Jump to content

partner37.domainadvisor


Recommended Posts

Hi there :)

I too have been infected with the dreaded partner37. Here is my hijack this log-- please advise where to go from here.

Thanks!

Nycole

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:16:01 PM, on 7/7/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\lxdncoms.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\WINDOWS\system32\mfevtps.exe

C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Atheros\ACU.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe

C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Nycole\Application Data\Spotify\Data\SpotifyWebHelper.exe

C:\Documents and Settings\Nycole\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe

C:\Documents and Settings\Nycole\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Nycole\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Nycole\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Nycole\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Documents and Settings\Nycole\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Nycole\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Nycole\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Updater For Spam Free Search Bar - {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files\blekkotb\auxi\blekkoAu.dll

O2 - BHO: Spam Free Search Bar - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files\blekkotb\blekkoDx.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll (file missing)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120625021239.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Spam Free Search Bar - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files\blekkotb\blekkoDx.dll

O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"

O4 - HKLM\..\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nycole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe

O4 - HKCU\..\Run: [spotify Web Helper] "C:\Documents and Settings\Nycole\Application Data\Spotify\Data\SpotifyWebHelper.exe"

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: OneNote Table Of Contents.onetoc2

O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe

O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 11763 bytes

Link to post
Share on other sites

Just realized I didn't completely follow instructions, here are my DDS logs. Sorry about that!

Nycole

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_33

Run by Nycole at 0:28:00 on 2012-07-08

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.318 [GMT -7:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\lxdncoms.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\WINDOWS\system32\mfevtps.exe

C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Atheros\ACU.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe

C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Nycole\Application Data\Spotify\Data\SpotifyWebHelper.exe

C:\Documents and Settings\Nycole\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe

C:\Program Files\Cox\Secure Online Backup for Windows\Scheduler\OnlineBackup.SchedulerService.exe

C:\Program Files\Cox\Secure Online Backup for Windows\Auto Update\OnlineBackup.UpdateSystemTray.exe

C:\Program Files\Cox\Secure Online Backup for Windows\vewatch.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Cox\Secure Online Backup for Windows\SyncNShare\OnlineBackup.SyncNShare.exe

C:\Program Files\Cox\Secure Online Backup for Windows\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Documents and Settings\Nycole\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Nycole\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Nycole\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Nycole\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Nycole\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Nycole\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - c:\program files\blekkotb\auxi\blekkoAu.dll

BHO: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - c:\program files\blekkotb\blekkoDx.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120625021239.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - c:\program files\blekkotb\blekkoDx.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\nycole\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [Active Desktop Calendar] c:\program files\xemicomputers\active desktop calendar\ADC.exe

uRun: [spotify Web Helper] "c:\documents and settings\nycole\application data\spotify\data\SpotifyWebHelper.exe"

mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"

mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Online Backup Auto Update] "c:\program files\cox\secure online backup for windows\auto update\OnlineBackup.UpdateSystemTray.exe"

mRun: [Vault Explorer Cache Watcher] c:\program files\cox\secure online backup for windows\vewatch.exe

StartupFolder: c:\docume~1\nycole\startm~1\programs\startup\coxsec~1.lnk - c:\program files\cox\secure online backup for windows\syncnshare\OnlineBackup.SyncNShare.exe

StartupFolder: c:\docume~1\nycole\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\documents and settings\nycole\start menu\programs\startup\OneNote Table Of Contents.onetoc2

StartupFolder: c:\docume~1\nycole\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{2D55110B-02A2-44AF-B7D3-DDEDCAB6B8DE} : DhcpNameServer = 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\nycole\application data\mozilla\firefox\profiles\y3id6z6h.default\

FF - prefs.js: browser.search.selectedEngine - Blekko

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?_bc=1

FF - prefs.js: keyword.URL - hxxp://blekko.com/?source=c3348dd4&tbp=url&toolbarid=blekkotb&u=___userid___&q=

FF - plugin: c:\documents and settings\nycole\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\documents and settings\nycole\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll

FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.7\npapicomadapter.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org

FF - Ext: Oberon GamesBar: gamesbar@oberon-media.com - %profile%\extensions\gamesbar@oberon-media.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Glue: {D2A6A719-7CBC-4594-85FD-C36AD881424F} - %profile%\extensions\{D2A6A719-7CBC-4594-85FD-C36AD881424F}

FF - Ext: Scribblies Brite: {F587B2D4-7C09-4a23-AC4A-8D6E3CE8C7DA} - %profile%\extensions\{F587B2D4-7C09-4a23-AC4A-8D6E3CE8C7DA}

FF - Ext: Spam Free Search Bar: {00f12770-e60e-4dc6-9105-425bface7c73} - %profile%\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\mcafee\SiteAdvisor

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 464304]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-12-21 89792]

R2 FilesystemWatcher;Filesystem Watcher;c:\program files\cox\secure online backup for windows\filesystem watcher\DigiData.FilesystemWatcher.Service.Watcher.exe [2012-5-2 24576]

R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-12-21 214904]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-12-21 214904]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-12-21 214904]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-12-21 214904]

R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-12-21 166288]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-12-21 161632]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-12-20 151880]

R2 OnlineBackupSchedulerService;Online Backup Scheduler;c:\program files\cox\secure online backup for windows\scheduler\OnlineBackup.SchedulerService.exe [2012-5-2 24576]

R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-9-15 88576]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-12-21 57600]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-12-21 180848]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-12-21 340920]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-12-21 83856]

R3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2010-1-10 79232]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2010-1-10 98984]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-6 250056]

S3 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2011-5-16 401920]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-1-29 1684736]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011-9-8 24576]

S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-12-21 59456]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-12-21 83856]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-12-21 87656]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-5-20 121192]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-5-20 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-5-20 136680]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-07-07 21:45:36 -------- d--h--w- c:\windows\PIF

2012-07-07 21:40:00 -------- d-----w- c:\documents and settings\nycole\application data\DigiData

2012-07-07 21:39:30 -------- d-----w- c:\program files\Cox

2012-07-07 21:39:30 -------- d-----w- c:\documents and settings\all users\application data\DigiData

2012-07-07 21:15:31 388096 ----a-r- c:\documents and settings\nycole\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2012-07-07 21:15:30 -------- d-----w- c:\program files\Trend Micro

2012-06-25 09:12:39 29312 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll

2012-06-23 04:07:10 9815752 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-06-13 07:09:14 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-06-10 20:32:07 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-06-10 20:32:06 476936 ----a-w- c:\windows\system32\npdeployJava1.dll

.

==================== Find3M ====================

.

2012-07-02 03:40:27 230808 ----a-r- c:\windows\system32\cpnprt2.cid

2012-06-23 04:07:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-23 04:07:14 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 22:18:58 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-20 07:51:16 821824 ----a-w- c:\windows\system32\dgderapi.dll

2012-05-20 07:51:16 319456 ----a-w- c:\windows\system32\DIFxAPI.dll

2012-05-20 07:51:15 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys

2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys

2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec

2012-05-09 19:21:36 472840 ----a-w- c:\windows\system32\deployJava1.dll

2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-19 03:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-04-19 03:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-10-16 06:22:49 475 ----a-w- c:\program files\1015201023224882.bat

.

============= FINISH: 0:29:16.43 ===============

attach.txt

Link to post
Share on other sites

Hello Nycole and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please uninstall Spam Free Search Bar

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • aswMBR log

Link to post
Share on other sites

Thanks for your help!

Toolbar has been removed. I'm usually really careful about toolbars too (I don't use them because they drive me nuts).

MBAM didn't find anything.

Here's the log from aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-08 13:26:22

-----------------------------

13:26:22.794 OS Version: Windows 5.1.2600 Service Pack 3

13:26:22.794 Number of processors: 2 586 0xE0C

13:26:22.794 ComputerName: SCULLY UserName: Nycole

13:26:23.669 Initialize success

13:28:09.591 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

13:28:09.591 Disk 0 Vendor: FUJITSU_MHW2120BH 00000012 Size: 114473MB BusType: 3

13:28:09.966 Disk 0 MBR read successfully

13:28:09.966 Disk 0 MBR scan

13:28:09.966 Disk 0 Windows XP default MBR code

13:28:10.028 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114463 MB offset 63

13:28:10.357 Disk 0 scanning sectors +234420480

13:28:11.044 Disk 0 scanning C:\WINDOWS\system32\drivers

13:28:28.669 Service scanning

13:28:40.122 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32

13:28:43.513 Modules scanning

13:29:02.122 Disk 0 trace - called modules:

13:29:02.153 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spcc.sys >>UNKNOWN [0x86f89938]<<

13:29:02.153 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fccab8]

13:29:02.169 3 CLASSPNP.SYS[f75acfd7] -> nt!IofCallDriver -> \Device\00000081[0x86e8e268]

13:29:02.169 5 ACPI.sys[f73f8620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86e6bd98]

13:29:02.169 Scan finished successfully

13:29:40.513 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Nycole\Desktop\MBR.dat"

13:29:40.513 The log file has been saved successfully to "C:\Documents and Settings\Nycole\Desktop\aswMBR.txt"

Link to post
Share on other sites

Oops-- forgot the MBAM log. Here it is.

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.08.06

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Nycole :: SCULLY [administrator]

7/8/2012 1:01:34 PM

mbam-log-2012-07-08 (13-01-34).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 246865

Time elapsed: 22 minute(s), 15 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Good! :)

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Here ya go :)

ComboFix 12-07-08.01 - Nycole 07/08/2012 17:34:50.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.566 [GMT -7:00]

Running from: c:\documents and settings\Nycole\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\SPL116.tmp

c:\documents and settings\All Users\SPL219.tmp

c:\documents and settings\All Users\SPLD58.tmp

c:\documents and settings\Nycole\temp_%1%2

C:\install.exe

c:\windows\system32\SETBFF.tmp

c:\windows\system32\SETC03.tmp

c:\windows\system32\SETC04.tmp

c:\windows\system32\SETC0B.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))

.

.

2012-07-08 20:01 . 2012-07-08 20:01 -------- d-----w- c:\documents and settings\Nycole\Local Settings\Application Data\blekkotb

2012-07-07 21:45 . 2012-07-07 21:45 -------- d--h--w- c:\windows\PIF

2012-07-07 21:40 . 2012-07-07 21:40 -------- d-----w- c:\documents and settings\Nycole\Application Data\DigiData

2012-07-07 21:39 . 2012-07-07 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\DigiData

2012-07-07 21:39 . 2012-07-07 21:39 -------- d-----w- c:\program files\Cox

2012-07-07 21:15 . 2012-07-07 21:15 388096 ----a-r- c:\documents and settings\Nycole\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-07 21:15 . 2012-07-07 21:15 -------- d-----w- c:\program files\Trend Micro

2012-07-04 04:37 . 2012-07-04 04:37 -------- d-----w- c:\documents and settings\Administrator

2012-06-25 09:12 . 2012-05-26 00:09 29312 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll

2012-06-23 04:07 . 2012-06-23 04:07 9815752 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-06-13 07:09 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-06-10 23:36 . 2012-06-10 23:36 -------- d-----w- c:\program files\Common Files\Java

2012-06-10 20:32 . 2012-05-09 17:47 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-06-10 20:32 . 2012-05-09 19:21 476936 ----a-w- c:\windows\system32\npdeployJava1.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-02 03:40 . 2010-07-05 21:02 230808 ----a-r- c:\windows\system32\cpnprt2.cid

2012-06-23 04:07 . 2012-04-06 14:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-23 04:07 . 2011-05-21 18:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-02 22:19 . 2009-08-07 01:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 22:19 . 2010-01-09 07:43 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 22:19 . 2010-01-09 07:43 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 22:19 . 2010-01-09 07:43 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 22:19 . 2009-08-07 01:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 22:19 . 2010-01-09 07:43 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2010-01-09 07:43 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2009-08-07 01:24 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2009-08-07 01:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 22:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 22:19 . 2009-08-07 01:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 22:19 . 2010-01-09 07:43 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2010-01-09 07:43 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:18 . 2010-01-27 18:08 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 22:18 . 2010-01-27 18:08 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 22:18 . 2010-01-27 18:08 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-20 07:51 . 2012-05-20 07:55 821824 ----a-w- c:\windows\system32\dgderapi.dll

2012-05-20 07:51 . 2010-01-09 08:00 319456 ----a-w- c:\windows\system32\DIFxAPI.dll

2012-05-20 07:51 . 2012-05-20 07:55 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys

2012-05-16 15:08 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 13:20 . 2006-02-28 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys

2012-05-11 14:42 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec

2012-05-09 19:21 . 2010-04-20 23:21 472840 ----a-w- c:\windows\system32\deployJava1.dll

2012-05-04 13:16 . 2006-02-28 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46 . 2010-01-09 07:40 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-19 03:56 . 2012-04-19 03:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-04-19 03:56 . 2012-04-19 03:56 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-10-16 06:22 . 2010-10-16 06:22 475 ----a-w- c:\program files\1015201023224882.bat

2011-04-14 21:01 . 2010-12-21 08:10 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"="c:\documents and settings\Nycole\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2012-05-15 932528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ACU"="c:\program files\Atheros\ACU.exe" [2006-08-10 344187]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-24 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-24 131072]

"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 89541]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]

"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2009-05-20 660136]

"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2009-05-20 16040]

"RTHDCPL"="RTHDCPL.EXE" [2009-11-18 18789408]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]

"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Online Backup Auto Update"="c:\program files\Cox\Secure Online Backup for Windows\Auto Update\OnlineBackup.UpdateSystemTray.exe" [2012-05-03 233472]

"Vault Explorer Cache Watcher"="c:\program files\Cox\Secure Online Backup for Windows\vewatch.exe" [2012-02-08 28672]

.

c:\documents and settings\Nycole\Start Menu\Programs\Startup\

Cox Secure Online Backup for Windows.lnk - c:\program files\Cox\Secure Online Backup for Windows\SyncNShare\OnlineBackup.SyncNShare.exe [2012-5-2 273232]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

OneNote Table Of Contents.onetoc2 [2010-2-15 3656]

Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-1-16 113664]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Belkin\\Network USB Hub Control Center\\Connect.exe"=

"c:\\WINDOWS\\system32\\lxdncoms.exe"=

"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=

"c:\\Program Files\\Adobe\\Photoshop 7.0\\Photoshop.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Documents and Settings\\Nycole\\Application Data\\Spotify\\spotify.exe"=

"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Cox\\Secure Online Backup for Windows\\SyncNShare\\OnlineBackup.SyncNShare.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"19540:UDP"= 19540:UDP:SXUPTP

"58896:TCP"= 58896:TCP:Pando Media Booster

"58896:UDP"= 58896:UDP:Pando Media Booster

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/6/2010 6:23 PM 691696]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [12/21/2010 1:10 AM 89792]

R2 FilesystemWatcher;Filesystem Watcher;c:\program files\Cox\Secure Online Backup for Windows\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe [5/2/2012 2:24 PM 24576]

R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/21/2010 1:09 AM 214904]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/21/2010 1:09 AM 214904]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/21/2010 1:09 AM 214904]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [12/21/2010 1:10 AM 161632]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [12/20/2010 11:42 PM 151880]

R2 OnlineBackupSchedulerService;Online Backup Scheduler;c:\program files\Cox\Secure Online Backup for Windows\Scheduler\OnlineBackup.SchedulerService.exe [5/2/2012 5:10 PM 24576]

R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [9/15/2011 1:06 PM 88576]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [12/21/2010 1:10 AM 57600]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [12/21/2010 1:10 AM 340920]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/21/2010 1:10 AM 83856]

R3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [1/10/2010 12:05 PM 79232]

S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [1/10/2010 12:21 PM 98984]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/6/2012 7:27 AM 250056]

S3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [5/16/2011 2:41 AM 401920]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/29/2010 4:45 PM 1684736]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [9/8/2011 7:48 PM 24576]

S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 6:01 PM 21248]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/21/2010 1:10 AM 83856]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [12/21/2010 1:10 AM 87656]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [5/20/2012 12:54 AM 121192]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [5/20/2012 12:54 AM 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [5/20/2012 12:54 AM 136680]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 04:07]

.

2012-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 01:57]

.

2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1284227242-682003330-1004Core.job

- c:\documents and settings\Nycole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-24 04:42]

.

2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1284227242-682003330-1004UA.job

- c:\documents and settings\Nycole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-24 04:42]

.

2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1284227242-682003330-1006Core.job

- c:\documents and settings\DJ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-16 12:12]

.

2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1284227242-682003330-1006UA.job

- c:\documents and settings\DJ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-16 12:12]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\Nycole\Application Data\Mozilla\Firefox\Profiles\y3id6z6h.default\

FF - prefs.js: browser.search.selectedEngine - Blekko

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?_bc=1

FF - prefs.js: keyword.URL - hxxp://blekko.com/?source=c3348dd4&tbp=url&toolbarid=blekkotb&u=___userid___&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org

FF - Ext: Oberon GamesBar: gamesbar@oberon-media.com - %profile%\extensions\gamesbar@oberon-media.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Glue: {D2A6A719-7CBC-4594-85FD-C36AD881424F} - %profile%\extensions\{D2A6A719-7CBC-4594-85FD-C36AD881424F}

FF - Ext: Scribblies Brite: {F587B2D4-7C09-4a23-AC4A-8D6E3CE8C7DA} - %profile%\extensions\{F587B2D4-7C09-4a23-AC4A-8D6E3CE8C7DA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\McAfee\SiteAdvisor

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-Active Desktop Calendar - c:\program files\XemiComputers\Active Desktop Calendar\ADC.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-08 17:46

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2012-07-08 17:50:11

ComboFix-quarantined-files.txt 2012-07-09 00:49

.

Pre-Run: 82,667,630,592 bytes free

Post-Run: 84,221,456,384 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 79127DF7C7C696C265CE8ED66BD7A54D

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\documents and settings\Nycole\Local Settings\Application Data\blekkotb

FireFox::
FF - ProfilePath - c:\documents and settings\Nycole\Application Data\Mozilla\Firefox\Profiles\y3id6z6h.default\
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - prefs.js: keyword.URL - hxxp://blekko.com/?source=c3348dd4&tbp=url&toolbarid=blekkotb&u=___userid___&q=
FF - Ext: Oberon GamesBar: gamesbar@oberon-media.com - %profile%\extensions\gamesbar@oberon-media.com

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

I don't use FF anymore (I use Chrome)-- should I uninstall it?

Here's the log :)

ComboFix 12-07-08.02 - Nycole 07/09/2012 13:01:04.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.623 [GMT -7:00]

Running from: c:\documents and settings\Nycole\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Nycole\Desktop\CFScript.txt

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Nycole\Application Data\Mozilla\Firefox\Profiles\y3id6z6h.default\extensions\gamesbar@oberon-media.com

c:\documents and settings\Nycole\Application Data\Mozilla\Firefox\Profiles\y3id6z6h.default\extensions\gamesbar@oberon-media.com\chrome.manifest

c:\documents and settings\Nycole\Application Data\Mozilla\Firefox\Profiles\y3id6z6h.default\extensions\gamesbar@oberon-media.com\chrome\chrome.jar

c:\documents and settings\Nycole\Application Data\Mozilla\Firefox\Profiles\y3id6z6h.default\extensions\gamesbar@oberon-media.com\components\autocomplite.js

c:\documents and settings\Nycole\Application Data\Mozilla\Firefox\Profiles\y3id6z6h.default\extensions\gamesbar@oberon-media.com\components\logger.js

c:\documents and settings\Nycole\Application Data\Mozilla\Firefox\Profiles\y3id6z6h.default\extensions\gamesbar@oberon-media.com\components\omIGamesBarLogger.xpt

c:\documents and settings\Nycole\Application Data\Mozilla\Firefox\Profiles\y3id6z6h.default\extensions\gamesbar@oberon-media.com\gb.cfg

c:\documents and settings\Nycole\Application Data\Mozilla\Firefox\Profiles\y3id6z6h.default\extensions\gamesbar@oberon-media.com\install.rdf

c:\documents and settings\Nycole\Local Settings\Application Data\blekkotb

c:\documents and settings\Nycole\Local Settings\Application Data\blekkotb\catalog.list

c:\documents and settings\Nycole\Local Settings\Application Data\blekkotb\data\120708200018-f.list

c:\documents and settings\Nycole\Local Settings\Application Data\blekkotb\data\120708202715-l.list

c:\documents and settings\Nycole\Local Settings\Application Data\blekkotb\data\120708202715-m.list

c:\documents and settings\Nycole\Local Settings\Application Data\blekkotb\data\120708204009-l.list

c:\documents and settings\Nycole\Local Settings\Application Data\blekkotb\data\120708204009-m.list

c:\documents and settings\Nycole\Local Settings\Application Data\blekkotb\data\120708205719-l.list

c:\documents and settings\Nycole\Local Settings\Application Data\blekkotb\data\120708205719-m.list

c:\documents and settings\Nycole\Local Settings\Application Data\blekkotb\data\120708210038-l.list

c:\documents and settings\Nycole\Local Settings\Application Data\blekkotb\data\120708210038-m.list

c:\documents and settings\Nycole\Local Settings\Application Data\blekkotb\data\120708212007-l.list

c:\documents and settings\Nycole\Local Settings\Application Data\blekkotb\data\120708212007-m.list

c:\documents and settings\Nycole\Local Settings\Application Data\blekkotb\data\120708214029-l.list

c:\documents and settings\Nycole\Local Settings\Application Data\blekkotb\data\120708214029-m.list

c:\documents and settings\Nycole\Local Settings\Application Data\blekkotb\data\120708215843-l.list

c:\documents and settings\Nycole\Local Settings\Application Data\blekkotb\data\120708215843-m.list

c:\documents and settings\Nycole\Local Settings\Application Data\blekkotb\data\120708220056-l.list

c:\documents and settings\Nycole\Local Settings\Application Data\blekkotb\data\120708220056-m.list

c:\documents and settings\Nycole\Local Settings\Application Data\blekkotb\data\120708222023-l.list

c:\documents and settings\Nycole\Local Settings\Application Data\blekkotb\data\120708222023-m.list

c:\documents and settings\Nycole\Local Settings\Application Data\blekkotb\data\120708222858-l.list

c:\documents and settings\Nycole\Local Settings\Application Data\blekkotb\data\120708222858-m.list

c:\documents and settings\Nycole\Local Settings\Application Data\blekkotb\data\120708224045-l.list

c:\documents and settings\Nycole\Local Settings\Application Data\blekkotb\data\120708224045-m.list

c:\documents and settings\Nycole\Local Settings\Application Data\blekkotb\data\120708230003-l.list

c:\documents and settings\Nycole\Local Settings\Application Data\blekkotb\data\120708230003-m.list

c:\documents and settings\Nycole\Local Settings\Application Data\blekkotb\data\temp.zip

.

.

((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))

.

.

2012-07-07 21:45 . 2012-07-07 21:45 -------- d--h--w- c:\windows\PIF

2012-07-07 21:40 . 2012-07-07 21:40 -------- d-----w- c:\documents and settings\Nycole\Application Data\DigiData

2012-07-07 21:39 . 2012-07-07 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\DigiData

2012-07-07 21:39 . 2012-07-07 21:39 -------- d-----w- c:\program files\Cox

2012-07-07 21:15 . 2012-07-07 21:15 388096 ----a-r- c:\documents and settings\Nycole\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-07 21:15 . 2012-07-07 21:15 -------- d-----w- c:\program files\Trend Micro

2012-07-04 04:37 . 2012-07-04 04:37 -------- d-----w- c:\documents and settings\Administrator

2012-06-25 09:12 . 2012-05-26 00:09 29312 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll

2012-06-23 04:07 . 2012-06-23 04:07 9815752 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-06-13 07:09 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-06-10 23:36 . 2012-06-10 23:36 -------- d-----w- c:\program files\Common Files\Java

2012-06-10 20:32 . 2012-05-09 17:47 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-06-10 20:32 . 2012-05-09 19:21 476936 ----a-w- c:\windows\system32\npdeployJava1.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-02 03:40 . 2010-07-05 21:02 230808 ----a-r- c:\windows\system32\cpnprt2.cid

2012-06-23 04:07 . 2012-04-06 14:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-23 04:07 . 2011-05-21 18:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-02 22:19 . 2009-08-07 01:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 22:19 . 2010-01-09 07:43 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 22:19 . 2010-01-09 07:43 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 22:19 . 2010-01-09 07:43 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 22:19 . 2009-08-07 01:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 22:19 . 2010-01-09 07:43 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2010-01-09 07:43 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2009-08-07 01:24 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2009-08-07 01:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 22:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 22:19 . 2009-08-07 01:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 22:19 . 2010-01-09 07:43 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2010-01-09 07:43 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:18 . 2010-01-27 18:08 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 22:18 . 2010-01-27 18:08 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 22:18 . 2010-01-27 18:08 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-20 07:51 . 2012-05-20 07:55 821824 ----a-w- c:\windows\system32\dgderapi.dll

2012-05-20 07:51 . 2010-01-09 08:00 319456 ----a-w- c:\windows\system32\DIFxAPI.dll

2012-05-20 07:51 . 2012-05-20 07:55 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys

2012-05-16 15:08 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 13:20 . 2006-02-28 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys

2012-05-11 14:42 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec

2012-05-09 19:21 . 2010-04-20 23:21 472840 ----a-w- c:\windows\system32\deployJava1.dll

2012-05-04 13:16 . 2006-02-28 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46 . 2010-01-09 07:40 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-19 03:56 . 2012-04-19 03:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-04-19 03:56 . 2012-04-19 03:56 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-10-16 06:22 . 2010-10-16 06:22 475 ----a-w- c:\program files\1015201023224882.bat

2011-04-14 21:01 . 2010-12-21 08:10 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-09_00.46.20 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-01-09 07:49 . 2012-07-09 15:21 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2010-01-09 07:49 . 2012-07-08 19:19 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2010-01-09 07:49 . 2012-07-09 15:21 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2010-01-09 07:49 . 2012-07-08 19:19 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2012-07-09 01:23 . 2012-07-09 15:21 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2010-01-09 07:49 . 2012-07-08 19:19 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"="c:\documents and settings\Nycole\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2012-05-15 932528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ACU"="c:\program files\Atheros\ACU.exe" [2006-08-10 344187]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-24 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-24 131072]

"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 89541]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]

"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2009-05-20 660136]

"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2009-05-20 16040]

"RTHDCPL"="RTHDCPL.EXE" [2009-11-18 18789408]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]

"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Online Backup Auto Update"="c:\program files\Cox\Secure Online Backup for Windows\Auto Update\OnlineBackup.UpdateSystemTray.exe" [2012-05-03 233472]

"Vault Explorer Cache Watcher"="c:\program files\Cox\Secure Online Backup for Windows\vewatch.exe" [2012-02-08 28672]

.

c:\documents and settings\Nycole\Start Menu\Programs\Startup\

Cox Secure Online Backup for Windows.lnk - c:\program files\Cox\Secure Online Backup for Windows\SyncNShare\OnlineBackup.SyncNShare.exe [2012-5-2 273232]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

OneNote Table Of Contents.onetoc2 [2010-2-15 3656]

Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-1-16 113664]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Belkin\\Network USB Hub Control Center\\Connect.exe"=

"c:\\WINDOWS\\system32\\lxdncoms.exe"=

"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=

"c:\\Program Files\\Adobe\\Photoshop 7.0\\Photoshop.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Documents and Settings\\Nycole\\Application Data\\Spotify\\spotify.exe"=

"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Cox\\Secure Online Backup for Windows\\SyncNShare\\OnlineBackup.SyncNShare.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"19540:UDP"= 19540:UDP:SXUPTP

"58896:TCP"= 58896:TCP:Pando Media Booster

"58896:UDP"= 58896:UDP:Pando Media Booster

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/6/2010 6:23 PM 691696]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [12/21/2010 1:10 AM 89792]

R2 FilesystemWatcher;Filesystem Watcher;c:\program files\Cox\Secure Online Backup for Windows\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe [5/2/2012 2:24 PM 24576]

R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/21/2010 1:09 AM 214904]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/21/2010 1:09 AM 214904]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/21/2010 1:09 AM 214904]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [12/21/2010 1:10 AM 161632]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [12/20/2010 11:42 PM 151880]

R2 OnlineBackupSchedulerService;Online Backup Scheduler;c:\program files\Cox\Secure Online Backup for Windows\Scheduler\OnlineBackup.SchedulerService.exe [5/2/2012 5:10 PM 24576]

R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [9/15/2011 1:06 PM 88576]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [12/21/2010 1:10 AM 57600]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [12/21/2010 1:10 AM 340920]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/21/2010 1:10 AM 83856]

R3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [1/10/2010 12:05 PM 79232]

S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [1/10/2010 12:21 PM 98984]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/6/2012 7:27 AM 250056]

S3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [5/16/2011 2:41 AM 401920]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/29/2010 4:45 PM 1684736]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [9/8/2011 7:48 PM 24576]

S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 6:01 PM 21248]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/21/2010 1:10 AM 83856]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [12/21/2010 1:10 AM 87656]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [5/20/2012 12:54 AM 121192]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [5/20/2012 12:54 AM 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [5/20/2012 12:54 AM 136680]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 04:07]

.

2012-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 01:57]

.

2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1284227242-682003330-1004Core.job

- c:\documents and settings\Nycole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-24 04:42]

.

2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1284227242-682003330-1004UA.job

- c:\documents and settings\Nycole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-24 04:42]

.

2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1284227242-682003330-1006Core.job

- c:\documents and settings\DJ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-16 12:12]

.

2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1284227242-682003330-1006UA.job

- c:\documents and settings\DJ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-16 12:12]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\Nycole\Application Data\Mozilla\Firefox\Profiles\y3id6z6h.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?_bc=1

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Glue: {D2A6A719-7CBC-4594-85FD-C36AD881424F} - %profile%\extensions\{D2A6A719-7CBC-4594-85FD-C36AD881424F}

FF - Ext: Scribblies Brite: {F587B2D4-7C09-4a23-AC4A-8D6E3CE8C7DA} - %profile%\extensions\{F587B2D4-7C09-4a23-AC4A-8D6E3CE8C7DA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\McAfee\SiteAdvisor

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-09 13:10

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2012-07-09 13:13:10

ComboFix-quarantined-files.txt 2012-07-09 20:13

ComboFix2.txt 2012-07-09 00:50

.

Pre-Run: 84,223,549,440 bytes free

Post-Run: 84,206,301,184 bytes free

.

- - End Of File - - 974449959C89F1D9181566A1BB892354

Link to post
Share on other sites

I clean some bad staffs from your Firefox, but to keep it or to uninstall it is your own choice. ;) (I prefer Chrome too :P )

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Thanks so much for all of your help so far!! :D

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=5e4a2774286ac74481710ff7b61a85b1

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-07-10 10:46:23

# local_time=2012-07-10 03:46:23 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 174057 174057 0 0

# compatibility_mode=768 16777215 100 0 78013309 78013309 0 0

# compatibility_mode=5121 16777189 100 75 2516363 6227719 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=74629

# found=2

# cleaned=2

# scan_time=4198

C:\System Volume Information\_restore{EA5DCE05-548E-44B2-B946-1DA6ABE083DC}\RP939\A0070977.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{EA5DCE05-548E-44B2-B946-1DA6ABE083DC}\RP939\A0070981.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.