Jump to content

search engine redirect problem


Recommended Posts

Both IE and Firefox redirect me. I have tried many scanners and free programs to no avail. The sites that redirect me are usually have a green globe or a script two for a logo, if that helps. Help would be very much appreciated. Yall are my last hope.

I left GMER to run for about six hours and it was still scanning. So i stopped it and saved the file. Please tell me if this is a problem.

Malwarebytes' Anti-Malware 1.42

Database version: 3429

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/25/2009 9:20:41 PM

mbam-log-2009-12-25 (21-20-41).txt

Scan type: Quick Scan

Objects scanned: 110049

Time elapsed: 5 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS (Ver_09-12-01.01) - NTFSx86

Run by Core at 21:26:30.42 on Fri 12/25/2009

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1212 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\ctfmon.exe

svchost.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\WINDOWS\system32\SearchIndexer.exe

c:\WINDOWS\system32\ZuneBusEnum.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Mozilla Firefox 3.6 Beta 2\firefox.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Documents and Settings\Core\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray

mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1

mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide

mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup

mRun: [NokiaMusic FastStart] "c:\program files\nokia\ovi player\NokiaOviPlayer.exe" /command:faststart

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe

uPolicies-explorer: NoWindowsUpdate = 0 (0x0)

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\core\applic~1\mozilla\firefox\profiles\4w5b7mco.default\

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\documents and settings\core\application data\mozilla\firefox\profiles\4w5b7mco.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3.6 beta 2\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3.6 beta 2\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox 3.6 beta 2\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox 3.6 beta 2\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-25 64288]

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-16 214664]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-11-12 203280]

R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-11-12 359952]

R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-11-12 144704]

R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-11-12 606736]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-11-12 79816]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-11-12 35272]

R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-11-12 40552]

R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-4-6 23064]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-10-2 845184]

S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [2009-12-23 219136]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-11-12 34248]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-11-27 136704]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-11-27 8320]

=============== Created Last 30 ================

2009-12-25 23:49:55 20 ----a-w- c:\documents and settings\core\defogger_reenable

2009-12-25 19:55:48 15880 ----a-w- c:\windows\system32\lsdelete.exe

2009-12-25 19:36:30 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2009-12-25 19:35:04 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}

2009-12-25 19:34:45 0 d-----w- c:\program files\Lavasoft

2009-12-25 16:25:43 401484 ----a-w- c:\windows\system32\msvcrtd.dll

2009-12-24 20:49:57 0 d-----w- c:\program files\Trend Micro

2009-12-24 07:55:10 0 d-----w- c:\program files\Mobiola Web Camera for S60

2009-12-24 07:27:51 41856 ----a-w- c:\windows\system32\drivers\tosrfusb.sys

2009-12-24 07:27:51 113920 ----a-w- c:\windows\system32\drivers\tosrfbd.sys

2009-12-24 07:27:50 73728 ----a-w- c:\windows\system32\drivers\Tosrfhid.sys

2009-12-24 07:27:50 36480 ----a-w- c:\windows\system32\drivers\tosrfbnp.sys

2009-12-24 07:27:49 18612 ----a-w- c:\windows\system32\drivers\tosrfnds.sys

2009-12-24 07:27:46 64000 ----a-w- c:\windows\system32\drivers\tosrfcom.sys

2009-12-24 07:27:41 41600 ----a-w- c:\windows\system32\drivers\tosporte.sys

2009-12-24 07:26:49 0 d-----w- c:\program files\Toshiba

2009-12-24 07:22:33 0 d-----w- c:\docume~1\core\applic~1\Windows Search

2009-12-24 07:17:53 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll

2009-12-24 07:17:53 28160 ----a-w- c:\windows\system32\irmon.dll

2009-12-24 07:17:52 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll

2009-12-24 07:17:52 8192 ----a-w- c:\windows\system32\wshirda.dll

2009-12-24 07:17:52 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe

2009-12-24 07:17:52 151552 ----a-w- c:\windows\system32\irftp.exe

2009-12-24 07:15:02 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-12-24 07:12:03 114688 ----a-w- c:\windows\system32\btcamvideosource.dll

2009-12-24 00:57:09 91136 -c--a-w- c:\windows\system32\dllcache\kswdmcap.ax

2009-12-24 00:57:09 91136 ----a-w- c:\windows\system32\kswdmcap.ax

2009-12-24 00:57:09 61952 -c--a-w- c:\windows\system32\dllcache\kstvtune.ax

2009-12-24 00:57:09 61952 ----a-w- c:\windows\system32\kstvtune.ax

2009-12-24 00:57:08 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll

2009-12-24 00:57:08 53760 ----a-w- c:\windows\system32\vfwwdm32.dll

2009-12-24 00:57:06 43008 -c--a-w- c:\windows\system32\dllcache\ksxbar.ax

2009-12-24 00:57:06 43008 ----a-w- c:\windows\system32\ksxbar.ax

2009-12-24 00:57:01 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys

2009-12-24 00:57:01 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys

2009-12-23 23:25:18 0 d-----r- c:\program files\Skype

2009-12-22 06:33:55 0 d-----w- c:\docume~1\core\applic~1\WinPatrol

2009-12-22 06:33:45 0 d-----w- c:\program files\BillP Studios

2009-12-20 00:52:34 0 d-----w- c:\docume~1\core\applic~1\Malwarebytes

2009-12-20 00:52:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-20 00:52:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-12-20 00:52:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-20 00:52:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-14 22:27:29 265728 -c----w- c:\windows\system32\dllcache\http.sys

2009-12-14 21:44:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2009-12-14 21:44:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2009-12-14 21:44:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-12-14 21:44:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2009-12-14 21:44:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-12-14 21:44:08 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll

2009-12-14 21:35:02 0 d-----w- c:\docume~1\core\applic~1\Windows Desktop Search

2009-12-14 21:34:38 0 d-----w- c:\windows\system32\GroupPolicy

2009-12-14 21:34:38 0 d-----w- c:\program files\Windows Desktop Search

2009-12-14 21:27:25 0 d-----w- c:\windows\pss

2009-12-14 20:55:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2009-12-14 20:53:40 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2009-12-14 20:53:40 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-12-14 20:53:39 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2009-12-14 20:53:11 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2009-12-14 19:55:56 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll

2009-12-14 19:24:25 488 ---ha-r- c:\windows\system32\logonui.exe.manifest

2009-12-14 19:24:22 749 ---ha-r- c:\windows\WindowsShell.Manifest

2009-12-14 19:24:22 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest

2009-12-14 19:24:22 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest

2009-12-14 19:24:22 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest

2009-12-08 02:34:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2009-12-06 21:55:43 16114 ----a-w- c:\windows\setupapi.old

2009-12-04 02:15:21 0 d-----w- c:\windows\Globalization

2009-12-04 02:15:13 0 d-----w- c:\docume~1\alluse~1\applic~1\NokiaMusic

2009-11-28 19:01:50 0 d-----w- c:\program files\common files\EasyInfo

2009-11-28 18:47:18 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys

2009-11-28 18:47:17 0 d-----w- c:\program files\CPUID

2009-11-28 05:07:26 0 d-----w- c:\docume~1\core\applic~1\Screaming Bee

2009-11-28 05:06:53 0 d-----w- c:\program files\Screaming Bee

2009-11-28 04:34:07 0 d-----w- c:\program files\EA GAMES

2009-11-27 17:59:09 0 d-----w- c:\program files\common files\PCSuite

2009-11-27 17:58:12 0 d-----w- c:\program files\PC Connectivity Solution

2009-11-27 17:57:59 8320 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys

2009-11-27 17:57:59 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys

2009-11-27 17:57:59 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys

2009-11-27 17:57:59 136704 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys

2009-11-27 17:57:58 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll

2009-11-27 17:57:58 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys

2009-11-27 17:57:58 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys

2009-11-27 17:57:58 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll

2009-11-27 03:20:34 3244 ----a-w- c:\windows\system32\wbem\Outlook_01ca6f10953bd52e.mof

2009-11-26 22:34:54 0 ----a-w- c:\windows\tosOBEX.INI

==================== Find3M ====================

2009-12-14 19:23:49 23348 ----a-w- c:\windows\system32\emptyregdb.dat

2009-11-18 04:39:10 105316 ----a-w- c:\windows\HPFins09.dat

2009-11-16 23:27:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf

2009-11-16 23:27:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2009-11-12 01:16:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf

2009-11-12 01:16:51 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf

2009-11-12 01:16:32 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf

2009-11-12 00:34:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf

2009-11-12 00:34:00 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

2009-11-12 00:29:33 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-11-06 21:30:16 206168 ----a-r- c:\windows\fonts\NokiaStandard Multi.TTF

2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll

2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-11 10:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-08 20:57:02 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2009-10-08 20:57:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2009-10-08 20:56:56 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2009-10-06 17:52:36 91136 ----a-w- c:\windows\system32\nmwcdcls.dll

============= FINISH: 21:28:01.78 ===============

ark.zip

Attach.zip

Link to post
Share on other sites

Hello Trey Core

Welcome to Malwarebytes. :)

=====================

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

the first time i ran combofix installed recovery console and while it was scanning my pc restarted i ran it again and this is what i got

ComboFix 09-12-26.05 - Core 12/27/2009 12:17:39.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1483 [GMT -6:00]

Running from: c:\documents and settings\Core\Desktop\ComboFix.exe

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\$recycle.bin\S-1-5-21-389955477-1979729314-3821762203-1000

C:\install.exe

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected

Restored copy from - Kitty ate it :)

.

((((((((((((((((((((((((( Files Created from 2009-11-27 to 2009-12-27 )))))))))))))))))))))))))))))))

.

2009-12-27 05:41 . 2009-12-27 05:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-12-27 05:40 . 2009-12-27 05:57 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-12-27 01:17 . 2009-12-27 01:21 -------- d-----w- c:\program files\Audacity

2009-12-25 19:35 . 2009-12-27 05:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0

2009-12-25 19:35 . 2009-12-07 14:10 2953352 -c----w- c:\documents and settings\All Users\Application Data\~0\Ad-AwareInstallation.exe

2009-12-25 19:34 . 2009-12-27 05:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-12-25 16:25 . 2004-01-22 10:58 401484 ----a-w- c:\windows\system32\msvcrtd.dll

2009-12-24 20:49 . 2009-12-24 20:49 -------- d-----w- c:\program files\Trend Micro

2009-12-24 07:55 . 2009-12-25 17:14 -------- d-----w- c:\program files\Mobiola Web Camera for S60

2009-12-24 07:27 . 2007-06-11 20:25 41856 ----a-w- c:\windows\system32\drivers\tosrfusb.sys

2009-12-24 07:27 . 2007-04-24 19:20 113920 ----a-w- c:\windows\system32\drivers\tosrfbd.sys

2009-12-24 07:27 . 2007-03-01 22:53 73728 ----a-w- c:\windows\system32\drivers\Tosrfhid.sys

2009-12-24 07:27 . 2006-11-20 23:55 36480 ----a-w- c:\windows\system32\drivers\tosrfbnp.sys

2009-12-24 07:27 . 2005-01-06 19:42 18612 ----a-w- c:\windows\system32\drivers\tosrfnds.sys

2009-12-24 07:27 . 2007-05-24 20:27 64000 ----a-w- c:\windows\system32\drivers\tosrfcom.sys

2009-12-24 07:27 . 2006-10-11 01:33 41600 ----a-w- c:\windows\system32\drivers\tosporte.sys

2009-12-24 07:26 . 2009-12-24 07:26 -------- d-----w- c:\program files\Toshiba

2009-12-24 07:22 . 2009-12-24 07:22 -------- d-----w- c:\documents and settings\Core\Application Data\Windows Search

2009-12-24 07:17 . 2008-04-14 11:41 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll

2009-12-24 07:17 . 2008-04-14 11:41 28160 ----a-w- c:\windows\system32\irmon.dll

2009-12-24 07:17 . 2008-04-14 11:42 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe

2009-12-24 07:17 . 2008-04-14 11:42 151552 ----a-w- c:\windows\system32\irftp.exe

2009-12-24 07:17 . 2008-04-14 11:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll

2009-12-24 07:17 . 2008-04-14 11:42 8192 ----a-w- c:\windows\system32\wshirda.dll

2009-12-24 07:15 . 2009-12-24 07:15 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-12-24 07:12 . 2007-09-20 18:04 114688 ----a-w- c:\windows\system32\btcamvideosource.dll

2009-12-24 00:57 . 2008-04-14 11:42 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll

2009-12-24 00:57 . 2008-04-14 11:42 53760 ----a-w- c:\windows\system32\vfwwdm32.dll

2009-12-24 00:57 . 2008-04-14 06:16 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys

2009-12-24 00:57 . 2008-04-14 06:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys

2009-12-23 23:48 . 2009-12-27 06:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-12-23 23:28 . 2009-12-27 06:06 -------- d-----w- c:\documents and settings\Core\Application Data\skypePM

2009-12-23 23:25 . 2009-12-27 06:59 -------- d-----w- c:\documents and settings\Core\Application Data\Skype

2009-12-23 23:25 . 2009-12-23 23:25 -------- d-----w- c:\program files\Common Files\Skype

2009-12-23 23:25 . 2009-12-24 06:49 -------- d-----r- c:\program files\Skype

2009-12-23 23:25 . 2009-12-23 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2009-12-22 06:33 . 2009-12-22 06:33 -------- d-----w- c:\documents and settings\Core\Application Data\WinPatrol

2009-12-22 06:33 . 2009-10-02 17:51 0 ----a-w- c:\documents and settings\Core\Application Data\WinPatrol\Config.sys

2009-12-22 06:33 . 2009-10-02 17:51 0 ----a-w- c:\documents and settings\Core\Application Data\WinPatrol\Autoexec.bat

2009-12-22 06:33 . 2009-12-22 06:33 -------- d-----w- c:\program files\BillP Studios

2009-12-20 00:52 . 2009-12-20 00:52 -------- d-----w- c:\documents and settings\Core\Application Data\Malwarebytes

2009-12-20 00:52 . 2009-12-03 22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-20 00:52 . 2009-12-20 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-12-20 00:52 . 2009-12-20 00:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-20 00:52 . 2009-12-03 22:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-14 22:36 . 2009-12-14 22:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2009-12-14 22:27 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys

2009-12-14 21:44 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-12-14 21:44 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2009-12-14 21:44 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2009-12-14 21:44 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-12-14 21:44 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2009-12-14 21:44 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll

2009-12-14 21:35 . 2009-12-14 21:35 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

2009-12-14 21:35 . 2009-12-14 21:35 -------- d-----w- c:\documents and settings\Core\Application Data\Windows Desktop Search

2009-12-14 21:34 . 2009-12-14 22:28 -------- d-----w- c:\program files\Windows Desktop Search

2009-12-14 21:34 . 2009-12-14 21:34 -------- d-----w- c:\windows\system32\GroupPolicy

2009-12-14 20:55 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2009-12-14 20:53 . 2009-08-05 02:44 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2009-12-14 20:53 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-12-14 20:53 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2009-12-14 20:53 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2009-12-14 19:55 . 2008-04-14 10:39 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll

2009-12-14 19:08 . 2006-02-28 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2009-12-14 19:08 . 2006-02-28 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll

2009-12-14 19:08 . 2006-02-28 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2009-12-14 19:08 . 2006-02-28 12:00 13312 ----a-w- c:\windows\system32\irclass.dll

2009-12-08 22:00 . 2009-12-08 22:00 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-12-04 04:36 . 2009-12-04 04:36 159776 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2009-12-04 02:16 . 2009-12-04 02:16 -------- d-----w- c:\documents and settings\Core\Local Settings\Application Data\IsolatedStorage

2009-12-04 02:15 . 2009-12-04 02:15 -------- d-----w- c:\documents and settings\Core\Local Settings\Application Data\Nokia

2009-12-04 02:15 . 2009-12-04 02:15 -------- d-----w- c:\windows\Globalization

2009-12-04 02:15 . 2009-12-04 02:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaMusic

2009-11-28 19:01 . 2009-11-28 19:01 -------- d-----w- c:\program files\Common Files\EasyInfo

2009-11-28 18:47 . 2009-03-27 07:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys

2009-11-28 18:47 . 2009-11-28 18:47 -------- d-----w- c:\program files\CPUID

2009-11-28 05:07 . 2009-11-28 05:07 -------- d-----w- c:\documents and settings\Core\Application Data\Screaming Bee

2009-11-28 05:06 . 2009-11-28 05:06 -------- d-----w- c:\program files\Screaming Bee

2009-11-28 04:34 . 2009-11-28 19:02 -------- d-----w- c:\program files\EA GAMES

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-27 01:36 . 2009-11-12 00:36 -------- d-----w- c:\documents and settings\Core\Application Data\uTorrent

2009-12-22 23:58 . 2009-11-13 02:05 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore

2009-12-20 23:19 . 2009-11-11 23:16 -------- d-----w- c:\program files\Mozilla Firefox 3.6 Beta 2

2009-12-14 19:23 . 2009-10-02 17:50 23348 ----a-w- c:\windows\system32\emptyregdb.dat

2009-12-09 03:27 . 2009-11-12 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-12-08 02:34 . 2009-12-08 02:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2009-12-08 01:59 . 2009-11-12 00:40 -------- d-----w- c:\documents and settings\Core\Application Data\Nokia

2009-12-04 02:16 . 2009-11-22 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia

2009-12-04 02:16 . 2009-11-12 12:06 69648 ----a-w- c:\documents and settings\Core\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-12-04 02:16 . 2009-11-12 00:39 -------- d-----w- c:\program files\Nokia

2009-12-04 02:15 . 2009-11-12 02:31 -------- d-----w- c:\program files\Common Files\Nokia

2009-11-28 04:34 . 2009-10-02 18:01 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-11-28 04:31 . 2009-10-02 18:00 -------- d-----w- c:\program files\Common Files\InstallShield

2009-11-27 17:59 . 2009-11-27 17:59 -------- d-----w- c:\program files\Common Files\PCSuite

2009-11-27 17:58 . 2009-11-27 17:58 -------- d-----w- c:\program files\PC Connectivity Solution

2009-11-27 17:57 . 2009-11-27 17:57 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe

2009-11-27 17:57 . 2009-11-27 17:57 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe

2009-11-27 17:57 . 2009-11-27 17:57 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe

2009-11-27 17:57 . 2009-11-27 17:57 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe

2009-11-27 17:43 . 2009-11-27 17:57 34440160 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng_us.exe

2009-11-27 17:43 . 2009-11-12 00:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations

2009-11-26 21:49 . 2009-11-26 21:49 -------- d-----w- c:\documents and settings\Core\Application Data\TOSHIBA

2009-11-26 20:53 . 2009-11-26 19:51 -------- d-----w- c:\documents and settings\Core\Application Data\Winamp

2009-11-26 20:01 . 2009-11-26 19:51 -------- d-----w- c:\program files\Winamp

2009-11-22 19:25 . 2009-11-22 19:25 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe

2009-11-22 19:25 . 2009-11-22 19:25 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe

2009-11-22 19:25 . 2009-11-22 19:25 3203453 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe

2009-11-22 19:25 . 2009-11-22 19:26 24402704 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_en_us.exe

2009-11-21 15:51 . 2008-04-14 10:41 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2009-11-21 07:35 . 2009-11-12 01:44 -------- d-----w- c:\program files\Microsoft Works

2009-11-20 22:03 . 2009-11-20 22:03 -------- d-----w- c:\documents and settings\Core\Application Data\HP

2009-11-20 01:55 . 2009-11-20 01:52 -------- d-----w- c:\documents and settings\Core\Application Data\HpUpdate

2009-11-20 01:53 . 2009-11-18 03:11 -------- d-----w- c:\program files\HP

2009-11-19 01:59 . 2009-11-13 01:52 -------- d-----w- c:\program files\McAfee

2009-11-18 23:34 . 2009-11-18 23:34 -------- d-----w- c:\program files\SIW

2009-11-18 22:39 . 2009-11-16 01:43 -------- d-----w- c:\program files\Counter-Strike 1.6

2009-11-18 04:39 . 2009-11-18 04:28 105316 ----a-w- c:\windows\HPFins09.dat

2009-11-18 04:38 . 2009-11-18 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\HP

2009-11-18 04:38 . 2009-11-18 04:38 -------- d-----w- c:\program files\Common Files\HP

2009-11-16 23:27 . 2009-11-16 23:27 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf

2009-11-16 23:27 . 2009-11-12 00:40 -------- d-----w- c:\documents and settings\Core\Application Data\PC Suite

2009-11-16 23:27 . 2009-11-12 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite

2009-11-16 23:27 . 2009-11-16 23:27 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2009-11-16 12:29 . 2009-11-12 00:38 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2009-11-15 23:34 . 2009-11-15 23:34 -------- d-----w- c:\program files\Common Files\Adobe

2009-11-15 23:33 . 2009-11-15 23:33 -------- d-----w- c:\program files\Common Files\Adobe AIR

2009-11-15 23:33 . 2009-11-15 23:33 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

2009-11-15 23:32 . 2009-11-15 23:32 -------- d-----w- c:\program files\NOS

2009-11-14 02:26 . 2009-11-13 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2009-11-13 01:55 . 2009-11-13 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor

2009-11-13 01:53 . 2009-11-13 01:52 -------- d-----w- c:\program files\Common Files\McAfee

2009-11-13 01:52 . 2009-11-13 01:52 -------- d-----w- c:\program files\McAfee.com

2009-11-12 12:09 . 2009-11-12 12:04 -------- d-----w- c:\program files\Yahoo!

2009-11-12 12:05 . 2009-11-12 12:05 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink

2009-11-12 12:05 . 2009-11-12 12:05 -------- d-----w- c:\program files\CyberLink

2009-11-12 12:05 . 2009-11-12 12:04 -------- d-----w- c:\program files\CCleaner

2009-11-12 12:04 . 2009-11-12 12:04 -------- d-----w- c:\documents and settings\Core\Application Data\Yahoo!

2009-11-12 12:04 . 2009-11-12 12:04 -------- d-----w- c:\documents and settings\Core\Application Data\Ahead

2009-11-12 12:04 . 2009-11-12 12:04 -------- d-----w- c:\program files\Common Files\Ahead

2009-11-12 12:04 . 2009-11-12 12:04 -------- d-----w- c:\program files\Nero

2009-11-12 12:04 . 2009-11-12 12:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero

2009-11-12 02:33 . 2009-11-12 02:33 -------- d-----w- c:\program files\Defraggler

2009-11-12 02:30 . 2009-11-12 02:30 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe

2009-11-12 02:30 . 2009-11-12 02:30 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe

2009-11-12 02:30 . 2009-11-12 02:30 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe

2009-11-12 02:30 . 2009-11-12 02:30 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe

2009-11-12 02:29 . 2009-11-12 02:30 33816384 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng_us.exe

2009-11-12 01:46 . 2009-11-12 00:42 -------- d-----w- c:\program files\SpeedFan

2009-11-12 01:44 . 2009-11-11 23:52 -------- d-----w- c:\program files\MSBuild

2009-11-12 01:41 . 2009-11-12 01:41 -------- d-----w- c:\program files\Microsoft.NET

2009-11-12 01:39 . 2009-11-12 01:39 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2009-11-12 01:35 . 2009-11-12 01:35 -------- d-----w- c:\program files\MSXML 4.0

2009-11-12 01:33 . 2009-11-12 00:29 -------- d-----w- c:\documents and settings\Core\Application Data\DAEMON Tools Lite

2009-11-12 01:31 . 2009-11-12 01:31 -------- d-----w- c:\program files\Microsoft Games

2009-11-12 01:23 . 2009-11-12 00:37 -------- d-----w- c:\program files\Java

2009-11-12 01:22 . 2009-11-12 01:22 152576 ----a-w- c:\documents and settings\Core\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-11-12 01:21 . 2009-11-12 01:21 79488 ----a-w- c:\documents and settings\Core\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2009-11-12 01:16 . 2009-11-12 01:16 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf

2009-11-12 01:16 . 2009-11-12 01:16 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf

2009-11-12 01:16 . 2009-11-12 01:16 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf

2009-11-12 01:15 . 2009-11-12 00:29 -------- d-----w- c:\program files\DAEMON Tools Lite

2009-11-12 00:39 . 2009-11-12 00:39 -------- d-----w- c:\program files\DIFX

2009-11-12 00:39 . 2009-11-12 00:39 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe

2009-11-12 00:39 . 2009-11-12 00:39 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe

2009-11-12 00:39 . 2009-11-12 00:39 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe

2009-11-12 00:38 . 2009-11-12 00:38 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan

2009-11-12 00:38 . 2009-11-12 00:38 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe

2009-11-12 00:37 . 2009-11-12 00:37 -------- d-----w- c:\program files\LimeWire

2009-11-12 00:37 . 2009-11-12 00:37 152576 ----a-w- c:\documents and settings\Core\Application Data\Sun\Java\jre1.6.0_16\lzma.dll

2009-11-12 00:36 . 2009-11-12 00:36 -------- d-----w- c:\program files\uTorrent

2009-11-12 00:36 . 2009-11-12 00:39 33731296 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_eng_us_web.exe

2009-11-12 00:34 . 2009-11-12 00:33 -------- d-----w- c:\program files\Zune

2009-11-12 00:34 . 2009-11-12 00:34 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf

2009-11-12 00:34 . 2009-11-12 00:34 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

2009-11-12 00:29 . 2009-11-12 00:29 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-11-12 00:29 . 2009-11-12 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite

2009-11-11 23:52 . 2009-11-11 23:52 -------- d-----w- c:\program files\Reference Assemblies

2009-11-11 23:50 . 2009-11-11 23:50 -------- d-----w- c:\program files\Windows Media Connect 2

2009-11-11 23:16 . 2009-11-11 23:16 0 ----a-w- c:\windows\nsreg.dat

2009-11-06 15:20 . 2009-11-15 23:32 34112 ----a-w- c:\documents and settings\Core\Application Data\Mozilla\Firefox\Profiles\4w5b7mco.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-08-15 30003200]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]

"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-21 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-21 137752]

"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk

backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2009-09-04 18:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-03 10:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-01-15 22:14 147456 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-14 10:42 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 17:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2008-12-08 21:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2006-12-06 04:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 21:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

2009-11-11 16:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2006-12-07 00:37 69216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-10-11 10:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2009-12-27 01:06 289584 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=

"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=

"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\WINDOWS\\system32\\winver.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Mobiola Web Camera for S60\\webcam.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/12/2009 7:54 PM 203280]

R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [4/6/2009 1:19 PM 23064]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [10/2/2009 12:00 PM 845184]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]

S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [12/23/2009 6:56 PM 219136]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [11/27/2009 11:57 AM 136704]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [11/27/2009 11:57 AM 8320]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/11/2009 6:29 PM 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

------- Supplementary Scan -------

.

FF - ProfilePath - c:\documents and settings\Core\Application Data\Mozilla\Firefox\Profiles\4w5b7mco.default\

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - plugin: c:\documents and settings\Core\Application Data\Mozilla\Firefox\Profiles\4w5b7mco.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox 3.6 Beta 2\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox 3.6 Beta 2\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox 3.6 Beta 2\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox 3.6 Beta 2\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox 3.6 Beta 2\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox 3.6 Beta 2\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox 3.6 Beta 2\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox 3.6 Beta 2\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox 3.6 Beta 2\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox 3.6 Beta 2\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox 3.6 Beta 2\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox 3.6 Beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox 3.6 Beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox 3.6 Beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - ORPHANS REMOVED - - - -

SafeBoot-WudfPf

SafeBoot-WudfRd

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-27 12:21

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1060284298-2052111302-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EF60E00E-9241-60C7-3130-79C78618D9BA}*]

"hajjceimmcbgacbb"=hex:6b,61,6c,6e,6c,6c,69,63,64,6b,70,66,62,6f,6a,6d,65,6b,

6f,69,6e,67,00,00

"iapkmcjgikjbcgnogc"=hex:6b,61,6c,6e,6c,6c,69,63,64,6b,70,66,62,6f,6a,6d,65,6b,

6f,69,6e,67,00,00

.

Completion time: 2009-12-27 12:21:54

ComboFix-quarantined-files.txt 2009-12-27 18:21

Pre-Run: 287,442,833,408 bytes free

Post-Run: 287,420,178,432 bytes free

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5

- - End Of File - - 57014D212CEB9FAA472774CB67518213

Link to post
Share on other sites

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.42

Database version: 3442

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/27/2009 6:00:19 PM

mbam-log-2009-12-27 (18-00-19).txt

Scan type: Quick Scan

Objects scanned: 109592

Time elapsed: 4 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Sorry, I will read your posts more carefully.

I ran the scan and it found some Trojans ,but another user of the computer closed IE and i was no able to save a log.

Then, I ran it again and this is what i got:

E:\WINDOWS\system32\drivers\etc\hosts Win32/Qhost trojan cleaned by deleting - quarantined

Link to post
Share on other sites

excellent

DDS (Ver_09-12-01.01) - NTFSx86

Run by Core at 19:10:45.85 on Mon 12/28/2009

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1056 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\WINDOWS\system32\rundll32.exe

svchost.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\WINDOWS\system32\SearchIndexer.exe

c:\WINDOWS\system32\ZuneBusEnum.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Mozilla Firefox 3.6 Beta 2\firefox.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\Core\Desktop\Defogger.exe

C:\Documents and Settings\Core\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1

mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide

mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup

mRun: [NokiaMusic FastStart] "c:\program files\nokia\ovi player\NokiaOviPlayer.exe" /command:faststart

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\core\applic~1\mozilla\firefox\profiles\4w5b7mco.default\

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\documents and settings\core\application data\mozilla\firefox\profiles\4w5b7mco.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3.6 beta 2\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3.6 beta 2\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox 3.6 beta 2\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox 3.6 beta 2\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox 3.6 beta 2\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-16 214664]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-11-12 203280]

R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-11-12 359952]

R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-11-12 144704]

R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-11-12 606736]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-11-12 79816]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-11-12 35272]

R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-11-12 40552]

R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-4-6 23064]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-10-2 845184]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]

S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [2009-12-23 219136]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-11-12 34248]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-11-27 136704]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-11-27 8320]

=============== Created Last 30 ================

2009-12-28 20:15:41 0 d-----w- c:\program files\ESET

2009-12-27 18:13:16 0 d-sha-r- C:\cmdcons

2009-12-27 18:11:25 98816 ----a-w- c:\windows\sed.exe

2009-12-27 18:11:25 77312 ----a-w- c:\windows\MBR.exe

2009-12-27 18:11:25 261632 ----a-w- c:\windows\PEV.exe

2009-12-27 18:11:25 161792 ----a-w- c:\windows\SWREG.exe

2009-12-27 05:41:00 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2009-12-27 05:40:33 0 d-----w- c:\program files\SUPERAntiSpyware

2009-12-27 01:17:07 0 d-----w- c:\program files\Audacity

2009-12-25 23:49:55 20 ----a-w- c:\documents and settings\core\defogger_reenable

2009-12-25 19:35:04 0 dc-h--w- c:\docume~1\alluse~1\applic~1\~0

2009-12-25 16:25:43 401484 ----a-w- c:\windows\system32\msvcrtd.dll

2009-12-24 20:49:57 0 d-----w- c:\program files\Trend Micro

2009-12-24 07:55:10 0 d-----w- c:\program files\Mobiola Web Camera for S60

2009-12-24 07:27:51 41856 ----a-w- c:\windows\system32\drivers\tosrfusb.sys

2009-12-24 07:27:51 113920 ----a-w- c:\windows\system32\drivers\tosrfbd.sys

2009-12-24 07:27:50 73728 ----a-w- c:\windows\system32\drivers\Tosrfhid.sys

2009-12-24 07:27:50 36480 ----a-w- c:\windows\system32\drivers\tosrfbnp.sys

2009-12-24 07:27:49 18612 ----a-w- c:\windows\system32\drivers\tosrfnds.sys

2009-12-24 07:27:46 64000 ----a-w- c:\windows\system32\drivers\tosrfcom.sys

2009-12-24 07:27:41 41600 ----a-w- c:\windows\system32\drivers\tosporte.sys

2009-12-24 07:26:49 0 d-----w- c:\program files\Toshiba

2009-12-24 07:22:33 0 d-----w- c:\docume~1\core\applic~1\Windows Search

2009-12-24 07:17:53 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll

2009-12-24 07:17:53 28160 ----a-w- c:\windows\system32\irmon.dll

2009-12-24 07:17:52 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll

2009-12-24 07:17:52 8192 ----a-w- c:\windows\system32\wshirda.dll

2009-12-24 07:17:52 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe

2009-12-24 07:17:52 151552 ----a-w- c:\windows\system32\irftp.exe

2009-12-24 07:15:02 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-12-24 07:12:03 114688 ----a-w- c:\windows\system32\btcamvideosource.dll

2009-12-24 00:57:09 91136 -c--a-w- c:\windows\system32\dllcache\kswdmcap.ax

2009-12-24 00:57:09 91136 ----a-w- c:\windows\system32\kswdmcap.ax

2009-12-24 00:57:09 61952 -c--a-w- c:\windows\system32\dllcache\kstvtune.ax

2009-12-24 00:57:09 61952 ----a-w- c:\windows\system32\kstvtune.ax

2009-12-24 00:57:08 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll

2009-12-24 00:57:08 53760 ----a-w- c:\windows\system32\vfwwdm32.dll

2009-12-24 00:57:06 43008 -c--a-w- c:\windows\system32\dllcache\ksxbar.ax

2009-12-24 00:57:06 43008 ----a-w- c:\windows\system32\ksxbar.ax

2009-12-24 00:57:01 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys

2009-12-24 00:57:01 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys

2009-12-23 23:25:18 0 d-----r- c:\program files\Skype

2009-12-22 06:33:55 0 d-----w- c:\docume~1\core\applic~1\WinPatrol

2009-12-22 06:33:45 0 d-----w- c:\program files\BillP Studios

2009-12-20 00:52:34 0 d-----w- c:\docume~1\core\applic~1\Malwarebytes

2009-12-20 00:52:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-20 00:52:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-12-20 00:52:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-20 00:52:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-14 22:27:29 265728 -c----w- c:\windows\system32\dllcache\http.sys

2009-12-14 21:44:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2009-12-14 21:44:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2009-12-14 21:44:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-12-14 21:44:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2009-12-14 21:44:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-12-14 21:44:08 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll

2009-12-14 21:35:02 0 d-----w- c:\docume~1\core\applic~1\Windows Desktop Search

2009-12-14 21:34:38 0 d-----w- c:\windows\system32\GroupPolicy

2009-12-14 21:34:38 0 d-----w- c:\program files\Windows Desktop Search

2009-12-14 21:27:25 0 d-----w- c:\windows\pss

2009-12-14 20:55:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2009-12-14 20:53:40 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2009-12-14 20:53:40 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-12-14 20:53:39 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2009-12-14 20:53:11 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2009-12-14 19:55:56 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll

2009-12-14 19:24:25 488 ---ha-r- c:\windows\system32\logonui.exe.manifest

2009-12-14 19:24:22 749 ---ha-r- c:\windows\WindowsShell.Manifest

2009-12-14 19:24:22 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest

2009-12-14 19:24:22 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest

2009-12-14 19:24:22 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest

2009-12-08 02:34:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2009-12-06 21:55:43 16114 ----a-w- c:\windows\setupapi.old

2009-12-04 02:15:21 0 d-----w- c:\windows\Globalization

2009-12-04 02:15:13 0 d-----w- c:\docume~1\alluse~1\applic~1\NokiaMusic

==================== Find3M ====================

2009-12-14 19:23:49 23348 ----a-w- c:\windows\system32\emptyregdb.dat

2009-11-18 04:39:10 105316 ----a-w- c:\windows\HPFins09.dat

2009-11-16 23:27:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf

2009-11-16 23:27:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2009-11-12 01:16:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf

2009-11-12 01:16:51 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf

2009-11-12 01:16:32 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf

2009-11-12 00:34:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf

2009-11-12 00:34:00 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

2009-11-12 00:29:33 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-11-06 21:30:16 206168 ----a-r- c:\windows\fonts\NokiaStandard Multi.TTF

2009-10-29 07:45:38 916480 ------w- c:\windows\system32\wininet.dll

2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-11 10:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-08 20:57:02 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2009-10-08 20:57:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2009-10-08 20:56:56 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2009-10-06 17:55:50 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll

2009-10-06 17:52:46 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll

2009-10-06 17:52:36 91136 ----a-w- c:\windows\system32\nmwcdcls.dll

============= FINISH: 19:11:14.85 ===============

Link to post
Share on other sites

=======Cleanup=======

  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

======Next======

  • Download OTC to your desktop and run it
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Delete\uninstall anything else that we have used that is leftover.

=====================================

After that your all set.

The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...

Link to post
Share on other sites

You are welcome ;)

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :lol:

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.