brades23 Posted October 3, 2011 ID:481691 Share Posted October 3, 2011 Although I'm not the original poster, I encountered the same issue. I followed the steps but still have the same issue. Here are the two logs. Thank you.TDSSKiller.2.6.2.0_02.10.2011_21.45.52_log21:45:52.0734 3076 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:4321:45:53.0328 3076 ============================================================21:45:53.0328 3076 Current date / time: 2011/10/02 21:45:53.032821:45:53.0328 3076 SystemInfo:21:45:53.0328 3076 21:45:53.0328 3076 OS Version: 5.1.2600 ServicePack: 3.021:45:53.0328 3076 Product type: Workstation21:45:53.0328 3076 ComputerName: KIEDAISCH21:45:53.0328 3076 UserName: Jack21:45:53.0328 3076 Windows directory: C:\WINDOWS21:45:53.0328 3076 System windows directory: C:\WINDOWS21:45:53.0328 3076 Processor architecture: Intel x8621:45:53.0328 3076 Number of processors: 221:45:53.0328 3076 Page size: 0x100021:45:53.0328 3076 Boot type: Normal boot21:45:53.0328 3076 ============================================================21:45:53.0843 3076 Initialize success21:45:55.0203 3576 ============================================================21:45:55.0203 3576 Scan started21:45:55.0203 3576 Mode: Manual; 21:45:55.0203 3576 ============================================================21:45:56.0000 3576 57719641 (86ab9524830ec9cbc40d07c2cd0b8825) C:\WINDOWS\1100378455:2827905470.exe21:45:56.0703 3576 Suspicious file (Hidden): C:\WINDOWS\1100378455:2827905470.exe. md5: 86ab9524830ec9cbc40d07c2cd0b882521:45:56.0703 3576 57719641 ( HiddenFile.Multi.Generic ) - warning21:45:56.0703 3576 57719641 - detected HiddenFile.Multi.Generic (1)21:45:56.0828 3576 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys21:45:56.0828 3576 61883 - ok21:45:56.0890 3576 Abiosdsk - ok21:45:56.0968 3576 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS21:45:56.0968 3576 abp480n5 - ok21:45:57.0203 3576 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys21:45:57.0218 3576 ACPI - ok21:45:57.0281 3576 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys21:45:57.0281 3576 ACPIEC - ok21:45:57.0375 3576 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys21:45:57.0375 3576 adpu160m - ok21:45:57.0500 3576 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys21:45:57.0515 3576 aec - ok21:45:57.0609 3576 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys21:45:57.0625 3576 AFD - ok21:45:57.0703 3576 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys21:45:57.0703 3576 agp440 - ok21:45:57.0781 3576 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys21:45:57.0781 3576 agpCPQ - ok21:45:57.0875 3576 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys21:45:57.0875 3576 Aha154x - ok21:45:57.0968 3576 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys21:45:57.0968 3576 aic78u2 - ok21:45:58.0062 3576 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys21:45:58.0062 3576 aic78xx - ok21:45:58.0156 3576 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys21:45:58.0156 3576 AliIde - ok21:45:58.0218 3576 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys21:45:58.0218 3576 alim1541 - ok21:45:58.0296 3576 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys21:45:58.0296 3576 amdagp - ok21:45:58.0375 3576 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys21:45:58.0375 3576 amsint - ok21:45:58.0609 3576 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys21:45:58.0609 3576 Arp1394 - ok21:45:58.0640 3576 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys21:45:58.0640 3576 asc - ok21:45:58.0718 3576 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys21:45:58.0718 3576 asc3350p - ok21:45:58.0812 3576 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys21:45:58.0812 3576 asc3550 - ok21:45:58.0921 3576 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys21:45:58.0921 3576 ASCTRM - ok21:45:58.0984 3576 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys21:45:58.0984 3576 AsyncMac - ok21:45:59.0031 3576 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys21:45:59.0031 3576 atapi - ok21:45:59.0078 3576 Atdisk - ok21:45:59.0156 3576 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys21:45:59.0171 3576 ati2mtag - ok21:45:59.0250 3576 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys21:45:59.0250 3576 Atmarpc - ok21:45:59.0312 3576 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys21:45:59.0312 3576 audstub - ok21:45:59.0390 3576 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys21:45:59.0390 3576 Avc - ok21:45:59.0468 3576 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys21:45:59.0468 3576 Beep - ok21:45:59.0546 3576 BVRPMPR5 (6598d078d5446197aed6b46c6a2a3431) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS21:45:59.0546 3576 BVRPMPR5 - ok21:45:59.0609 3576 bvrp_pci - ok21:45:59.0687 3576 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys21:45:59.0687 3576 cbidf - ok21:45:59.0750 3576 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys21:45:59.0750 3576 cbidf2k - ok21:45:59.0828 3576 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys21:45:59.0843 3576 CCDECODE - ok21:45:59.0906 3576 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys21:45:59.0906 3576 cd20xrnt - ok21:45:59.0937 3576 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys21:45:59.0953 3576 Cdaudio - ok21:46:00.0000 3576 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys21:46:00.0000 3576 Cdfs - ok21:46:00.0046 3576 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys21:46:00.0046 3576 Cdrom - ok21:46:00.0125 3576 cfwids (142e4e00ad91600a2d20692ed52fafc8) C:\WINDOWS\system32\drivers\cfwids.sys21:46:00.0125 3576 cfwids - ok21:46:00.0171 3576 Changer - ok21:46:00.0250 3576 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys21:46:00.0250 3576 CmdIde - ok21:46:00.0343 3576 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys21:46:00.0343 3576 Cpqarray - ok21:46:00.0468 3576 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys21:46:00.0468 3576 ctsfm2k - ok21:46:00.0515 3576 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys21:46:00.0531 3576 CTUSFSYN - ok21:46:00.0593 3576 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys21:46:00.0609 3576 dac2w2k - ok21:46:00.0671 3576 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys21:46:00.0671 3576 dac960nt - ok21:46:00.0734 3576 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys21:46:00.0734 3576 Disk - ok21:46:00.0828 3576 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys21:46:00.0859 3576 dmboot - ok21:46:00.0937 3576 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys21:46:00.0937 3576 dmio - ok21:46:00.0984 3576 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys21:46:00.0984 3576 dmload - ok21:46:01.0031 3576 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys21:46:01.0031 3576 DMusic - ok21:46:01.0078 3576 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys21:46:01.0078 3576 dpti2o - ok21:46:01.0125 3576 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys21:46:01.0125 3576 drmkaud - ok21:46:01.0187 3576 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys21:46:01.0187 3576 drvmcdb - ok21:46:01.0265 3576 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys21:46:01.0265 3576 drvnddm - ok21:46:01.0468 3576 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys21:46:01.0468 3576 DSproct - ok21:46:01.0562 3576 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys21:46:01.0562 3576 dsunidrv - ok21:46:01.0625 3576 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys21:46:01.0625 3576 E100B - ok21:46:01.0718 3576 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys21:46:01.0734 3576 e1express - ok21:46:01.0812 3576 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys21:46:01.0812 3576 Fastfat - ok21:46:01.0906 3576 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys21:46:01.0906 3576 Fdc - ok21:46:02.0062 3576 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys21:46:02.0062 3576 Fips - ok21:46:02.0125 3576 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys21:46:02.0125 3576 Flpydisk - ok21:46:02.0187 3576 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys21:46:02.0203 3576 FltMgr - ok21:46:02.0250 3576 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys21:46:02.0250 3576 Fs_Rec - ok21:46:02.0281 3576 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys21:46:02.0281 3576 Ftdisk - ok21:46:02.0359 3576 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys21:46:02.0359 3576 GEARAspiWDM - ok21:46:02.0546 3576 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys21:46:02.0546 3576 Gpc - ok21:46:02.0593 3576 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys21:46:02.0609 3576 HDAudBus - ok21:46:02.0656 3576 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys21:46:02.0671 3576 HidUsb - ok21:46:02.0734 3576 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys21:46:02.0750 3576 hpn - ok21:46:02.0812 3576 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys21:46:02.0812 3576 HSFHWBS2 - ok21:46:02.0890 3576 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys21:46:02.0921 3576 HSF_DP - ok21:46:03.0031 3576 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys21:46:03.0046 3576 HTTP - ok21:46:03.0093 3576 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys21:46:03.0109 3576 i2omgmt - ok21:46:03.0171 3576 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys21:46:03.0171 3576 i2omp - ok21:46:03.0250 3576 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys21:46:03.0250 3576 i8042prt - ok21:46:03.0328 3576 iastor (0b2fd26f61874c12257051afb26d3c24) C:\WINDOWS\system32\drivers\iastor.sys21:46:03.0343 3576 iastor - ok21:46:03.0453 3576 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys21:46:03.0453 3576 Imapi - ok21:46:03.0531 3576 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys21:46:03.0531 3576 ini910u - ok21:46:03.0625 3576 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys21:46:03.0625 3576 IntelIde - ok21:46:03.0687 3576 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys21:46:03.0687 3576 intelppm - ok21:46:03.0765 3576 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys21:46:03.0765 3576 Ip6Fw - ok21:46:03.0875 3576 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys21:46:03.0875 3576 IpFilterDriver - ok21:46:04.0031 3576 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys21:46:04.0031 3576 IpInIp - ok21:46:04.0109 3576 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys21:46:04.0140 3576 IpNat - ok21:46:04.0203 3576 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys21:46:04.0203 3576 IPSec - ok21:46:04.0265 3576 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys21:46:04.0281 3576 IRENUM - ok21:46:04.0484 3576 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys21:46:04.0484 3576 isapnp - ok21:46:04.0531 3576 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys21:46:04.0531 3576 Kbdclass - ok21:46:04.0593 3576 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys21:46:04.0593 3576 kbdhid - ok21:46:04.0671 3576 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys21:46:04.0671 3576 kmixer - ok21:46:04.0750 3576 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys21:46:04.0750 3576 KSecDD - ok21:46:04.0812 3576 lbrtfdc - ok21:46:04.0921 3576 MBAMSwissArmy (0905dc0814d738cff53577a59ccd81e0) C:\WINDOWS\system32\drivers\mbamswissarmy.sys21:46:04.0921 3576 MBAMSwissArmy - ok21:46:05.0031 3576 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys21:46:05.0031 3576 mdmxsdk - ok21:46:05.0140 3576 mfeapfk (c373a719d704d12f5a4503f6f10239ff) C:\WINDOWS\system32\drivers\mfeapfk.sys21:46:05.0140 3576 mfeapfk - ok21:46:05.0234 3576 mfeavfk (851ad52871b62457152a8acaff0c632d) C:\WINDOWS\system32\drivers\mfeavfk.sys21:46:05.0250 3576 mfeavfk - ok21:46:05.0296 3576 mfebopk (5b9ffb027669a8ac30aac0b4996bc603) C:\WINDOWS\system32\drivers\mfebopk.sys21:46:05.0296 3576 mfebopk - ok21:46:05.0484 3576 mfefirek (2cabe72e53365834cb9969dde47bd690) C:\WINDOWS\system32\drivers\mfefirek.sys21:46:05.0484 3576 mfefirek - ok21:46:05.0546 3576 mfehidk (46db8f041e928bdc17b8daba249a2148) C:\WINDOWS\system32\drivers\mfehidk.sys21:46:05.0562 3576 mfehidk - ok21:46:05.0609 3576 mfendisk (348e3db31cf458adaa3798fb8af659c3) C:\WINDOWS\system32\DRIVERS\mfendisk.sys21:46:05.0609 3576 mfendisk - ok21:46:05.0625 3576 mfendiskmp (348e3db31cf458adaa3798fb8af659c3) C:\WINDOWS\system32\DRIVERS\mfendisk.sys21:46:05.0625 3576 mfendiskmp - ok21:46:05.0828 3576 mferkdet (316fd7c31cd57ca793fb10912aeeb2d2) C:\WINDOWS\system32\drivers\mferkdet.sys21:46:05.0828 3576 mferkdet - ok21:46:05.0890 3576 mfetdi2k (2026fe7c9e6b26ffeb08cd89c6326b91) C:\WINDOWS\system32\drivers\mfetdi2k.sys21:46:05.0890 3576 mfetdi2k - ok21:46:05.0984 3576 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys21:46:05.0984 3576 MHNDRV - ok21:46:06.0046 3576 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys21:46:06.0046 3576 mnmdd - ok21:46:06.0140 3576 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys21:46:06.0140 3576 Modem - ok21:46:06.0187 3576 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys21:46:06.0187 3576 MODEMCSA - ok21:46:06.0234 3576 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys21:46:06.0234 3576 Mouclass - ok21:46:06.0343 3576 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys21:46:06.0343 3576 mouhid - ok21:46:06.0453 3576 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys21:46:06.0453 3576 MountMgr - ok21:46:06.0531 3576 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys21:46:06.0531 3576 mraid35x - ok21:46:06.0687 3576 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS21:46:06.0687 3576 MREMP50 - ok21:46:06.0750 3576 MREMPR5 - ok21:46:06.0796 3576 MRENDIS5 - ok21:46:06.0828 3576 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS21:46:06.0828 3576 MRESP50 - ok21:46:06.0953 3576 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys21:46:06.0968 3576 MRxDAV - ok21:46:07.0218 3576 MRxSmb (72aa97e57e1e2e560355c8ec45e50bed) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys21:46:07.0234 3576 MRxSmb - ok21:46:07.0312 3576 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys21:46:07.0312 3576 MSDV - ok21:46:07.0484 3576 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys21:46:07.0500 3576 Msfs - ok21:46:07.0578 3576 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys21:46:07.0578 3576 MSKSSRV - ok21:46:07.0656 3576 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys21:46:07.0656 3576 MSPCLOCK - ok21:46:07.0734 3576 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys21:46:07.0734 3576 MSPQM - ok21:46:07.0812 3576 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys21:46:07.0812 3576 mssmbios - ok21:46:07.0875 3576 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys21:46:07.0875 3576 MSTEE - ok21:46:07.0953 3576 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys21:46:07.0968 3576 Mup - ok21:46:08.0031 3576 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys21:46:08.0031 3576 NABTSFEC - ok21:46:08.0093 3576 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys21:46:08.0109 3576 NDIS - ok21:46:08.0171 3576 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys21:46:08.0171 3576 NdisIP - ok21:46:08.0234 3576 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys21:46:08.0234 3576 NdisTapi - ok21:46:08.0296 3576 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys21:46:08.0296 3576 Ndisuio - ok21:46:08.0343 3576 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys21:46:08.0343 3576 NdisWan - ok21:46:08.0468 3576 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys21:46:08.0468 3576 NDProxy - ok21:46:08.0531 3576 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys21:46:08.0531 3576 NetBIOS - ok21:46:08.0578 3576 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys21:46:08.0593 3576 NetBT - ok21:46:08.0703 3576 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys21:46:08.0703 3576 NIC1394 - ok21:46:08.0812 3576 nmwcd (48fb907b069524f2dc7ba62a0762850c) C:\WINDOWS\system32\drivers\ccdcmb.sys21:46:08.0812 3576 nmwcd - ok21:46:08.0890 3576 nmwcdc (2914ceb789964141ac6e22c6bc980c42) C:\WINDOWS\system32\drivers\ccdcmbo.sys21:46:08.0890 3576 nmwcdc - ok21:46:08.0968 3576 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys21:46:08.0968 3576 Npfs - ok21:46:09.0031 3576 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys21:46:09.0062 3576 Ntfs - ok21:46:09.0109 3576 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys21:46:09.0109 3576 Null - ok21:46:09.0250 3576 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys21:46:09.0312 3576 nv - ok21:46:09.0406 3576 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys21:46:09.0406 3576 NwlnkFlt - ok21:46:09.0500 3576 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys21:46:09.0500 3576 NwlnkFwd - ok21:46:09.0562 3576 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys21:46:09.0562 3576 ohci1394 - ok21:46:09.0656 3576 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys21:46:09.0656 3576 ossrv - ok21:46:09.0734 3576 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys21:46:09.0734 3576 Parport - ok21:46:09.0796 3576 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys21:46:09.0796 3576 PartMgr - ok21:46:09.0859 3576 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys21:46:09.0859 3576 ParVdm - ok21:46:09.0921 3576 PCAMPR5 - ok21:46:10.0015 3576 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys21:46:10.0015 3576 pccsmcfd - ok21:46:10.0093 3576 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys21:46:10.0093 3576 PCI - ok21:46:10.0125 3576 PCIDump - ok21:46:10.0171 3576 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys21:46:10.0171 3576 PCIIde - ok21:46:10.0265 3576 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys21:46:10.0265 3576 Pcmcia - ok21:46:10.0328 3576 PDCOMP - ok21:46:10.0421 3576 PDFRAME - ok21:46:10.0468 3576 PDRELI - ok21:46:10.0500 3576 PDRFRAME - ok21:46:10.0578 3576 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys21:46:10.0578 3576 perc2 - ok21:46:10.0671 3576 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys21:46:10.0671 3576 perc2hib - ok21:46:10.0781 3576 pfc (ed2e7f396b4098608c95bc3806bdf6fc) C:\WINDOWS\system32\drivers\pfc.sys21:46:10.0781 3576 pfc - ok21:46:10.0921 3576 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys21:46:10.0921 3576 PptpMiniport - ok21:46:11.0015 3576 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys21:46:11.0031 3576 PSched - ok21:46:11.0062 3576 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys21:46:11.0078 3576 Ptilink - ok21:46:11.0156 3576 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys21:46:11.0156 3576 PxHelp20 - ok21:46:11.0234 3576 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys21:46:11.0234 3576 ql1080 - ok21:46:11.0328 3576 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys21:46:11.0328 3576 Ql10wnt - ok21:46:11.0500 3576 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys21:46:11.0500 3576 ql12160 - ok21:46:11.0593 3576 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys21:46:11.0593 3576 ql1240 - ok21:46:11.0687 3576 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys21:46:11.0687 3576 ql1280 - ok21:46:11.0750 3576 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys21:46:11.0765 3576 RasAcd - ok21:46:11.0812 3576 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys21:46:11.0812 3576 Rasl2tp - ok21:46:11.0859 3576 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys21:46:11.0859 3576 RasPppoe - ok21:46:11.0890 3576 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys21:46:11.0906 3576 Raspti - ok21:46:11.0953 3576 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys21:46:11.0953 3576 Rdbss - ok21:46:12.0062 3576 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys21:46:12.0062 3576 RDPCDD - ok21:46:12.0156 3576 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys21:46:12.0156 3576 rdpdr - ok21:46:12.0218 3576 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys21:46:12.0234 3576 RDPWD - ok21:46:12.0281 3576 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys21:46:12.0281 3576 redbook - ok21:46:12.0453 3576 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys21:46:12.0453 3576 Secdrv - ok21:46:12.0546 3576 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys21:46:12.0546 3576 serenum - ok21:46:12.0625 3576 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys21:46:12.0625 3576 Serial - ok21:46:12.0671 3576 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys21:46:12.0671 3576 Sfloppy - ok21:46:12.0812 3576 sigfilt (6bd3976b881888ac9a0ed3eb94e7fd38) C:\WINDOWS\system32\drivers\sigfilt.sys21:46:12.0875 3576 sigfilt - ok21:46:12.0906 3576 Simbad - ok21:46:13.0000 3576 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys21:46:13.0000 3576 sisagp - ok21:46:13.0156 3576 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys21:46:13.0156 3576 SLIP - ok21:46:13.0265 3576 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys21:46:13.0265 3576 Sparrow - ok21:46:13.0343 3576 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys21:46:13.0343 3576 splitter - ok21:46:13.0421 3576 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys21:46:13.0437 3576 sr - ok21:46:13.0546 3576 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys21:46:13.0562 3576 Srv - ok21:46:13.0640 3576 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys21:46:13.0640 3576 sscdbhk5 - ok21:46:13.0734 3576 ssfs0bbc (6c46d1d2fc31a8cf0f1d6f9d6859d836) C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys21:46:13.0734 3576 ssfs0bbc - ok21:46:13.0796 3576 SSHRMD (cfbd9006204468f64c5737f71eb602f3) C:\WINDOWS\system32\Drivers\SSHRMD.SYS21:46:13.0796 3576 SSHRMD - ok21:46:13.0859 3576 SSIDRV (808c18876dd615b82f08298c98af46b2) C:\WINDOWS\system32\Drivers\SSIDRV.SYS21:46:13.0875 3576 SSIDRV - ok21:46:13.0953 3576 SSKBFD (8564bc9598be1705477b7fa61d657c2b) C:\WINDOWS\system32\Drivers\sskbfd.sys21:46:13.0953 3576 SSKBFD - ok21:46:14.0015 3576 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys21:46:14.0015 3576 ssrtln - ok21:46:14.0125 3576 STHDA (b95480c92c4c9c311be47b8a1ad73770) C:\WINDOWS\system32\drivers\sthda.sys21:46:14.0250 3576 STHDA - ok21:46:14.0468 3576 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys21:46:14.0468 3576 streamip - ok21:46:14.0765 3576 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys21:46:14.0765 3576 swenum - ok21:46:15.0531 3576 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys21:46:15.0531 3576 swmidi - ok21:46:15.0765 3576 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys21:46:15.0781 3576 symc810 - ok21:46:15.0937 3576 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys21:46:15.0937 3576 symc8xx - ok21:46:16.0031 3576 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys21:46:16.0031 3576 sym_hi - ok21:46:16.0125 3576 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys21:46:16.0125 3576 sym_u3 - ok21:46:16.0390 3576 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys21:46:16.0390 3576 sysaudio - ok21:46:16.0859 3576 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys21:46:16.0875 3576 Tcpip - ok21:46:16.0953 3576 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys21:46:16.0953 3576 TDPIPE - ok21:46:17.0203 3576 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys21:46:17.0203 3576 TDTCP - ok21:46:17.0296 3576 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys21:46:17.0296 3576 TermDD - ok21:46:17.0468 3576 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys21:46:17.0468 3576 tfsnboio - ok21:46:17.0500 3576 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys21:46:17.0500 3576 tfsncofs - ok21:46:17.0546 3576 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys21:46:17.0546 3576 tfsndrct - ok21:46:17.0593 3576 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys21:46:17.0593 3576 tfsndres - ok21:46:17.0796 3576 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys21:46:17.0796 3576 tfsnifs - ok21:46:17.0843 3576 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys21:46:17.0843 3576 tfsnopio - ok21:46:17.0875 3576 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys21:46:17.0875 3576 tfsnpool - ok21:46:17.0921 3576 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys21:46:17.0921 3576 tfsnudf - ok21:46:17.0968 3576 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys21:46:17.0968 3576 tfsnudfa - ok21:46:18.0046 3576 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys21:46:18.0046 3576 TosIde - ok21:46:18.0140 3576 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys21:46:18.0140 3576 Udfs - ok21:46:18.0312 3576 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys21:46:18.0312 3576 ultra - ok21:46:18.0421 3576 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys21:46:18.0421 3576 UnlockerDriver5 - ok21:46:18.0546 3576 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys21:46:18.0578 3576 Update - ok21:46:18.0750 3576 upperdev (e526a166e6acafd0a9b3841d3941669e) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys21:46:18.0750 3576 upperdev - ok21:46:18.0875 3576 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys21:46:18.0875 3576 USBAAPL - ok21:46:19.0000 3576 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys21:46:19.0000 3576 usbccgp - ok21:46:19.0031 3576 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys21:46:19.0031 3576 usbehci - ok21:46:19.0078 3576 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys21:46:19.0078 3576 usbhub - ok21:46:19.0125 3576 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys21:46:19.0125 3576 usbprint - ok21:46:19.0171 3576 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys21:46:19.0171 3576 usbscan - ok21:46:19.0281 3576 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys21:46:19.0281 3576 usbser - ok21:46:19.0375 3576 UsbserFilt (6f3e3c6811b930d2414552a2e4a40f36) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys21:46:19.0375 3576 UsbserFilt - ok21:46:19.0437 3576 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS21:46:19.0437 3576 USBSTOR - ok21:46:19.0484 3576 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys21:46:19.0484 3576 usbuhci - ok21:46:19.0546 3576 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys21:46:19.0562 3576 VgaSave - ok21:46:19.0640 3576 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys21:46:19.0640 3576 viaagp - ok21:46:19.0734 3576 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys21:46:19.0734 3576 ViaIde - ok21:46:19.0859 3576 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys21:46:19.0859 3576 VolSnap - ok21:46:19.0906 3576 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys21:46:19.0906 3576 Wanarp - ok21:46:19.0953 3576 wanatw - ok21:46:20.0031 3576 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys21:46:20.0046 3576 Wdf01000 - ok21:46:20.0093 3576 WDICA - ok21:46:20.0140 3576 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys21:46:20.0156 3576 wdmaud - ok21:46:20.0359 3576 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys21:46:20.0390 3576 winachsf - ok21:46:20.0500 3576 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys21:46:20.0500 3576 WpdUsb - ok21:46:20.0562 3576 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys21:46:20.0562 3576 WS2IFSL - ok21:46:20.0640 3576 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS21:46:20.0640 3576 WSTCODEC - ok21:46:20.0734 3576 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys21:46:20.0734 3576 WudfPf - ok21:46:20.0890 3576 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys21:46:20.0906 3576 WudfRd - ok21:46:20.0937 3576 MBR (0x1B8) (e175c5c4ddfda9cb9c071eb890750c05) \Device\Harddisk0\DR021:46:20.0953 3576 \Device\Harddisk0\DR0 - ok21:46:20.0953 3576 MBR (0x1B8) (06449e7c4af0550b77e260798769aa40) \Device\Harddisk1\DR421:46:20.0953 3576 \Device\Harddisk1\DR4 - ok21:46:20.0968 3576 Boot (0x1200) (ec288c615e039963aae5b653c93ae10b) \Device\Harddisk0\DR0\Partition021:46:20.0968 3576 \Device\Harddisk0\DR0\Partition0 - ok21:46:20.0968 3576 Boot (0x1200) (6d18a405eda8ede01766fd9e2477ed07) \Device\Harddisk1\DR4\Partition021:46:20.0968 3576 \Device\Harddisk1\DR4\Partition0 - ok21:46:20.0968 3576 ============================================================21:46:20.0968 3576 Scan finished21:46:20.0968 3576 ============================================================21:46:20.0984 3788 Detected object count: 121:46:20.0984 3788 Actual detected object count: 121:49:55.0890 3788 HKLM\SYSTEM\ControlSet002\services\57719641 - will be deleted on reboot21:49:55.0890 3788 HKLM\SYSTEM\ControlSet003\services\57719641 - will be deleted on reboot21:49:55.0890 3788 C:\WINDOWS\1100378455:2827905470.exe - will be deleted on reboot21:49:55.0890 3788 57719641 ( HiddenFile.Multi.Generic ) - User select action: Delete 21:50:22.0390 1544 Deinitialize successDDS.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26Run by Jack at 21:13:25 on 2011-10-02Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.614 [GMT -5:00].AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Firewall *Enabled* .============== Running Processes ===============.C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\1100378455:2827905470.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATT-SST\McciTrayApp.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Creative\MediaSource\Detector\CTDetect.exeC:\Program Files\DellSupport\DSAgnt.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\Program Files\Common Files\Motive\McciCMService.exeC:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exesvchost.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\dllhost.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/ig/dell?hl=enuSearch Page = hxxp://www.google.com/hws/sb/dell/en/side.htmluDefault_Page_URL = hxxp://att.netuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uSearch Bar = hxxp://www.google.com/hws/sb/dell/en/side.htmluInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=enmSearchAssistant = hxxp://www.google.com/hws/sb/dell/en/side.htmluURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110918114827.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dllBHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllEB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dlluRun: [setDefaultMIDI] MIDIDef.exeuRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /RuRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startupuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"mRun: [userFaultCheck] "c:\windows\system32\dumprep.exe" 0 -umRun: [KernelFaultCheck] "c:\windows\system32\dumprep.exe" 0 -kmRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [switchBoard] "c:\program files\common files\adobe\switchboard\SwitchBoard.exe"dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tdRunOnce: [RunNarrator] Narrator.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.htmlIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLLIE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLLIE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dllLSP: mswsock.dllDPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabTCP: DhcpNameServer = 192.168.1.254TCP: Interfaces\{6FD11E35-8F25-42F5-83EA-4503FF459143} : DhcpNameServer = 192.168.1.254Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dllHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllmASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12.================= FIREFOX ===================.FF - ProfilePath - .============= SERVICES / DRIVERS ===============.R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-25 461864]R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29832]R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-25 89624]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-28 88176]R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-25 214904]R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-25 214904]R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-25 214904]R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-25 160344]R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-25 148520]R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-29 24652]R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2009-3-15 1201656]R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-25 57432]R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-25 180072]R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-25 338040]R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-25 83688]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-25 166024]S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2011-3-22 4048256]S3 {E759A799-4756-46F5-B08BAC5C630D6E50};{E759A799-4756-46F5-B08BAC5C630D6E50};c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-25 59288]S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-25 83688]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-25 87808]S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096].=============== Created Last 30 ================.2011-10-03 02:05:23 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-10-03 02:01:52 -------- d-----w- c:\documents and settings\jack\application data\Malwarebytes2011-10-03 02:01:26 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes2011-10-03 02:01:23 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-10-03 02:01:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-09-18 16:48:27 28504 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll2011-09-09 13:39:54 -------- d-----w- c:\documents and settings\all users\application data\regid.1986-12.com.adobe2011-09-09 02:03:15 -------- d-----w- c:\program files\Adobe Download Assistant.==================== Find3M ====================.2011-09-28 00:33:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-08-15 15:00:06 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys2011-08-15 15:00:06 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys2011-08-15 15:00:06 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys2011-08-15 15:00:06 83688 ----a-w- c:\windows\system32\drivers\mfendisk.sys2011-08-15 15:00:06 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys2011-08-15 15:00:06 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys2011-08-15 15:00:06 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys2011-08-15 15:00:06 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys2011-08-15 15:00:06 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys2011-08-15 15:00:06 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys.============= FINISH: 21:15:01.79 =============== Link to post Share on other sites More sharing options...
Staff screen317 Posted October 5, 2011 Staff ID:482659 Share Posted October 5, 2011 Hi,Please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
brades23 Posted October 6, 2011 Author ID:482754 Share Posted October 6, 2011 Thank you very much.ComboFixComboFix 11-10-05.02 - Jack 10/05/2011 20:13:34.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.649 [GMT -5:00]Running from: c:\documents and settings\Jack\Desktop\ComboFix.exeAV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Application Data\HNwUijLvsL.exec:\documents and settings\HelpAssistant\WINDOWSc:\documents and settings\Joel\WINDOWSc:\windows\$NtUninstallKB16079$\1070045055c:\windows\$NtUninstallKB16079$\1467061825\@c:\windows\$NtUninstallKB16079$\1467061825\bckfg.tmpc:\windows\$NtUninstallKB16079$\1467061825\cfg.inic:\windows\$NtUninstallKB16079$\1467061825\Desktop.inic:\windows\$NtUninstallKB16079$\1467061825\keywordsc:\windows\$NtUninstallKB16079$\1467061825\kwrd.dllc:\windows\$NtUninstallKB16079$\1467061825\L\pdmzmplgc:\windows\$NtUninstallKB16079$\1467061825\lsflt7.verc:\windows\$NtUninstallKB16079$\1467061825\U\00000001.$c:\windows\$NtUninstallKB16079$\1467061825\U\00000001.@c:\windows\$NtUninstallKB16079$\1467061825\U\00000002.$c:\windows\$NtUninstallKB16079$\1467061825\U\00000002.@c:\windows\$NtUninstallKB16079$\1467061825\U\80000000.@c:\windows\$NtUninstallKB16079$\1467061825\U\80000032.$c:\windows\$NtUninstallKB16079$\1467061825\U\80000032.@c:\windows\kb913800.exec:\windows\$NtUninstallKB16079$ . . . . Failed to delete..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_57719641..((((((((((((((((((((((((( Files Created from 2011-09-06 to 2011-10-06 )))))))))))))))))))))))))))))))..2011-10-06 00:38 . 2011-10-06 00:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe2011-10-06 00:34 . 2011-08-19 20:56 28504 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll2011-10-04 01:00 . 2011-10-04 01:01 -------- d-----w- c:\documents and settings\Jack\Local Settings\Application Data\Adobe2011-10-03 02:43 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-10-03 02:29 . 2011-10-03 02:29 -------- d-----w- c:\program files\Unlocker2011-10-03 02:20 . 2011-10-03 02:20 -------- d-----w- C:\TDSSKiller_Quarantine2011-10-03 02:05 . 2011-10-03 02:44 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-10-03 02:01 . 2011-10-03 02:01 -------- d-----w- c:\documents and settings\Jack\Application Data\Malwarebytes2011-10-03 02:01 . 2011-10-03 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2011-10-03 02:01 . 2011-10-03 02:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-09-09 13:39 . 2011-09-09 13:39 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe2011-09-09 02:03 . 2011-09-09 02:03 -------- d-----w- c:\program files\Adobe Download Assistant2011-09-09 02:02 . 2011-09-09 02:02 -------- d-----w- c:\program files\Common Files\Adobe AIR...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-09-28 00:33 . 2011-06-05 19:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-08-15 15:00 . 2010-08-26 01:56 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys2011-08-15 15:00 . 2010-08-26 01:56 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys2011-08-15 15:00 . 2010-08-26 01:56 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys2011-08-15 15:00 . 2010-08-26 01:56 83688 ----a-w- c:\windows\system32\drivers\mfendisk.sys2011-08-15 15:00 . 2010-08-26 01:56 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys2011-08-15 15:00 . 2010-08-26 01:56 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys2011-08-15 15:00 . 2010-08-26 01:56 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys2011-08-15 15:00 . 2010-08-26 01:56 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys2011-08-15 15:00 . 2010-08-26 01:56 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys2011-08-15 15:00 . 2010-08-26 01:56 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys2011-04-14 19:01 . 2010-08-26 01:56 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll..------- Sigcheck -------Note: Unsigned files aren't necessarily malware..[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe.c:\windows\System32\ctfmon.exe ... is missing !!.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-26 68856].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2009-10-22 1577984]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"RunNarrator"="Narrator.exe" [2008-04-14 53760].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]@="Service".[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnkbackup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnkbackup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnkbackup=c:\windows\pss\Digital Line Detect.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnkbackup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnkbackup=c:\windows\pss\ymetray.lnkCommon StartupHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MskAgentexeHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]2005-08-06 03:05 344064 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]2006-02-09 22:34 106496 -c--a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]2004-12-03 00:23 102400 ------w- c:\program files\Creative\MediaSource\Detector\CTDetect.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]2005-09-15 15:47 57344 -c----w- c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]2005-05-31 11:33 122941 -c--a-w- c:\windows\system32\dla\tfswctrl.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCCCATS]2005-06-07 18:38 69632 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\dlcctime.dll.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]2005-07-22 19:03 425984 -c--a-w- c:\program files\Dell Photo AIO Printer 924\dlccmon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]2005-02-23 22:19 53248 -c----w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]2005-09-29 20:01 67584 -c--a-w- c:\windows\ehome\ehtray.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]2005-06-17 13:56 139264 -c--a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]2005-06-10 16:44 249856 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]2005-06-10 16:44 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2011-03-07 20:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]2005-05-19 14:54 1345520 -c--a-w- c:\windows\system32\CTMBHA.DLL.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]2006-01-05 23:44 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]2004-12-22 23:40 24576 ----a-w- c:\windows\MIDIDEF.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]2005-03-23 06:20 339968 -c--a-w- c:\windows\stsystra.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]2007-07-12 09:00 132496 -c--a-w- c:\program files\Java\jre1.6.0_02\bin\jusched.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]2007-07-26 01:35 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]2000-05-11 07:00 90112 -c----w- c:\windows\Updreg.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]2005-09-19 13:42 1159168 -c----w- c:\program files\Creative\VoiceCenter\AndreaVC.exe.[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001"FirewallOverride"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)"DisableNotifications"= 1 (0x1).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"="c:\\Program Files\\Real\\RealPlayer\\realplay.exe"="c:\\Program Files\\Java\\jdk1.6.0_06\\jre\\bin\\java.exe"="c:\\Program Files\\Java\\jre1.6.0_06\\bin\\javaw.exe"="c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3596:UDP"= 3596:UDP:Windows Media Format SDK (wmplayer.exe)"65533:TCP"= 65533:TCP:Services"52344:TCP"= 52344:TCP:Services"2479:TCP"= 2479:TCP:Services"3246:TCP"= 3246:TCP:Services"3389:TCP"= 3389:TCP:Remote Desktop"7540:TCP"= 7540:TCP:Services"7541:TCP"= 7541:TCP:Services.R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [8/9/2008 2:42 PM 29832]R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [8/25/2010 8:56 PM 89624]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/28/2008 7:36 PM 94880]R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/25/2010 8:56 PM 214904]R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/25/2010 8:56 PM 214904]R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [8/25/2010 8:57 PM 160344]R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [8/25/2010 8:56 PM 148520]R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/29/2008 8:42 PM 24652]R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [3/15/2009 8:21 PM 1201656]R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [8/25/2010 8:56 PM 57432]R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [8/25/2010 8:56 PM 338040]R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [8/25/2010 8:56 PM 83688]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 4:18 PM 135664]S3 {E759A799-4756-46F5-B08BAC5C630D6E50};{E759A799-4756-46F5-B08BAC5C630D6E50};c:\windows\System32\svchost.exe -k netsvcs [8/16/2005 5:18 AM 14336]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 4:18 PM 135664]S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [8/25/2010 8:56 PM 83688]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/25/2010 8:56 PM 87808]S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096].[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll.Contents of the 'Scheduled Tasks' folder.2011-08-23 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50].2011-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 21:18].2011-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 21:18].2011-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1822975280-1932388528-3927860585-1007Core.job- c:\documents and settings\Jen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-17 01:49].2011-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1822975280-1932388528-3927860585-1007UA.job- c:\documents and settings\Jen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-17 01:49].2011-10-06 c:\windows\Tasks\RegistryBooster.job- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-03-14 15:31]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/ig/dell?hl=enuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=enIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.htmlTCP: DhcpNameServer = 192.168.1.254DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cabFF - ProfilePath - .- - - - ORPHANS REMOVED - - - -.HKU-Default-Run-HNwUijLvsL.exe - c:\documents and settings\All Users\Application Data\HNwUijLvsL.exeSafeBoot-11573089.sysSafeBoot-42704237.sysSafeBoot-86609227.sysSafeBoot-90390051.sysSafeBoot-WudfPfSafeBoot-WudfRdSafeBoot-svcWRSSSDKMSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeMSConfigStartUp-ctfmon - c:\windows\system32\ctfmon.exeMSConfigStartUp-MimBoot - c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exeMSConfigStartUp-Motive SmartBridge - c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exeMSConfigStartUp-SpySweeper - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exeAddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-10-05 20:34Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,fe,99,dd,81,15,12,49,b9,52,b4,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,fe,99,dd,81,15,12,49,b9,52,b4,\.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'explorer.exe'(2324)c:\windows\system32\WININET.dllc:\progra~1\mcafee\SITEAD~1\saHook.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\Ati2evxx.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\windows\system32\CTsvcCDA.exec:\windows\eHome\ehRecvr.exec:\windows\eHome\ehSched.exec:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exec:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exec:\program files\Java\jre6\bin\jqs.exec:\program files\Common Files\Motive\McciCMService.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\windows\ehome\mcrdsvc.exec:\windows\system32\rundll32.exec:\windows\system32\wscntfy.exec:\windows\system32\dllhost.exec:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exec:\progra~1\mcafee.com\agent\mcagent.exec:\windows\system32\msiexec.exec:\windows\system32\MsiExec.exe.**************************************************************************.Completion time: 2011-10-05 20:39:10 - machine was rebootedComboFix-quarantined-files.txt 2011-10-06 01:39.Pre-Run: 77,117,448,192 bytes freePost-Run: 77,366,919,168 bytes free.- - End Of File - - BE3B6A7283D79DF15ACC1EDD8F5C7D7EDDS.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26Run by Jack at 20:41:51 on 2011-10-05Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.514 [GMT -5:00].AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Firewall *Enabled* .============== Running Processes ===============.C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exe -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\Program Files\Common Files\Motive\McciCMService.exeC:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exesvchost.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\ATT-SST\McciTrayApp.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Creative\MediaSource\Detector\CTDetect.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exec:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\WINDOWS\system32\msiexec.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\MsiExec.exeC:\WINDOWS\system32\notepad.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/ig/dell?hl=enuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=enuURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110918114827.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dllBHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dlluRun: [setDefaultMIDI] MIDIDef.exeuRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /RuRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startupuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [switchBoard] "c:\program files\common files\adobe\switchboard\SwitchBoard.exe"mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tdRunOnce: [RunNarrator] Narrator.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.htmlIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLLIE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLLIE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dllDPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabTCP: DhcpNameServer = 192.168.1.254TCP: Interfaces\{6FD11E35-8F25-42F5-83EA-4503FF459143} : DhcpNameServer = 192.168.1.254Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dllHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllmASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12.================= FIREFOX ===================.FF - ProfilePath - .============= SERVICES / DRIVERS ===============.R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-25 461864]R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29832]R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-25 89624]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-28 94880]R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-25 214904]R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-25 214904]R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-25 214904]R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-25 160344]R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-25 148520]R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-29 24652]R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2009-3-15 1201656]R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-25 57432]R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-25 180072]R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-25 338040]R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-25 83688]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-25 166024]S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2011-3-22 4048256]S3 {E759A799-4756-46F5-B08BAC5C630D6E50};{E759A799-4756-46F5-B08BAC5C630D6E50};c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-25 59288]S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-25 83688]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-25 87808]S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096].=============== Created Last 30 ================.2011-10-06 00:34:33 28504 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll2011-10-04 01:01:03 -------- d-sha-r- C:\cmdcons2011-10-04 01:00:41 -------- d-----w- c:\documents and settings\jack\local settings\application data\Adobe2011-10-04 00:54:35 208896 ----a-w- c:\windows\MBR.exe2011-10-04 00:54:34 518144 ----a-w- c:\windows\SWREG.exe2011-10-04 00:54:34 256000 ----a-w- c:\windows\PEV.exe2011-10-04 00:54:33 98816 ----a-w- c:\windows\sed.exe2011-10-03 02:43:20 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-10-03 02:29:58 -------- d-----w- c:\program files\Unlocker2011-10-03 02:20:46 -------- d-----w- C:\TDSSKiller_Quarantine2011-10-03 02:05:23 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-10-03 02:01:52 -------- d-----w- c:\documents and settings\jack\application data\Malwarebytes2011-10-03 02:01:26 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes2011-10-03 02:01:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-09-09 13:39:54 -------- d-----w- c:\documents and settings\all users\application data\regid.1986-12.com.adobe2011-09-09 02:03:15 -------- d-----w- c:\program files\Adobe Download Assistant.==================== Find3M ====================.2011-09-28 00:33:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-08-15 15:00:06 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys2011-08-15 15:00:06 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys2011-08-15 15:00:06 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys2011-08-15 15:00:06 83688 ----a-w- c:\windows\system32\drivers\mfendisk.sys2011-08-15 15:00:06 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys2011-08-15 15:00:06 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys2011-08-15 15:00:06 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys2011-08-15 15:00:06 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys2011-08-15 15:00:06 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys2011-08-15 15:00:06 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys.============= FINISH: 20:42:09.03 =============== Link to post Share on other sites More sharing options...
Staff screen317 Posted October 10, 2011 Staff ID:483761 Share Posted October 10, 2011 Hi,Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.Next, please open Notepad - don't use any other text editor than notepad or the script will fail.Copy/paste the text in the box below into Notepad:FCOPY::c:\windows\system32\dllcache\ctfmon.exe | c:\windows\system32\ctfmon.exeSave this as CFScript Then drag the CFScript into ComboFix.exe as you see in the screenshot below.This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.-screen317 Link to post Share on other sites More sharing options...
brades23 Posted October 10, 2011 Author ID:484084 Share Posted October 10, 2011 Thanks again, here is the info.ComboFix 11-10-09.01 - Jack 10/09/2011 21:05:56.2.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.539 [GMT -5:00]Running from: c:\documents and settings\Jack\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Jack\Desktop\CFScript.txtAV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))...--------------- FCopy ---------------.c:\windows\system32\dllcache\ctfmon.exe --> c:\windows\system32\ctfmon.exe.((((((((((((((((((((((((( Files Created from 2011-09-10 to 2011-10-10 )))))))))))))))))))))))))))))))..2011-10-10 02:05 . 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\dllcache\ctfmon.exe2011-10-10 02:05 . 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe2011-10-06 00:38 . 2011-10-06 00:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe2011-10-06 00:34 . 2011-08-19 20:56 28504 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll2011-10-04 01:00 . 2011-10-04 01:01 -------- d-----w- c:\documents and settings\Jack\Local Settings\Application Data\Adobe2011-10-03 02:43 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-10-03 02:29 . 2011-10-03 02:29 -------- d-----w- c:\program files\Unlocker2011-10-03 02:20 . 2011-10-03 02:20 -------- d-----w- C:\TDSSKiller_Quarantine2011-10-03 02:05 . 2011-10-03 02:44 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-10-03 02:01 . 2011-10-03 02:01 -------- d-----w- c:\documents and settings\Jack\Application Data\Malwarebytes2011-10-03 02:01 . 2011-10-03 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2011-10-03 02:01 . 2011-10-03 02:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-09-28 00:33 . 2011-06-05 19:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-08-15 15:00 . 2010-08-26 01:56 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys2011-08-15 15:00 . 2010-08-26 01:56 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys2011-08-15 15:00 . 2010-08-26 01:56 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys2011-08-15 15:00 . 2010-08-26 01:56 83688 ----a-w- c:\windows\system32\drivers\mfendisk.sys2011-08-15 15:00 . 2010-08-26 01:56 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys2011-08-15 15:00 . 2010-08-26 01:56 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys2011-08-15 15:00 . 2010-08-26 01:56 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys2011-08-15 15:00 . 2010-08-26 01:56 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys2011-08-15 15:00 . 2010-08-26 01:56 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys2011-08-15 15:00 . 2010-08-26 01:56 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys2011-04-14 19:01 . 2010-08-26 01:56 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll..((((((((((((((((((((((((((((( SnapShot@2011-10-06_01.34.27 ))))))))))))))))))))))))))))))))))))))))).+ 2011-10-10 02:01 . 2011-10-10 02:01 16384 c:\windows\Temp\Perflib_Perfdata_4a4.dat+ 2006-01-15 18:09 . 2011-10-10 02:11 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat- 2006-01-15 18:09 . 2011-10-06 01:08 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat+ 2011-10-10 02:06 . 2011-10-10 02:11 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-26 68856].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2009-10-22 1577984]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"RunNarrator"="Narrator.exe" [2008-04-14 53760].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]@="Service".[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnkbackup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnkbackup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnkbackup=c:\windows\pss\Digital Line Detect.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnkbackup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnkbackup=c:\windows\pss\ymetray.lnkCommon Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]2005-08-06 03:05 344064 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]2006-02-09 22:34 106496 -c--a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]2004-12-03 00:23 102400 ------w- c:\program files\Creative\MediaSource\Detector\CTDetect.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]2005-09-15 15:47 57344 -c----w- c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]2005-05-31 11:33 122941 -c--a-w- c:\windows\system32\dla\tfswctrl.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCCCATS]2005-06-07 18:38 69632 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\dlcctime.dll.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]2005-07-22 19:03 425984 -c--a-w- c:\program files\Dell Photo AIO Printer 924\dlccmon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]2005-02-23 22:19 53248 -c----w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]2005-09-29 20:01 67584 -c--a-w- c:\windows\ehome\ehtray.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]2005-06-17 13:56 139264 -c--a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]2005-06-10 16:44 249856 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]2005-06-10 16:44 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2011-03-07 20:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]2005-05-19 14:54 1345520 -c--a-w- c:\windows\system32\CTMBHA.DLL.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]2006-01-05 23:44 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]2004-12-22 23:40 24576 ----a-w- c:\windows\MIDIDEF.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]2005-03-23 06:20 339968 -c--a-w- c:\windows\stsystra.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]2007-07-12 09:00 132496 -c--a-w- c:\program files\Java\jre1.6.0_02\bin\jusched.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]2007-07-26 01:35 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]2000-05-11 07:00 90112 -c----w- c:\windows\Updreg.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]2005-09-19 13:42 1159168 -c----w- c:\program files\Creative\VoiceCenter\AndreaVC.exe.[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001"FirewallOverride"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)"DisableNotifications"= 1 (0x1).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"="c:\\Program Files\\Real\\RealPlayer\\realplay.exe"="c:\\Program Files\\Java\\jdk1.6.0_06\\jre\\bin\\java.exe"="c:\\Program Files\\Java\\jre1.6.0_06\\bin\\javaw.exe"="c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3596:UDP"= 3596:UDP:Windows Media Format SDK (wmplayer.exe)"65533:TCP"= 65533:TCP:Services"52344:TCP"= 52344:TCP:Services"2479:TCP"= 2479:TCP:Services"3246:TCP"= 3246:TCP:Services"3389:TCP"= 3389:TCP:Remote Desktop"7540:TCP"= 7540:TCP:Services"7541:TCP"= 7541:TCP:Services.R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [8/9/2008 2:42 PM 29832]R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [8/25/2010 8:56 PM 89624]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/28/2008 7:36 PM 94880]R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/25/2010 8:56 PM 214904]R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/25/2010 8:56 PM 214904]R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [8/25/2010 8:57 PM 160344]R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [8/25/2010 8:56 PM 148520]R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/29/2008 8:42 PM 24652]R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [3/15/2009 8:21 PM 1201656]R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [8/25/2010 8:56 PM 57432]R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [8/25/2010 8:56 PM 338040]R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [8/25/2010 8:56 PM 83688]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 4:18 PM 135664]S3 {E759A799-4756-46F5-B08BAC5C630D6E50};{E759A799-4756-46F5-B08BAC5C630D6E50};c:\windows\System32\svchost.exe -k netsvcs [8/16/2005 5:18 AM 14336]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 4:18 PM 135664]S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [8/25/2010 8:56 PM 83688]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/25/2010 8:56 PM 87808]S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096].[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll.Contents of the 'Scheduled Tasks' folder.2011-08-23 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50].2011-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 21:18].2011-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 21:18].2011-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1822975280-1932388528-3927860585-1007Core.job- c:\documents and settings\Jen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-17 01:49].2011-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1822975280-1932388528-3927860585-1007UA.job- c:\documents and settings\Jen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-17 01:49].2011-10-10 c:\windows\Tasks\RegistryBooster.job- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-03-14 15:31]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/ig/dell?hl=enuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=enIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.htmlTCP: DhcpNameServer = 192.168.1.254DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cabFF - ProfilePath - ..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-10-09 21:22Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,fe,99,dd,81,15,12,49,b9,52,b4,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,fe,99,dd,81,15,12,49,b9,52,b4,\.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'explorer.exe'(3348)c:\windows\system32\WININET.dllc:\progra~1\mcafee\SITEAD~1\saHook.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Completion time: 2011-10-09 21:25:40ComboFix-quarantined-files.txt 2011-10-10 02:25ComboFix2.txt 2011-10-06 01:39.Pre-Run: 77,337,681,920 bytes freePost-Run: 77,309,288,448 bytes free.- - End Of File - - A44D00D49CF872022782DA06AA692CE6DDS.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26Run by Jack at 21:26:48 on 2011-10-09Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.517 [GMT -5:00].AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Firewall *Enabled* .============== Running Processes ===============.C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exe -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\Program Files\Common Files\Motive\McciCMService.exeC:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exesvchost.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\ATT-SST\McciTrayApp.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Creative\MediaSource\Detector\CTDetect.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exec:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\WINDOWS\system32\msiexec.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\explorer.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/ig/dell?hl=enuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=enuURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110918114827.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dllBHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dlluRun: [setDefaultMIDI] MIDIDef.exeuRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /RuRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startupuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [switchBoard] "c:\program files\common files\adobe\switchboard\SwitchBoard.exe"mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tdRunOnce: [RunNarrator] Narrator.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.htmlIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLLIE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLLIE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dllDPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabTCP: DhcpNameServer = 192.168.1.254TCP: Interfaces\{6FD11E35-8F25-42F5-83EA-4503FF459143} : DhcpNameServer = 192.168.1.254Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dllHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllmASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12.================= FIREFOX ===================.FF - ProfilePath - .============= SERVICES / DRIVERS ===============.R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-25 461864]R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29832]R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-25 89624]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-28 94880]R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-25 214904]R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-25 214904]R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-25 214904]R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-25 160344]R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-25 148520]R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-29 24652]R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2009-3-15 1201656]R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-25 57432]R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-25 180072]R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-25 338040]R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-25 83688]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-25 166024]S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2011-3-22 4048256]S3 {E759A799-4756-46F5-B08BAC5C630D6E50};{E759A799-4756-46F5-B08BAC5C630D6E50};c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-25 59288]S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-25 83688]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-25 87808]S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096].=============== Created Last 30 ================.2011-10-10 02:05:56 15360 ----a-w- c:\windows\system32\dllcache\ctfmon.exe2011-10-10 02:05:56 15360 ----a-w- c:\windows\system32\ctfmon.exe2011-10-10 02:04:06 -------- d-----w- C:\ComboFix2011-10-06 00:34:33 28504 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll2011-10-04 01:01:03 -------- d-sha-r- C:\cmdcons2011-10-04 01:00:41 -------- d-----w- c:\documents and settings\jack\local settings\application data\Adobe2011-10-04 00:54:35 208896 ----a-w- c:\windows\MBR.exe2011-10-04 00:54:34 518144 ----a-w- c:\windows\SWREG.exe2011-10-04 00:54:34 256000 ----a-w- c:\windows\PEV.exe2011-10-04 00:54:33 98816 ----a-w- c:\windows\sed.exe2011-10-03 02:43:20 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-10-03 02:29:58 -------- d-----w- c:\program files\Unlocker2011-10-03 02:20:46 -------- d-----w- C:\TDSSKiller_Quarantine2011-10-03 02:05:23 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-10-03 02:01:52 -------- d-----w- c:\documents and settings\jack\application data\Malwarebytes2011-10-03 02:01:26 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes2011-10-03 02:01:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware.==================== Find3M ====================.2011-09-28 00:33:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-08-15 15:00:06 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys2011-08-15 15:00:06 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys2011-08-15 15:00:06 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys2011-08-15 15:00:06 83688 ----a-w- c:\windows\system32\drivers\mfendisk.sys2011-08-15 15:00:06 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys2011-08-15 15:00:06 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys2011-08-15 15:00:06 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys2011-08-15 15:00:06 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys2011-08-15 15:00:06 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys2011-08-15 15:00:06 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys.============= FINISH: 21:27:05.46 =============== Link to post Share on other sites More sharing options...
Staff screen317 Posted October 10, 2011 Staff ID:484106 Share Posted October 10, 2011 Hi, Next, please run a free online scan with the ESET Online Scanner Note: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan Wait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topic Next, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document. Let me know how things are running now and what issues remain. Link to post Share on other sites More sharing options...
brades23 Posted October 11, 2011 Author ID:484369 Share Posted October 11, 2011 I'm unable to run ESET Online Scanner. My Internet Explorer locked up every time I tried to run ESET. Thanks. Link to post Share on other sites More sharing options...
Staff screen317 Posted October 13, 2011 Staff ID:485412 Share Posted October 13, 2011 Try this one instead:Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.Click Start Scanning.You should get a notification bar (on top) to install the ActiveX control. Click on it and select to install the ActiveX.Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.In case you are having problems with installing the ActiveX/starting the scan, please read here.Click the Full System Scan button.It will start to download scanner components and databases. This can take a while.The main scan will start.Once the scan has finished scanning, click the Automatic cleaning (recommended) buttonIt could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.The cleaning can take a while, so please be patient.Then click the Show report button and Copy/Paste what is present under results in your next reply.Next, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me know how things are running now and what issues remain.-screen317 Link to post Share on other sites More sharing options...
brades23 Posted October 14, 2011 Author ID:485707 Share Posted October 14, 2011 Here you go, thanks much.F-SecureScanning ReportFriday, October 14, 2011 21:27:37 - 07:03:29Computer name: KIEDAISCHScanning type: Scan system for malware, spyware and rootkitsTarget: C:\ --------------------------------------------------------------------------------42 malware foundTrackingCookie.Questionmarket (spyware) System (Disinfected) TrackingCookie.Adinterax (spyware) System (Disinfected) TrackingCookie.2o7 (spyware) System (Disinfected) TrackingCookie.Advertising (spyware) System (Disinfected) TrackingCookie.Atdmt (spyware) System (Disinfected) TrackingCookie.Adtech (spyware) System (Disinfected) TrackingCookie.Doubleclick (spyware) System (Disinfected) TrackingCookie.Revsci (spyware) System (Disinfected) TrackingCookie.Clickbank (spyware) System (Disinfected) TrackingCookie.Fastclick (spyware) System (Disinfected) TrackingCookie.Adbrite (spyware) System (Disinfected) TrackingCookie.Xiti (spyware) System (Disinfected) TrackingCookie.Mediaplex (spyware) System (Disinfected) TrackingCookie.Liveperson (spyware) System (Disinfected) TrackingCookie.Statcounter (spyware) System (Disinfected) TrackingCookie.Atwola (spyware) System (Disinfected) TrackingCookie.Yieldmanager (spyware) System (Disinfected) Suspicious:W32/Malware!Gemini (virus) C:\RAILSINSTALLER\DEVKIT\MINGW\MINGW32\BIN\LD.EXE (Not cleaned & Submitted) Suspicious:W32/Malware!Gemini (virus) C:\RAILSINSTALLER\DEVKIT\MINGW\MINGW32\BIN\AS.EXE (Not cleaned & Submitted) Suspicious:W32/Malware!Gemini (virus) C:\RAILSINSTALLER\DEVKIT\MINGW\MINGW32\BIN\NM.EXE (Not cleaned & Submitted) Suspicious:W32/Malware!Gemini (virus) C:\RAILSINSTALLER\DEVKIT\MINGW\MINGW32\BIN\OBJCOPY.EXE (Not cleaned & Submitted) Suspicious:W32/Malware!Gemini (virus) C:\RAILSINSTALLER\DEVKIT\MINGW\MINGW32\BIN\DLLTOOL.EXE (Not cleaned & Submitted) Suspicious:W32/Malware!Gemini (virus) C:\RAILSINSTALLER\DEVKIT\MINGW\MINGW32\BIN\OBJDUMP.EXE (Not cleaned & Submitted) Suspicious:W32/Malware!Gemini (virus) C:\RAILSINSTALLER\DEVKIT\MINGW\MINGW32\BIN\AR.EXE (Not cleaned & Submitted) Suspicious:W32/Malware!Gemini (virus) C:\RAILSINSTALLER\DEVKIT\MINGW\MINGW32\BIN\RANLIB.EXE (Not cleaned & Submitted) Suspicious:W32/Malware!Gemini (virus) C:\RAILSINSTALLER\DEVKIT\MINGW\MINGW32\BIN\STRIP.EXE (Not cleaned & Submitted) Suspicious:W32/Malware!Gemini (virus) C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\ADDR2LINE.EXE (Not cleaned & Submitted) Suspicious:W32/Malware!Gemini (virus) C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\AS.EXE (Not cleaned & Submitted) Suspicious:W32/Malware!Gemini (virus) C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\AR.EXE (Not cleaned & Submitted) Suspicious:W32/Malware!Gemini (virus) C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\C++FILT.EXE (Not cleaned & Submitted) Suspicious:W32/Malware!Gemini (virus) C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\DLLTOOL.EXE (Not cleaned & Submitted) Suspicious:W32/Malware!Gemini (virus) C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\GPROF.EXE (Not cleaned & Submitted) Suspicious:W32/Malware!Gemini (virus) C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\LD.EXE (Not cleaned & Submitted) Suspicious:W32/Malware!Gemini (virus) C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\OBJCOPY.EXE (Not cleaned & Submitted) Suspicious:W32/Malware!Gemini (virus) C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\RANLIB.EXE (Not cleaned & Submitted) Suspicious:W32/Malware!Gemini (virus) C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\NM.EXE (Not cleaned & Submitted) Suspicious:W32/Malware!Gemini (virus) C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\OBJDUMP.EXE (Not cleaned & Submitted) Suspicious:W32/Malware!Gemini (virus) C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\STRINGS.EXE (Not cleaned & Submitted) Suspicious:W32/Malware!Gemini (virus) C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\WINDMC.EXE (Not cleaned & Submitted) Suspicious:W32/Malware!Gemini (virus) C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\SIZE.EXE (Not cleaned & Submitted) Suspicious:W32/Malware!Gemini (virus) C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\STRIP.EXE (Not cleaned & Submitted) Suspicious:W32/Malware!Gemini (virus) C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\WINDRES.EXE (Not cleaned & Submitted) --------------------------------------------------------------------------------StatisticsScanned: Files: 167362 System: 5065 Not scanned: 40 Actions: Disinfected: 17 Renamed: 0 Deleted: 0 Not cleaned: 25 Submitted: 25 Files not scanned:C:\HIBERFIL.SYS C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1576\A0484239.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1576\A0484231.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1575\A0483125.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1575\A0483200.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1575\A0483210.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1575\A0484177.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1575\A0483150.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1574\A0480887.SYS C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1574\A0481887.SYS C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1574\A0482887.SYS C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1574\A0482963.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1574\A0482979.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1574\A0483040.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1574\A0483055.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1574\A0483092.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1573\A0474752.SYS C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1573\A0474770.SYS C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1573\A0474749.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1573\A0475770.SYS C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1573\A0475799.SYS C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1573\A0475832.SYS C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1573\A0475844.SYS C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1573\A0475874.SYS C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE C:\DOCUMENTS AND SETTINGS\JOEL\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\H2EJZQCO\FILE[1].EXE C:\DOCUMENTS AND SETTINGS\JACK\LOCAL SETTINGS\TEMP\HSPERFDATA_JACK\2672 C:\DOCUMENTS AND SETTINGS\JACK\LOCAL SETTINGS\TEMP\HSPERFDATA_JACK\3848 C:\DOCUMENTS AND SETTINGS\JACK\DESKTOP\AUTORUNS.EXE C:\DOCUMENTS AND SETTINGS\JACK\DESKTOP\PROCEXP.EXE C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1F255CDAD041FFB61CD5E4C68064FB53_24ADF822-76F7-4481-B30B-FF1B40F8687F C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AD391678A806EC4D691E83AAA393B6F_24ADF822-76F7-4481-B30B-FF1B40F8687F C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6361243DF0FCC8CDE52BA9C6D2368086_24ADF822-76F7-4481-B30B-FF1B40F8687F --------------------------------------------------------------------------------OptionsScanning engines: Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR Use advanced heuristics--------------------------------------------------------------------------------Security Checkcheckup.txt Results of screen317's Security Check version 0.99.24 Windows XP Service Pack 3 x86 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! McAfee Uninstaller McAfee SecurityCenter Antivirus up to date! (On Access scanning disabled!) ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware HijackThis 2.0.2 CCleaner Java DB 10.5.3.0 Java 6 Update 26 Java SE Runtime Environment 6 Update 1 Java 6 Update 2 Java 6 Update 6 Java SE Development Kit 6 Update 6 Java SE Development Kit 6 Update 21 Java 2 Runtime Environment, SE v1.4.2_03 Java DB 10.3.1.4 Out of date Java installed! Mozilla Firefox (3.6.) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent mcafee VIRUSS~1 mcvsshld.exe ``````````End of Log```````````` Link to post Share on other sites More sharing options...
Staff screen317 Posted October 18, 2011 Staff ID:486796 Share Posted October 18, 2011 Hi,Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstallThis uninstalls all of ComboFix's components.Delete SecurityCheck.Run TFC by OldTimer to clear temporary files:Please download TFC from here and save it to your desktop.Close any open programs and Internet browsers.Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.Please be patient as clearing out temp files may take a while.Once it completes you may be prompted to restart your computer, please do so.Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):HijackThis 2.0.2Java DB 10.5.3.0Java™ 6 Update 26Java™ SE Runtime Environment 6 Update 1Java™ 6 Update 2Java™ 6 Update 6Java™ SE Development Kit 6 Update 6Java™ SE Development Kit 6 Update 21Java 2 Runtime Environment, SE v1.4.2_03Java DB 10.3.1.4 Restart your computer.Get the latest version of Java.Also update Firefox. Ensure that you are using version 7. Reboot.Let me know what issues remain. Link to post Share on other sites More sharing options...
brades23 Posted October 20, 2011 Author ID:487370 Share Posted October 20, 2011 I followed all your steps except updating Firefox. After updating Java and performing a reboot, the Microsoft Windows Malicious Software Removal Tool window appeared and stated it found "Trojan:DOS/Alureon.C" which was partially removed and manual steps were still required. It suggested I run a scan with an anti-virus program. Any suggestions? Am I able to run Malwarebytes at this point?Thanks. Link to post Share on other sites More sharing options...
Staff screen317 Posted October 23, 2011 Staff ID:488349 Share Posted October 23, 2011 Yes try running MBAM at this point. Likely that it was found in a Temp folder or in System Restore.Why didn't you update Firefox??Run TFC by OldTimer to clear temporary files:Please download TFC from here and save it to your desktop.Close any open programs and Internet browsers.Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.Please be patient as clearing out temp files may take a while.Once it completes you may be prompted to restart your computer, please do so.Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files. Link to post Share on other sites More sharing options...
brades23 Posted October 24, 2011 Author ID:488370 Share Posted October 24, 2011 Sorry, I received the Trojan notification after I updated the Java but before I updated Firefox. I didn't want to take any chances so I just stopped and posted the results. I will follow your newest instructions and update Firefox as well. Thanks. Link to post Share on other sites More sharing options...
Staff screen317 Posted October 28, 2011 Staff ID:489715 Share Posted October 28, 2011 Any update? Link to post Share on other sites More sharing options...
brades23 Posted October 31, 2011 Author ID:490291 Share Posted October 31, 2011 I ran MBAM and TFC. Also updated Firefox. Things seem to be working correctly, haven't had a problem since my last post. Do you need to see any other logs? Thank you. Link to post Share on other sites More sharing options...
Staff screen317 Posted November 3, 2011 Staff ID:491528 Share Posted November 3, 2011 Thing look good from here. I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:Green to go Yellow for caution Red to stop WOT has an addon available for both Firefox and IE.5) Be sure to update your Antivirus and Antispyware programs often!Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?Safe surfing,-screen317 Link to post Share on other sites More sharing options...
brades23 Posted November 4, 2011 Author ID:491770 Share Posted November 4, 2011 Thanks so much for your help. I'm definitely getting the pro version of MBAM. Link to post Share on other sites More sharing options...
Staff screen317 Posted November 4, 2011 Staff ID:491775 Share Posted November 4, 2011 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts