----a-w- c:\e\ecap_s0.png2012-04-25 21:39 . 2012-04-25 21:39 161 ----a-w- c:\e\add_grp.png2012-04-25 21:39 . 2012-04-25 21:39 139 ----a-w- c:\e\ecap_s1_h.png2012-04-25 21:39 . 2012-04-25 21:39 168 ----a-w- c:\e\ecap_s1.png2012-04-25 21:39 . 2012-04-25 21:39 140 ----a-w- c:\e\ecap_s0_h.png2012-04-25 21:39 . 2012-04-25 21:39 194 ----a-w- c:\e\add_grp_h.png2012-04-25 21:39 . 2012-04-25 21:39 425 ----a-w- c:\e\ybang_200908276_h.png2012-04-25 21:39 . 2012-04-25 21:39 768 ----a-w- c:\e\ebay27_spc.png.---- Directory of C:\skins ----.2012-04-30 21:36 . 2012-04-30 21:36 374 ----a-w- c:\skins\noskin_vtoggle_h.png2012-04-30 21:36 . 2012-04-30 21:36 314 ----a-w- c:\skins\noskin_vtoggle.png.---- Directory of C:\visi ----.2012-04-30 21:36 . 2012-04-30 21:36 1073 ----a-w- c:\visi\tb_coupon_s1.png.---- Directory of C:\w ----.2012-04-30 21:36 . 2012-04-30 21:36 1225 ----a-w- c:\w\wea_01_spc_s11.png..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn3\yt.dll" [2012-01-12 1517368].[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}][HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1][HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}][HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Akamai NetSession Interface"="c:\documents and settings\Keith Krome\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-08 3331872].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]"SiteAdvisor"="c:\program files\SiteAdvisor\6253\SiteAdv.exe" [2007-03-30 36904]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-10 270648]"SolidWorks_CheckForUpdates"="c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2008-10-18 6862120]"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128].c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2007-06-29 11:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]2004-09-22 18:20 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]2004-06-04 04:05 32881 ----a-w- c:\program files\Java\j2re1.4.2_05\bin\jusched.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]2003-08-19 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"="c:\\Documents and Settings\\Keith Krome\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"135:TCP"= 135:TCP:More File Sharing"4435:TCP"= 4435:TCP:Akamai NetSession Interface"5000:UDP"= 5000:UDP:Akamai NetSession Interface.R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [5/3/2010 4:40 PM 89792]R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [5/3/2010 4:40 PM 214904]R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [5/3/2010 4:40 PM 214904]R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [7/11/2011 11:55 AM 161632]R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\SYSTEM32\mfevtps.exe [7/11/2011 11:54 AM 151880]R3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [5/3/2010 4:40 PM 57600]R3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [5/3/2010 4:40 PM 340920]R3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [5/3/2010 4:40 PM 83856]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe [3/30/2012 12:35 PM 257696]S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [5/3/2010 4:40 PM 83856]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [5/3/2010 4:40 PM 87656]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504].--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL*Deregistered* - mfeavfk01.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]2009-03-08 09:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll.Contents of the 'Scheduled Tasks' folder.2012-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 02:04].2012-05-19 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]..------- Supplementary Scan -------.uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8uInternet Settings,ProxyOverride = <local>uSearchAssistant =Trusted Zone: internetTrusted Zone: mcafee.comTrusted Zone: samsungsetup.com\wwwTCP: Interfaces\{53E050C9-0FCD-4EB4-A6AF-D9847E7F0364}: NameServer = 192.168.0.1..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-05-25 12:44Windows 5.1.2600 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-1311766860-1594948574-118835363-1007\Software\Microsoft\SystemCertificates\AddressBook*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode).--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'explorer.exe'(4092)c:\windows\system32\WININET.dllc:\program files\SiteAdvisor\6253\saHook.dllc:\windows\system32\AcSignIcon.dllc:\progra~1\WINDOW~2\wmpband.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dllc:\windows\system32\msi.dll.Completion time: 2012-05-25 12:50:50ComboFix-quarantined-files.txt 2012-05-25 17:50ComboFix2.txt 2012-05-23 20:11.Pre-Run: 40,327,987,200 bytes freePost-Run: 40,670,175,232 bytes free.- - End Of File - - C7AD94BDE9A394CBECF70800D6A5AF07 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 25, 2012 Root Admin ID:554718 Share Posted May 25, 2012 Topic closed as user is being assisted in another topic now.http://forums.malwarebytes.org/index.php?showtopic=110298 Link to post Share on other sites More sharing options...
Recommended Posts