Jump to content

Google Redirect Virus


Recommended Posts

I am a regular MWBAM user and run a weekly scan with the latest updates. I have been infect for quite some time with the Google Redirect Virus. I tried TDSSKiller.exe and when it finished it indicated that no viruses were detected. Does MWBAM have a tool for detecting and eliminating the Google Redirect Virus? Thanks!

Link to post
Share on other sites

Hi and :welcome:

A universal "google redirect virus" does not exist. There are many types of malware that can cause google redirects. In order to find out what is the culprit in your case, lets run a scan to see what is running.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Link to post
Share on other sites

Hello, here is the contents of the DDS Notepad file that was created during the DDS run:

DDS (Ver_2011-07-14.01) - NTFS_x86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_25

Run by kenjm at 21:18:19 on 2011-07-15

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1245 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ================

.

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Cobian Backup 10\cbService.exe

C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\igfxpers.exe

C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe

C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\VERIZONDM\bin\sprtcmd.exe

C:\Program Files\Verizon\McciTrayApp.exe

C:\Program Files\Cobian Backup 10\cbInterface.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\program files\real\realplayer\update\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\VERIZONDM\bin\sprtsvc.exe

C:\Program Files\VERIZONDM\bin\tgsrvc.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Documents and Settings\kenjm\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\kenjm\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\kenjm\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\kenjm\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\kenjm\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\kenjm\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\kenjm\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\kenjm\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\kenjm\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\kenjm\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

c:\PROGRA~1\mcafee\msc\mcupdmgr.exe

C:\Documents and Settings\kenjm\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\kenjm\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\kenjm\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\System32\svchost.exe -k NetworkService

C:\WINDOWS\System32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110510224933.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

BHO: Windows Live Toolbar Helper: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll

TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>

uRun: [Google Update] "c:\documents and settings\kenjm\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [Dell AIO Printer A920] "c:\program files\dell aio printer a920\dlbkbmgr.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM

mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"

mRun: [Cobian Backup 10 Interface] "c:\program files\cobian backup 10\cbInterface.exe" -service

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

StartupFolder: c:\docume~1\kenjm\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm

IE: Open in new background tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?e44fa492968e45d3ba6715023a5a3a26

IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?e44fa492968e45d3ba6715023a5a3a26

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: mcafee.com

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160707832609

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

TCP: NameServer = 192.168.1.1 68.237.161.12

TCP: Interfaces\{57FC9F39-7AC2-4429-9656-4635F827CD71} : DHCPNameServer = 167.206.251.130 167.206.251.129

TCP: Interfaces\{A34793F8-14A3-445A-97C5-ABE171C35E0D} : DHCPNameServer = 167.206.251.5 167.206.251.69 167.206.251.6

TCP: Interfaces\{C8886ACA-B2AF-4975-BCFC-A3BFF203D06E} : DHCPNameServer = 192.168.1.1 68.237.161.12

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

Handler: ipp - <Clsid value has no data>

Handler: msdaipp - <Clsid value has no data>

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

IFEO: Your Image File Name Here without a path - ntsd -d

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\kenjm\application data\mozilla\firefox\profiles\oacd9d42.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\kenjm\application data\mozilla\firefox\profiles\oacd9d42.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll

FF - plugin: c:\documents and settings\kenjm\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\kenjm\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\kenjm\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\motive\npMotive.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-4-13 387480]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-7-28 84200]

R2 CobianBackup10;Cobian Backup 10;c:\program files\cobian backup 10\cbService.exe [2010-12-17 1125376]

R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2010-10-13 98304]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-29 88176]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-7-28 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-7-28 271480]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-7-28 271480]

R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-7-28 171168]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-7-28 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-7-28 141792]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-7-28 56064]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-4-13 153280]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-4-13 52320]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-7-28 314088]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-7-28 88736]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-8-20 133104]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-20 133104]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-7-28 88736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-7-28 84488]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-4-13 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-4-13 40552]

.

=============== Created Last 30 ================

.

2011-06-16 23:45:42 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-06-16 23:41:09 852480 -c----w- c:\windows\system32\dllcache\vgx.dll

.

==================== Find3M ====================

.

2011-07-06 20:32:45 256 ----a-w- c:\windows\system32\pool.bin

2011-06-11 17:46:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-26 11:07:50 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-04-26 11:07:50 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-04-25 14:47:19 667136 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 14:47:19 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys

.

============= FINISH: 21:20:53.71 ===============

Link to post
Share on other sites

Hi again,

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

Hi Elise,

I ran TDSSkiller as you instructed and no malicious object were found. Here is the log file:

2011/07/16 18:41:58.0750 6912 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56

2011/07/16 18:41:59.0468 6912 ================================================================================

2011/07/16 18:41:59.0468 6912 SystemInfo:

2011/07/16 18:41:59.0468 6912

2011/07/16 18:41:59.0468 6912 OS Version: 5.1.2600 ServicePack: 3.0

2011/07/16 18:41:59.0468 6912 Product type: Workstation

2011/07/16 18:41:59.0468 6912 ComputerName: HEATH03

2011/07/16 18:41:59.0468 6912 UserName: kenjm

2011/07/16 18:41:59.0468 6912 Windows directory: C:\WINDOWS

2011/07/16 18:41:59.0468 6912 System windows directory: C:\WINDOWS

2011/07/16 18:41:59.0468 6912 Processor architecture: Intel x86

2011/07/16 18:41:59.0468 6912 Number of processors: 1

2011/07/16 18:41:59.0468 6912 Page size: 0x1000

2011/07/16 18:41:59.0468 6912 Boot type: Normal boot

2011/07/16 18:41:59.0468 6912 ================================================================================

2011/07/16 18:42:02.0000 6912 Initialize success

2011/07/16 18:42:10.0671 8152 ================================================================================

2011/07/16 18:42:10.0671 8152 Scan started

2011/07/16 18:42:10.0671 8152 Mode: Manual;

2011/07/16 18:42:10.0671 8152 ================================================================================

2011/07/16 18:42:12.0125 8152 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/07/16 18:42:12.0312 8152 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/07/16 18:42:12.0531 8152 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys

2011/07/16 18:42:12.0671 8152 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/07/16 18:42:12.0828 8152 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/07/16 18:42:12.0984 8152 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/07/16 18:42:14.0078 8152 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/07/16 18:42:14.0203 8152 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/07/16 18:42:14.0515 8152 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/07/16 18:42:14.0656 8152 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/07/16 18:42:14.0828 8152 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS

2011/07/16 18:42:14.0984 8152 bcm4sbxp (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

2011/07/16 18:42:15.0140 8152 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/07/16 18:42:15.0312 8152 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/07/16 18:42:15.0406 8152 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/07/16 18:42:15.0609 8152 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/07/16 18:42:15.0750 8152 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/07/16 18:42:15.0953 8152 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/07/16 18:42:16.0125 8152 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys

2011/07/16 18:42:16.0875 8152 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/07/16 18:42:17.0031 8152 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/07/16 18:42:17.0218 8152 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/07/16 18:42:17.0359 8152 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/07/16 18:42:17.0531 8152 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/07/16 18:42:17.0796 8152 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/07/16 18:42:17.0968 8152 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\WINDOWS\system32\drivers\drvmcdb.sys

2011/07/16 18:42:18.0281 8152 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\WINDOWS\system32\drivers\drvnddm.sys

2011/07/16 18:42:18.0531 8152 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/07/16 18:42:18.0703 8152 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/07/16 18:42:18.0984 8152 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys

2011/07/16 18:42:19.0203 8152 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/07/16 18:42:19.0437 8152 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/07/16 18:42:19.0828 8152 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/07/16 18:42:20.0156 8152 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/07/16 18:42:20.0500 8152 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/07/16 18:42:20.0640 8152 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/07/16 18:42:20.0843 8152 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/07/16 18:42:21.0000 8152 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS

2011/07/16 18:42:21.0343 8152 HSFHWBS2 (5380253d2751f2b5d95941c09e7e42ac) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

2011/07/16 18:42:21.0546 8152 HSF_DP (e9a4c20ab168be8bd78486afebba5836) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

2011/07/16 18:42:21.0796 8152 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/07/16 18:42:22.0140 8152 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/07/16 18:42:22.0437 8152 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/07/16 18:42:22.0703 8152 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/07/16 18:42:22.0984 8152 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/07/16 18:42:23.0140 8152 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/07/16 18:42:23.0328 8152 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/07/16 18:42:23.0453 8152 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/07/16 18:42:23.0640 8152 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/07/16 18:42:23.0843 8152 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/07/16 18:42:23.0968 8152 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/07/16 18:42:24.0093 8152 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/07/16 18:42:24.0250 8152 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/07/16 18:42:24.0421 8152 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/07/16 18:42:24.0578 8152 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/07/16 18:42:24.0859 8152 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys

2011/07/16 18:42:25.0015 8152 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys

2011/07/16 18:42:25.0187 8152 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\WINDOWS\system32\drivers\LVUSBSta.sys

2011/07/16 18:42:25.0718 8152 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys

2011/07/16 18:42:26.0578 8152 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys

2011/07/16 18:42:26.0765 8152 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/07/16 18:42:26.0921 8152 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\WINDOWS\system32\drivers\mfeapfk.sys

2011/07/16 18:42:27.0078 8152 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys

2011/07/16 18:42:27.0343 8152 mfebopk (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys

2011/07/16 18:42:27.0484 8152 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys

2011/07/16 18:42:27.0656 8152 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\WINDOWS\system32\drivers\mfehidk.sys

2011/07/16 18:42:27.0812 8152 mfendisk (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

2011/07/16 18:42:27.0859 8152 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

2011/07/16 18:42:28.0015 8152 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys

2011/07/16 18:42:28.0156 8152 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys

2011/07/16 18:42:28.0328 8152 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys

2011/07/16 18:42:28.0468 8152 mfetdi2k (25e12c68b49a64ffc873603dfd578236) C:\WINDOWS\system32\drivers\mfetdi2k.sys

2011/07/16 18:42:28.0625 8152 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/07/16 18:42:28.0796 8152 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/07/16 18:42:28.0937 8152 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/07/16 18:42:29.0078 8152 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/07/16 18:42:29.0343 8152 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

2011/07/16 18:42:29.0718 8152 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

2011/07/16 18:42:30.0046 8152 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/07/16 18:42:30.0453 8152 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/07/16 18:42:31.0062 8152 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/07/16 18:42:31.0187 8152 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/07/16 18:42:31.0328 8152 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/07/16 18:42:31.0500 8152 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/07/16 18:42:31.0734 8152 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/07/16 18:42:31.0968 8152 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/07/16 18:42:32.0093 8152 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/07/16 18:42:32.0234 8152 MxlW2k (e91fc8b52d21e38317dc61a3c7ccfa4b) C:\WINDOWS\system32\drivers\MxlW2k.sys

2011/07/16 18:42:32.0375 8152 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/07/16 18:42:32.0515 8152 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/07/16 18:42:32.0656 8152 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/07/16 18:42:32.0796 8152 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/07/16 18:42:32.0984 8152 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/07/16 18:42:33.0125 8152 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/07/16 18:42:33.0265 8152 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/07/16 18:42:33.0437 8152 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/07/16 18:42:33.0578 8152 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/07/16 18:42:33.0796 8152 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/07/16 18:42:33.0968 8152 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/07/16 18:42:34.0140 8152 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/07/16 18:42:34.0265 8152 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/07/16 18:42:34.0453 8152 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/07/16 18:42:34.0593 8152 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS

2011/07/16 18:42:34.0750 8152 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/07/16 18:42:34.0968 8152 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/07/16 18:42:35.0109 8152 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/07/16 18:42:35.0265 8152 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/07/16 18:42:35.0531 8152 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/07/16 18:42:35.0671 8152 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/07/16 18:42:36.0250 8152 PMEM (2b85237f904c5bdf7ad386f0ede19bd3) C:\WINDOWS\system32\drivers\pmemnt.sys

2011/07/16 18:42:36.0421 8152 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/07/16 18:42:36.0578 8152 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/07/16 18:42:36.0765 8152 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/07/16 18:42:36.0937 8152 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/07/16 18:42:37.0109 8152 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

2011/07/16 18:42:37.0656 8152 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/07/16 18:42:37.0843 8152 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/07/16 18:42:37.0984 8152 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/07/16 18:42:38.0125 8152 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/07/16 18:42:38.0296 8152 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/07/16 18:42:38.0437 8152 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/07/16 18:42:38.0671 8152 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/07/16 18:42:38.0812 8152 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/07/16 18:42:39.0015 8152 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\WINDOWS\system32\Drivers\RimUsb.sys

2011/07/16 18:42:39.0203 8152 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

2011/07/16 18:42:39.0375 8152 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

2011/07/16 18:42:39.0593 8152 RT73 (cb20f16afdba63707fb971e0922edec1) C:\WINDOWS\system32\DRIVERS\rt73.sys

2011/07/16 18:42:39.0750 8152 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/07/16 18:42:39.0937 8152 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/07/16 18:42:40.0218 8152 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/07/16 18:42:40.0531 8152 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/07/16 18:42:40.0687 8152 smwdm (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys

2011/07/16 18:42:40.0875 8152 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

2011/07/16 18:42:41.0125 8152 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/07/16 18:42:41.0281 8152 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/07/16 18:42:41.0453 8152 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/07/16 18:42:41.0593 8152 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\WINDOWS\system32\drivers\sscdbhk5.sys

2011/07/16 18:42:41.0718 8152 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys

2011/07/16 18:42:41.0859 8152 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\WINDOWS\system32\drivers\ssrtln.sys

2011/07/16 18:42:42.0000 8152 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/07/16 18:42:42.0140 8152 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/07/16 18:42:42.0281 8152 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/07/16 18:42:42.0953 8152 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/07/16 18:42:43.0109 8152 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/07/16 18:42:43.0250 8152 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/07/16 18:42:43.0421 8152 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/07/16 18:42:43.0562 8152 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/07/16 18:42:43.0765 8152 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\WINDOWS\system32\dla\tfsnboio.sys

2011/07/16 18:42:44.0015 8152 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\WINDOWS\system32\dla\tfsncofs.sys

2011/07/16 18:42:44.0171 8152 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\WINDOWS\system32\dla\tfsndrct.sys

2011/07/16 18:42:44.0375 8152 tfsndres (130254995ebedcb34d62e8d78ec9dbd0) C:\WINDOWS\system32\dla\tfsndres.sys

2011/07/16 18:42:44.0578 8152 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\WINDOWS\system32\dla\tfsnifs.sys

2011/07/16 18:42:44.0765 8152 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\WINDOWS\system32\dla\tfsnopio.sys

2011/07/16 18:42:44.0984 8152 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\WINDOWS\system32\dla\tfsnpool.sys

2011/07/16 18:42:45.0171 8152 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\WINDOWS\system32\dla\tfsnudf.sys

2011/07/16 18:42:45.0390 8152 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\WINDOWS\system32\dla\tfsnudfa.sys

2011/07/16 18:42:45.0687 8152 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/07/16 18:42:45.0937 8152 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/07/16 18:42:46.0156 8152 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/07/16 18:42:46.0281 8152 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/07/16 18:42:46.0437 8152 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/07/16 18:42:46.0593 8152 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/07/16 18:42:46.0781 8152 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/07/16 18:42:46.0953 8152 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/07/16 18:42:47.0093 8152 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/07/16 18:42:47.0234 8152 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/07/16 18:42:47.0390 8152 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/07/16 18:42:47.0703 8152 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/07/16 18:42:47.0937 8152 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/07/16 18:42:48.0140 8152 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/07/16 18:42:48.0359 8152 winachsf (2e5bc3ddf1c44c84c3093e1148a0354e) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/07/16 18:42:48.0609 8152 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/07/16 18:42:48.0734 8152 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/07/16 18:42:48.0890 8152 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/07/16 18:42:49.0062 8152 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/07/16 18:42:49.0140 8152 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/07/16 18:42:49.0328 8152 MBR (0x1B8) (0792f22bcc85cfd3b28324561fffcabb) \Device\Harddisk1\DR2

2011/07/16 18:42:49.0515 8152 Boot (0x1200) (53173a15d786ed788fef3ea4d982ee51) \Device\Harddisk0\DR0\Partition0

2011/07/16 18:42:49.0531 8152 Boot (0x1200) (1c8da9e753a31ab6ea7a7186b6d9fd5f) \Device\Harddisk1\DR2\Partition0

2011/07/16 18:42:49.0546 8152 ================================================================================

2011/07/16 18:42:49.0546 8152 Scan finished

2011/07/16 18:42:49.0546 8152 ================================================================================

2011/07/16 18:42:49.0562 5676 Detected object count: 0

2011/07/16 18:42:49.0562 5676 Actual detected object count: 0

Link to post
Share on other sites

Hi, at least no rootkits, which is good. :)

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Hi Elise,

I ran ComboFix as you instructed. Here is the log:

ComboFix 11-07-17.03 - kenjm 07/17/2011 21:38:54.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1541 [GMT -4:00]

Running from: c:\documents and settings\kenjm\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Owner\GoToAssistDownloadHelper.exe

c:\documents and settings\Owner\nah_log.dat

c:\documents and settings\Owner\WINDOWS

c:\windows\system32\Packet.dll

c:\windows\system32\rnaph.dll

c:\windows\system32\wpcap.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_TDSSSERV.SYS

.

.

((((((((((((((((((((((((( Files Created from 2011-06-18 to 2011-07-18 )))))))))))))))))))))))))))))))

.

.

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-06 23:52 . 2008-12-27 18:37 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-06 23:52 . 2008-12-27 18:37 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-11 17:46 . 2011-06-11 17:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-02 14:02 . 2003-07-16 20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-05-02 15:31 . 2009-11-26 17:04 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2003-07-16 20:43 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2003-07-16 20:34 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-26 11:07 . 2003-07-16 20:51 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-04-26 11:07 . 2003-07-16 20:26 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-04-25 14:47 . 2003-07-16 20:51 667136 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 14:47 . 2003-07-16 20:47 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-04-21 13:37 . 2003-07-16 20:37 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-03-18 17:53 . 2011-03-25 00:38 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-04-14 18:01 . 2010-07-29 01:52 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-06 53248]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]

"igfxhkcmd"="c:\windows\System32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\System32\igfxpers.exe" [2005-09-20 114688]

"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-12 270336]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]

"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2010-09-02 206120]

"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]

"Cobian Backup 10 Interface"="c:\program files\Cobian Backup 10\cbInterface.exe" [2010-09-23 3154432]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-02 273544]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

.

c:\documents and settings\kenjm\Start Menu\Programs\Startup\

OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2009-11-28 21:09 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\ABC\\abc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\rundll32.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"50000:UDP"= 50000:UDP:IHA_MessageCenter

.

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [7/28/2010 9:51 PM 84200]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [7/28/2010 9:51 PM 56064]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [7/28/2010 9:51 PM 314088]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [7/28/2010 9:51 PM 88736]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [7/28/2010 9:51 PM 88736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [7/28/2010 9:51 PM 84488]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - GTNDIS5

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

2011-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-20 23:48]

.

2011-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-20 23:48]

.

2011-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1757981266-839522115-1007Core.job

- c:\documents and settings\kenjm\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-03 02:18]

.

2011-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1757981266-839522115-1007UA.job

- c:\documents and settings\kenjm\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-03 02:18]

.

2011-07-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-343818398-1757981266-839522115-1007.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2011-07-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-1757981266-839522115-1007.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?e44fa492968e45d3ba6715023a5a3a26

IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?e44fa492968e45d3ba6715023a5a3a26

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 192.168.1.1 68.237.161.12

FF - ProfilePath - c:\documents and settings\kenjm\Application Data\Mozilla\Firefox\Profiles\oacd9d42.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-CTFMON - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-17 21:56

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-343818398-1757981266-839522115-1007\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1288)

c:\windows\system32\GTGina.dll

c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

.

- - - - - - - > 'explorer.exe'(1588)

c:\progra~1\mcafee\SITEAD~1\saHook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\LEXBCES.EXE

c:\windows\system32\rundll32.exe

c:\windows\system32\LEXPPS.EXE

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Cobian Backup 10\cbService.exe

c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\McAfee\SiteAdvisor\McSACore.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe

c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe

c:\windows\system32\PSIService.exe

c:\windows\system32\rundll32.exe

c:\program files\Dell AIO Printer A920\dlbkbmon.exe

c:\program files\VERIZONDM\bin\sprtsvc.exe

c:\program files\VERIZONDM\bin\tgsrvc.exe

c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\Common Files\McAfee\SystemCore\mfefire.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

.

**************************************************************************

.

Completion time: 2011-07-17 22:12:35 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-18 02:12

.

Pre-Run: 51,008,704,512 bytes free

Post-Run: 51,368,177,664 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

.

- - End Of File - - E8CA2CD83B0F89BA6504A8F26D4C2AF8

Thanks... Ken

Link to post
Share on other sites

Could you please also test Internet Explorer?

GMER

-------

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

Link to post
Share on other sites

Could you please also test Internet Explorer?

GMER

-------

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

Hi Elise,

I think GMER fixed my Google redirect problem. After the GMER scan, I had to reboot my computer since it was hung for some reason. But after I rebooted and tried some Google searches,

the search result links worked; no redirects. Unfortunately, I did not get to save the GMER.log due to the system hang.

Just curious: what does GMER do that eliminated this particular virus?

Thanks for all your help!

Regards... Ken Muckenhaupt, Poughkeepsie, NY

Link to post
Share on other sites

GMER is a rootkit scanner, and does not fix things. :) It only scans.

Could you please use your computer a bit and list any remaining problems?

Elise,

Hmmm... Interesting. I'll continue to use the computer for and let you know if I encounter the redirect problem again. For now, it looks like things have cleared up. We must have done something :D

Ken

Link to post
Share on other sites

Okay, please take your time! :)

Hi Elise,

Here is the log from the DDS run I did today:

DDS (Ver_2011-07-14.01) - NTFS_x86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_25

Run by kenjm at 17:50:17 on 2011-07-19

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1463 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ================

.

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Cobian Backup 10\cbService.exe

C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\igfxpers.exe

C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\VERIZONDM\bin\sprtcmd.exe

C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe

C:\Program Files\Verizon\McciTrayApp.exe

C:\Program Files\Cobian Backup 10\cbInterface.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\Logitech\Vid HD\Vid.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\VERIZONDM\bin\sprtsvc.exe

C:\Program Files\VERIZONDM\bin\tgsrvc.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

c:\PROGRA~1\mcafee\msc\mcupdmgr.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\System32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110510224933.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

BHO: Windows Live Toolbar Helper: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll

TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>

uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode

mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [Dell AIO Printer A920] "c:\program files\dell aio printer a920\dlbkbmgr.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM

mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"

mRun: [Cobian Backup 10 Interface] "c:\program files\cobian backup 10\cbInterface.exe" -service

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

StartupFolder: c:\docume~1\kenjm\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm

IE: Open in new background tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?e44fa492968e45d3ba6715023a5a3a26

IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?e44fa492968e45d3ba6715023a5a3a26

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: mcafee.com

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160707832609

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

TCP: NameServer = 192.168.1.1 68.237.161.12

TCP: Interfaces\{57FC9F39-7AC2-4429-9656-4635F827CD71} : DHCPNameServer = 167.206.251.130 167.206.251.129

TCP: Interfaces\{A34793F8-14A3-445A-97C5-ABE171C35E0D} : DHCPNameServer = 167.206.251.5 167.206.251.69 167.206.251.6

TCP: Interfaces\{C8886ACA-B2AF-4975-BCFC-A3BFF203D06E} : DHCPNameServer = 192.168.1.1 68.237.161.12

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

Handler: ipp - <Clsid value has no data>

Handler: msdaipp - <Clsid value has no data>

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

IFEO: Your Image File Name Here without a path - ntsd -d

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\kenjm\application data\mozilla\firefox\profiles\oacd9d42.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-4-13 387480]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-7-28 84200]

R2 CobianBackup10;Cobian Backup 10;c:\program files\cobian backup 10\cbService.exe [2010-12-17 1125376]

R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2010-10-13 98304]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-29 88176]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-7-28 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-7-28 271480]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-7-28 271480]

R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-7-28 171168]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-7-28 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-7-28 141792]

R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2010-9-2 206120]

R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2010-9-2 185640]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-7-28 56064]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-4-13 153280]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-7-28 314088]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-7-28 88736]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-8-20 133104]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-20 133104]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-4-13 52320]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-7-28 88736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-7-28 84488]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-4-13 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-4-13 40552]

.

=============== Created Last 30 ================

.

2011-07-18 01:36:00 -------- d-sha-r- C:\cmdcons

2011-07-18 01:31:37 98816 ----a-w- c:\windows\sed.exe

2011-07-18 01:31:37 256000 ----a-w- c:\windows\PEV.exe

2011-07-18 01:31:37 208896 ----a-w- c:\windows\MBR.exe

.

==================== Find3M ====================

.

2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-06 20:32:45 256 ----a-w- c:\windows\system32\pool.bin

2011-06-11 17:46:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-26 11:07:50 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-04-26 11:07:50 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-04-25 14:47:19 667136 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 14:47:19 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys

.

============= FINISH: 17:51:59.75 ===============

Link to post
Share on other sites

Sorry, but that is dds.txt. I need to see attach.txt (which will be minimized after DDS finishes).

Hi Elise,

I re-ran DDS and have attached attach.txt below. BTW, DDS keeps running in the background and pops up periodically. How do I cancel it? I do not see its process in the Task Manager.

Thanks... Ken

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-07-14.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 11/26/2009 12:14:23 PM

System Uptime: 7/20/2011 7:00:10 AM (1 hours ago)

.

Motherboard: Dell Computer Corp. | | 0K0057

Processor: Intel® Pentium® 4 CPU 2.66GHz | Microprocessor | 2660/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 75 GiB total, 47.849 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 37 GiB total, 27.964 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP206: 4/21/2011 8:49:28 PM - System Checkpoint

RP207: 4/22/2011 9:06:45 PM - System Checkpoint

RP208: 4/23/2011 9:16:21 PM - System Checkpoint

RP209: 4/24/2011 9:46:07 PM - System Checkpoint

RP210: 4/24/2011 11:16:36 PM - Paint.NET v3.5.8

RP211: 4/26/2011 7:19:48 PM - System Checkpoint

RP212: 4/27/2011 10:13:12 PM - System Checkpoint

RP213: 4/28/2011 7:00:20 PM - Software Distribution Service 3.0

RP214: 4/29/2011 7:18:43 PM - System Checkpoint

RP215: 4/30/2011 7:22:41 PM - System Checkpoint

RP216: 5/2/2011 10:41:24 PM - System Checkpoint

RP217: 5/3/2011 11:01:38 PM - System Checkpoint

RP218: 5/4/2011 11:36:43 PM - System Checkpoint

RP219: 5/6/2011 8:45:18 AM - System Checkpoint

RP220: 5/7/2011 10:40:41 AM - System Checkpoint

RP221: 5/8/2011 11:11:35 AM - System Checkpoint

RP222: 5/10/2011 10:47:06 PM - System Checkpoint

RP223: 5/10/2011 11:09:22 PM - Software Distribution Service 3.0

RP224: 5/13/2011 4:26:16 PM - System Checkpoint

RP225: 5/14/2011 8:06:51 PM - System Checkpoint

RP226: 5/16/2011 6:34:35 PM - Removed Skype™ 5.1

RP227: 5/17/2011 7:21:47 PM - System Checkpoint

RP228: 5/18/2011 7:54:45 PM - System Checkpoint

RP229: 5/18/2011 10:36:28 PM - Removed Skype™ 5.3

RP230: 5/19/2011 10:59:27 PM - System Checkpoint

RP231: 5/19/2011 11:45:06 PM - Installed Java 6 Update 25

RP232: 5/21/2011 12:22:50 AM - System Checkpoint

RP233: 5/22/2011 12:41:52 AM - System Checkpoint

RP234: 5/23/2011 7:31:15 PM - System Checkpoint

RP235: 5/24/2011 7:32:02 PM - System Checkpoint

RP236: 5/25/2011 8:16:59 PM - System Checkpoint

RP237: 5/26/2011 8:31:07 PM - System Checkpoint

RP238: 5/27/2011 8:59:24 PM - System Checkpoint

RP239: 5/28/2011 9:24:20 PM - System Checkpoint

RP240: 5/29/2011 10:32:57 PM - System Checkpoint

RP241: 5/30/2011 11:01:52 PM - System Checkpoint

RP242: 5/31/2011 11:02:27 PM - System Checkpoint

RP243: 6/1/2011 11:59:59 PM - System Checkpoint

RP244: 6/3/2011 12:26:57 AM - System Checkpoint

RP245: 6/3/2011 1:48:37 PM - Installed QuickTime

RP246: 6/4/2011 3:06:49 PM - System Checkpoint

RP247: 6/5/2011 3:52:45 PM - System Checkpoint

RP248: 6/6/2011 5:09:21 PM - System Checkpoint

RP249: 6/7/2011 10:13:52 PM - System Checkpoint

RP250: 6/8/2011 10:29:51 PM - System Checkpoint

RP251: 6/9/2011 11:09:32 PM - System Checkpoint

RP252: 6/10/2011 11:45:42 PM - System Checkpoint

RP253: 6/12/2011 12:28:28 AM - System Checkpoint

RP254: 6/13/2011 8:56:45 PM - System Checkpoint

RP255: 6/16/2011 7:53:28 PM - Software Distribution Service 3.0

RP256: 6/17/2011 8:28:02 PM - System Checkpoint

RP257: 6/18/2011 12:54:32 PM - Software Distribution Service 3.0

RP258: 6/19/2011 1:26:23 PM - System Checkpoint

RP259: 6/20/2011 7:08:50 PM - System Checkpoint

RP260: 6/21/2011 7:35:29 PM - System Checkpoint

RP261: 6/22/2011 7:44:03 PM - System Checkpoint

RP262: 6/23/2011 8:39:53 PM - System Checkpoint

RP263: 6/24/2011 9:12:45 PM - System Checkpoint

RP264: 6/25/2011 10:10:32 PM - System Checkpoint

RP265: 6/27/2011 5:39:01 PM - System Checkpoint

RP266: 6/28/2011 7:05:55 PM - System Checkpoint

RP267: 6/29/2011 7:23:05 AM - Software Distribution Service 3.0

RP268: 6/30/2011 5:53:25 PM - System Checkpoint

RP269: 7/1/2011 9:48:51 PM - System Checkpoint

RP270: 7/2/2011 10:06:59 PM - System Checkpoint

RP271: 7/3/2011 10:55:54 PM - System Checkpoint

RP272: 7/4/2011 11:39:34 PM - System Checkpoint

RP273: 7/6/2011 8:13:19 AM - System Checkpoint

RP274: 7/7/2011 8:31:09 AM - System Checkpoint

RP275: 7/8/2011 9:13:56 AM - System Checkpoint

RP276: 7/9/2011 10:35:57 AM - System Checkpoint

RP277: 7/10/2011 11:37:58 AM - System Checkpoint

RP278: 7/11/2011 2:58:56 PM - System Checkpoint

RP279: 7/12/2011 7:12:37 PM - System Checkpoint

RP280: 7/12/2011 11:58:52 PM - Software Distribution Service 3.0

RP281: 7/14/2011 5:40:37 PM - System Checkpoint

RP282: 7/15/2011 6:08:31 PM - System Checkpoint

RP283: 7/16/2011 7:03:41 PM - System Checkpoint

RP284: 7/17/2011 7:49:13 PM - System Checkpoint

RP285: 7/18/2011 8:05:15 PM - System Checkpoint

RP286: 7/19/2011 8:27:35 PM - System Checkpoint

.

==== Installed Programs ======================

.

ABC (remove only)

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.5

Apple Application Support

Apple Mobile Device Support

Apple Software Update

BlackBerry Desktop Software 4.5

Blender (remove only)

Bonjour

Broadcom 440x 10/100 Integrated Controller

Cobian Backup 10

Compact Wireless-G USB Adapter

Compatibility Pack for the 2007 Office system

Conexant SmartHSFi V.9x 56K DF PCI Modem

Coupon Printer for Windows

Dell AIO Printer A920

Dell Digital Jukebox Driver

Dell ResourceCD

FaxTools

Form Fill (Windows Live Toolbar)

FreeMind

Google Chrome

Google Earth

Google Talk (remove only)

Google Talk Plugin

Google Update Helper

GoToAssist 8.0.0.514

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

IHA_MessageCenter

Intel® Extreme Graphics 2 Driver

iTunes

J2SE Development Kit 5.0 Update 10

J2SE Runtime Environment 5.0 Update 10

J2SE Runtime Environment 5.0 Update 11

J2SE Runtime Environment 5.0 Update 6

J2SE Runtime Environment 5.0 Update 9

Java Auto Updater

Java 6 Update 16

Java 6 Update 25

LimeWire 5.3.6

Logitech Updater

Logitech Vid HD

Logitech Webcam Software

Logitech Webcam Software Driver Package

Lotus NotesSQL 3.01 driver

Lotus SmartSuite - English

Malwarebytes' Anti-Malware version 1.51.1.1800

McAfee AntiVirus Plus

McAfee Security Scan Plus

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Money 2003 System Pack

Microsoft Money 2007

Microsoft Money Shared Libraries

Microsoft National Language Support Downlevel APIs

Microsoft Picture It! Photo 7.0

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Word 2002

Microsoft Works 2003 Setup Launcher

Microsoft Works 7.0

Microsoft Works Suite Add-in for Microsoft Word

Mozilla Firefox 4.0 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MUSICMATCH® Jukebox

OneCare Advisor (Windows Live Toolbar)

OpenOffice.org 3.1

Optimum Online net guide

Paint.NET v3.5.8

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Rhapsody

Rhapsody Player Engine

Roxio Media Manager

SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360131)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2416400)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2482017)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2497640)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2530548)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544521)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB913433)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB953155)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Skype™ 4.2

Smart Menus (Windows Live Toolbar)

Sonic DLA

Sonic RecordNow!

Sonic Update Manager

SoundMAX

Superscape Viscape Universal

Tabbed Browsing (Windows Live Toolbar)

TBS WMP Plug-in

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB955759)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Verizon Download Manager

Verizon Help and Support Tool

Viewpoint Media Player

Vz In Home Agent

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Live Outlook Toolbar (Windows Live Toolbar)

Windows Live Sign-in Assistant

Windows Live Toolbar

Windows Live Toolbar Extension (Windows Live Toolbar)

Windows Live Toolbar Feed Detector (Windows Live Toolbar)

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

Works Suite OS Pack

.

==== Event Viewer Messages From Past Week ========

.

7/18/2011 9:29:03 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.

7/18/2011 9:27:41 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

7/18/2011 11:32:05 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/18/2011 11:32:04 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.

7/18/2011 11:32:01 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

7/18/2011 11:29:59 PM, error: Service Control Manager [7022] - The McShield service hung on starting.

7/17/2011 9:55:53 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the mcmscsvc service.

7/17/2011 9:47:28 AM, error: Service Control Manager [7022] - The IHA_MessageCenter service hung on starting.

7/17/2011 9:46:37 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.

7/17/2011 9:31:06 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).

7/17/2011 11:37:12 PM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

7/15/2011 9:18:58 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WUSB54GCSVC service.

.

==== End Of File ===========================

Link to post
Share on other sites

That is strange. It is supposed to run only once. Please delete it altogether.

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

Your Adobe Reader is now up to date!

P2P WARNING

-------------------

Going over your logs I noticed that you have LimeWire installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.

I would recommend that you uninstall LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

  • Download the latest version of Java Runtime Environment (JRE) Version 6.
  • Look for "JDK 6 Update 26 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-6u26-windows-i586.exe

    [*]Save it to your desktop

    [*]Close any programs you may have running - especially your web browser.

    [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

    [*]Reboot your computer once all Java components are removed.

    [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites

That is strange. It is supposed to run only once. Please delete it altogether.

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

Your Adobe Reader is now up to date!

P2P WARNING

-------------------

Going over your logs I noticed that you have LimeWire installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
  • Download the latest version of Java Runtime Environment (JRE) Version 6.
  • Look for "JDK 6 Update 26 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-6u26-windows-i586.exe

    [*]Save it to your desktop[*]Close any programs you may have running - especially your web browser.[*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).[*]Reboot your computer once all Java components are removed.[*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.
    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

      ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, click
List ThreatsClick Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Click the Back button.Click the Finish button.

Hi Elise,

I removed Limewire and updated the Java SDK and Adobe Reader as you suggested. Currently, the ESET scanner is running and when it completes, I will post the results. I deleted DDS completely (even erased it from the re recycle bin) but DDS keeps popping up and asking me to run a scan. It appears to be running somewhere in the background.

Ken

Link to post
Share on other sites

DDS keeps popping up and asking me to run a scan. It appears to be running somewhere in the background.
Have you restarted your computer and does it still happen?

If so, could you make a screenshot when this happens and post it here?

Link to post
Share on other sites

Have you restarted your computer and does it still happen?

If so, could you make a screenshot when this happens and post it here?

Elise

I shutdown last night and rebooted this morning; but, I have not restarted since I deleted DDS completely. I'll reboot after the ESET scan completes.

Ken

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.