Jump to content

MBAM detected infection by PUP.Dealio


Recommended Posts

Hello folks ,

Here is attached the MBAM log. As you can see there is an infection by PUP.Dealio:

_______________________________________________________________________

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5470

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

06/01/2011 18:00:36

mbam-log-2011-01-06 (18-00-36).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 373630

Time elapsed: 3 hour(s), 5 minute(s), 55 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 5

Registry Values Infected: 5

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> 212 -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\PDFFORGE TOOLBAR\SEARCHSETTINGS.DLL (PUP.Dealio) -> Value: SEARCHSETTINGS.DLL -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\SEARCHSETTINGS@SPIGOT.COM (PUP.Dealio) -> Value: SEARCHSETTINGS@SPIGOT.COM -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

________________________________________________________

I followed the instructions given, so here's the DDS.txt. I've attached a zip file with Attach.txt and Ark.txt (from GMER Anti-Rootkit)

________________________________________________________

DDS (Ver_10-12-12.02) - NTFSx86

Run by sfigeacgalindo at 18:59:10.17 on 06/01/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3567.2116 [GMT 1:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

FW: McAfee Host Intrusion Prevention Firewall *Disabled*

============== Running Processes ===============

C:\Program Files\Evidian\bin\iss_acd.exe

C:\Program Files\Evidian\bin\yarrowd.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\System32\svchost.exe -k eapsvcs

svchost.exe

C:\WINDOWS\System32\svchost.exe -k dot3svc

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Altiris\AClient\AClient.exe

C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe

C:\Program Files\IBM\RationalSDLC\ClearCase\bin\albd_server.exe

C:\WINDOWS\system32\ccsrvc.exe

C:\Program Files\Altiris\Carbon Copy\shellker.exe

C:\WINDOWS\system32\cisvc.exe

D:\iPlanet\Servers\bin\https\bin\webservd-wdog.exe

D:\iPlanet\Servers\bin\https\bin\webservd.exe

D:\iPlanet\Servers\bin\https\bin\webservd-wdog.exe

D:\iPlanet\Servers\bin\https\bin\webservd.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\IBM\RationalSDLC\ClearCase\bin\lockmgr.exe

C:\Program Files\Amanotes\nsd.exe

C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\mfevtps.exe

C:\Program Files\Amanotes\ntmulti.exe

C:\WINDOWS\system32\cccredmgr.exe

C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\PROGRA~1\Altiris\CARBON~1\client.exe

C:\PROGRA~1\Evidian\bin\ssoxp.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Evidian\SSOEngine\SSOEngine.exe

C:\Program Files\Altiris\AClient\AClntUsr.EXE

C:\Program Files\Amadeus MyScreen\Amadeus.MyScreen.Client.exe

C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\McAfee\Common Framework\udaterui.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AweSync\AweSync.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Ditto\Ditto.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\MMTaskbar\MultiMon.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Amanotes\NLNOTES.EXE

C:\Program Files\Amanotes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.2.20100729-1241\win32\x86\notes2.exe

C:\Program Files\Amanotes\ntaskldr.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\sfigeacgalindo\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/

uWindow Title = Microsoft Internet Explorer provided by Amadeus s.a.s.

mWindow Title = Microsoft Internet Explorer provided by Amadeus s.a.s.

uInternet Connection Wizard,ShellNext = hxxp://w2kmigration/securityW2K/SecuriteLogOn_files/frame.htm

mWinlogon: System=iss_acd.exe

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll

BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HttpWatch Basic: {f1f69322-008f-4895-b2bf-ad194219825a} - c:\program files\httpwatch\httpwatchsc.dll

BHO: SSOWatch Notification Class: {f3dca10e-35ff-11d4-8744-00105a658389} - c:\program files\evidian\ssoengine\ie_notifier.dll

TB: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File

EB: HttpWatch Basic: {2b4c4770-27fd-4a09-b17d-33ca580965fb} - c:\program files\httpwatch\httpwatch.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [sametime Connect 7.5] "c:\program files\ibm\sametime connect\sametime.exe" -noSplash

uRun: [AweSync] c:\program files\awesync\AweSync.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [Ditto] c:\program files\ditto\Ditto.exe

mRun: [atchk]

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [soundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray

mRun: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

mRun: [AClntUsr] c:\program files\altiris\aclient\AClntUsr.EXE

mRun: [Amadeus_MyScreen] "c:\program files\amadeus myscreen\Amadeus.MyScreen.Client.exe"

mRun: [AeXAgentLogon] c:\program files\altiris\altiris agent\AeXAgentActivate.exe /logon

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey

mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"

dRunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"

StartupFolder: c:\docume~1\sfigea~1\startm~1\programs\startup\notifi~1.lnk - c:\documents and settings\sfigeacgalindo\application data\microsoft\notification de cadeaux msn\lsnfier.exe

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\CC_startup.bat

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\multim~1.lnk - c:\program files\mmtaskbar\MultiMon.exe

uPolicies-explorer: NoDFSTab = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Edit with Altova X&MLSpy - c:\program files\altova\xmlspy2007\spy.htm

IE: {2222EF56-F49E-4d07-A14E-8D2B08766958} - c:\program files\altova\xmlspy2007\spy.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {D103E85B-5D67-42c1-8C83-F01079DBAB26} - {2B4C4770-27FD-4A09-B17D-33CA580965FB} - c:\program files\httpwatch\httpwatch.dll

Trusted Zone: abcactivity

Trusted Zone: amadeus.com

Trusted Zone: amadeus.net

Trusted Zone: amadeus.net\abcactivity.nce

Trusted Zone: amadeus.net\adajprod.nce

Trusted Zone: amadeus.net\allstats

Trusted Zone: amadeus.net\aslam.muc

Trusted Zone: amadeus.net\diagnostic.1a

Trusted Zone: amadeus.net\etvots.nce

Trusted Zone: amadeus.net\meetings

Trusted Zone: amadeus.net\meetings.nce

Trusted Zone: amadeus.net\MUCFQS1P.muc.msp

Trusted Zone: amadeus.net\mucfquts.muc

Trusted Zone: amadeus.net\nceeffprod.nce

Trusted Zone: amadeus.net\ncehttp1.nce

Trusted Zone: amadeus.net\ncenotesweb1.nce

Trusted Zone: amadeus.net\ncenotwl1.nce

Trusted Zone: amadeus.net\nceoaie.nce

Trusted Zone: amadeus.net\nceprojspring.nce

Trusted Zone: amadeus.net\pmo.nce

Trusted Zone: amadeus.net\servicecenter.nce

Trusted Zone: amadeus.net\visualedifact.nce

Trusted Zone: amadeus.net\www.nce

Trusted Zone: amadeuscruise.com

Trusted Zone: amadeusferry.com

Trusted Zone: amadeusproweb.com

Trusted Zone: amadeusvista.com

Trusted Zone: amadeusvista.com\*.1a

Trusted Zone: amadeusvista.com\*.webconfig

Trusted Zone: amadeusvista.com\1a

Trusted Zone: amadeusvista.com\qualification.webconfig

Trusted Zone: amadeusvista.com\webconfig

Trusted Zone: auralog.com

Trusted Zone: e-travel.com

Trusted Zone: globalenglish.com

Trusted Zone: skillsoft.com

Trusted Zone: visualedifact

Trusted Zone: w2kmigration

Trusted Zone: abcactivity

Trusted Zone: amadeus.com

Trusted Zone: amadeus.net

Trusted Zone: amadeus.net\abcactivity.nce

Trusted Zone: amadeus.net\adajprod.nce

Trusted Zone: amadeus.net\allstats

Trusted Zone: amadeus.net\aslam.muc

Trusted Zone: amadeus.net\diagnostic.1a

Trusted Zone: amadeus.net\etvots.nce

Trusted Zone: amadeus.net\meetings

Trusted Zone: amadeus.net\meetings.nce

Trusted Zone: amadeus.net\MUCFQS1P.muc.msp

Trusted Zone: amadeus.net\mucfquts.muc

Trusted Zone: amadeus.net\nceeffprod.nce

Trusted Zone: amadeus.net\ncehttp1.nce

Trusted Zone: amadeus.net\ncenotesweb1.nce

Trusted Zone: amadeus.net\ncenotwl1.nce

Trusted Zone: amadeus.net\nceoaie.nce

Trusted Zone: amadeus.net\nceprojspring.nce

Trusted Zone: amadeus.net\pmo.nce

Trusted Zone: amadeus.net\servicecenter.nce

Trusted Zone: amadeus.net\visualedifact.nce

Trusted Zone: amadeus.net\www.nce

Trusted Zone: amadeuscruise.com

Trusted Zone: amadeusferry.com

Trusted Zone: amadeusproweb.com

Trusted Zone: amadeusvista.com

Trusted Zone: amadeusvista.com\*.1a

Trusted Zone: amadeusvista.com\*.webconfig

Trusted Zone: amadeusvista.com\1a

Trusted Zone: amadeusvista.com\qualification.webconfig

Trusted Zone: amadeusvista.com\webconfig

Trusted Zone: auralog.com

Trusted Zone: e-travel.com

Trusted Zone: globalenglish.com

Trusted Zone: skillsoft.com

Trusted Zone: visualedifact

Trusted Zone: w2kmigration

DPF: {3605B612-C3CF-4AB4-A426-2D853391DB2E} - hxxp://nceqcwebp1.nce.amadeus.net/qcbin/capicom.dll

DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} - hxxp://nceprojspring.nce.amadeus.net/ProjectServer/objects/pjclient.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} - hxxp://nceqcp1/qcbin/Spider90.ocx

DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} - hxxp://nceprojspring.nce.amadeus.net/ProjectServer/objects/1033/pjcintl.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {F96020DD-C373-44A0-82B6-064EF0AEEAE3} - hxxp://1a.certificates.amadeusvista.com/sgwadmin/RegSiteTools.cab

DPF: {FCADE536-93F5-4577-80A3-E7C32FAC4C7D} - hxxp://nceqcwebp1.nce.amadeus.net/qcbin/Spider10.cab

Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sappc\sapgui\SAPHTMLP.DLL

Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sappc\sapgui\SAPHTMLP.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: AM_SSOXPress - c:\program files\evidian\shared_lib\xpcontrol.dll

Notify: ccnotify - ccnotify.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL AMINIT32.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

mASetup: {5AA214BD-53C5-4474-8386-A8D92581E557} - c:\windows\system32\msiexec.exe /qn /fpu {3561EEB5-C569-47B1-A18E-1C0B272C766D}

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sfigea~1\applic~1\mozilla\firefox\profiles\8d18jtmk.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/firefox?client=firefox-a&rls=org.mozilla:fr:official

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?mkt=fr-FR&form=MIAWB1&q=

FF - component: c:\documents and settings\sfigeacgalindo\application data\mozilla\firefox\profiles\8d18jtmk.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll

FF - component: c:\program files\pdfforge toolbar\ssff\components\SearchSettingsFF.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com

FF - Ext: Walnut for Firefox: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF} - %profile%\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}

FF - Ext: OpenMedSpel: openmedspel@e-medtools.com - %profile%\extensions\openmedspel@e-medtools.com

FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}

FF - Ext: BlockSite: {dd3d7613-0246-469d-bc65-2a3cc1668adc} - %profile%\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}

FF - Ext: KeyScrambler: keyscrambler@qfx.software.corporation - %profile%\extensions\keyscrambler@qfx.software.corporation

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-27 64288]

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-12-4 343760]

R1 CCDevice;CCDevice;c:\windows\system32\drivers\CCDevice.sys [2007-5-29 9216]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 Albd;Atria Location Broker;c:\program files\ibm\rationalsdlc\clearcase\bin\albd_server.exe [2010-10-7 225792]

R2 https-www;Sun ONE Web Server 6.1 (www);d:\iplanet\servers\bin\https\bin\webservd-wdog.exe [2007-6-14 37005]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-8 1389400]

R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\amanotes\nsd.exe [2010-8-11 3417480]

R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2009-10-22 21256]

R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-9-22 103744]

R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2009-10-22 146448]

R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2009-10-22 66896]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-3-1 70728]

R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [2008-7-10 218136]

R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-12-6 114952]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-12-4 91672]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-12-4 43288]

R3 Mvfs;Atria Multi-Version FS;c:\windows\system32\drivers\mvfs51.sys [2010-10-7 513152]

S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]

S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-21 135664]

S3 AM_INSTALL;AccessMaster Update Wizard;c:\program files\evidian\bin\ServUpdate.exe [2006-2-10 323440]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-1-12 30192]

S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-1-14 36608]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-8 15264]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-3-1 65448]

S3 UNS;Intel® Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2008-1-14 2521880]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-1-14 14336]

=============== Created Last 30 ================

2011-01-06 17:17:06 -------- d-----w- c:\docume~1\sfigea~1\applic~1\smkits

2011-01-04 16:14:35 -------- d-----w- c:\docume~1\sfigea~1\applic~1\Ditto

2011-01-04 16:14:27 -------- d-----w- c:\program files\Ditto

2010-12-23 08:57:52 -------- d-----w- c:\documents and settings\sfigeacgalindo\.m2

2010-12-21 15:18:17 -------- d-----w- c:\program files\Devsup

2010-12-08 08:56:38 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll

==================== Find3M ====================

2009-05-08 09:43:40 626688 ----a-w- c:\program files\common files\sapconsaccess.dll

2009-05-08 09:43:40 40960 ----a-w- c:\program files\common files\DigitalSignature.ocx

2009-05-08 09:43:40 3145728 ----a-w- c:\program files\common files\sapxlhelper.dll

2009-05-08 09:43:40 192512 ----a-w- c:\program files\common files\sapconsr3.dll

============= FINISH: 19:00:12.99 ===============

So do you think my PC is still infected ?

Thanks for your help :blink:

S.

Attach.zip

Link to post
Share on other sites

Hello SilvioFG! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

PUP.Dealio :

PUP - Potentially Unwanted Program.

http://computersecurity.wikia.com/wiki/Pot...nwanted_program

Dealio - It's a program that tracks the computer system user

Link to post
Share on other sites

Glad we could help. :P

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.