Jump to content

Recommended Posts

Although I'm not the original poster, I encountered the same issue. I followed the steps but still have the same issue. Here are the two logs. Thank you.

TDSSKiller.2.6.2.0_02.10.2011_21.45.52_log

21:45:52.0734 3076 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43

21:45:53.0328 3076 ============================================================

21:45:53.0328 3076 Current date / time: 2011/10/02 21:45:53.0328

21:45:53.0328 3076 SystemInfo:

21:45:53.0328 3076

21:45:53.0328 3076 OS Version: 5.1.2600 ServicePack: 3.0

21:45:53.0328 3076 Product type: Workstation

21:45:53.0328 3076 ComputerName: KIEDAISCH

21:45:53.0328 3076 UserName: Jack

21:45:53.0328 3076 Windows directory: C:\WINDOWS

21:45:53.0328 3076 System windows directory: C:\WINDOWS

21:45:53.0328 3076 Processor architecture: Intel x86

21:45:53.0328 3076 Number of processors: 2

21:45:53.0328 3076 Page size: 0x1000

21:45:53.0328 3076 Boot type: Normal boot

21:45:53.0328 3076 ============================================================

21:45:53.0843 3076 Initialize success

21:45:55.0203 3576 ============================================================

21:45:55.0203 3576 Scan started

21:45:55.0203 3576 Mode: Manual;

21:45:55.0203 3576 ============================================================

21:45:56.0000 3576 57719641 (86ab9524830ec9cbc40d07c2cd0b8825) C:\WINDOWS\1100378455:2827905470.exe

21:45:56.0703 3576 Suspicious file (Hidden): C:\WINDOWS\1100378455:2827905470.exe. md5: 86ab9524830ec9cbc40d07c2cd0b8825

21:45:56.0703 3576 57719641 ( HiddenFile.Multi.Generic ) - warning

21:45:56.0703 3576 57719641 - detected HiddenFile.Multi.Generic (1)

21:45:56.0828 3576 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys

21:45:56.0828 3576 61883 - ok

21:45:56.0890 3576 Abiosdsk - ok

21:45:56.0968 3576 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

21:45:56.0968 3576 abp480n5 - ok

21:45:57.0203 3576 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

21:45:57.0218 3576 ACPI - ok

21:45:57.0281 3576 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

21:45:57.0281 3576 ACPIEC - ok

21:45:57.0375 3576 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

21:45:57.0375 3576 adpu160m - ok

21:45:57.0500 3576 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

21:45:57.0515 3576 aec - ok

21:45:57.0609 3576 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys

21:45:57.0625 3576 AFD - ok

21:45:57.0703 3576 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

21:45:57.0703 3576 agp440 - ok

21:45:57.0781 3576 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

21:45:57.0781 3576 agpCPQ - ok

21:45:57.0875 3576 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

21:45:57.0875 3576 Aha154x - ok

21:45:57.0968 3576 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

21:45:57.0968 3576 aic78u2 - ok

21:45:58.0062 3576 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

21:45:58.0062 3576 aic78xx - ok

21:45:58.0156 3576 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

21:45:58.0156 3576 AliIde - ok

21:45:58.0218 3576 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

21:45:58.0218 3576 alim1541 - ok

21:45:58.0296 3576 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

21:45:58.0296 3576 amdagp - ok

21:45:58.0375 3576 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

21:45:58.0375 3576 amsint - ok

21:45:58.0609 3576 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

21:45:58.0609 3576 Arp1394 - ok

21:45:58.0640 3576 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

21:45:58.0640 3576 asc - ok

21:45:58.0718 3576 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

21:45:58.0718 3576 asc3350p - ok

21:45:58.0812 3576 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

21:45:58.0812 3576 asc3550 - ok

21:45:58.0921 3576 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys

21:45:58.0921 3576 ASCTRM - ok

21:45:58.0984 3576 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

21:45:58.0984 3576 AsyncMac - ok

21:45:59.0031 3576 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

21:45:59.0031 3576 atapi - ok

21:45:59.0078 3576 Atdisk - ok

21:45:59.0156 3576 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

21:45:59.0171 3576 ati2mtag - ok

21:45:59.0250 3576 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

21:45:59.0250 3576 Atmarpc - ok

21:45:59.0312 3576 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

21:45:59.0312 3576 audstub - ok

21:45:59.0390 3576 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys

21:45:59.0390 3576 Avc - ok

21:45:59.0468 3576 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

21:45:59.0468 3576 Beep - ok

21:45:59.0546 3576 BVRPMPR5 (6598d078d5446197aed6b46c6a2a3431) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS

21:45:59.0546 3576 BVRPMPR5 - ok

21:45:59.0609 3576 bvrp_pci - ok

21:45:59.0687 3576 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

21:45:59.0687 3576 cbidf - ok

21:45:59.0750 3576 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

21:45:59.0750 3576 cbidf2k - ok

21:45:59.0828 3576 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

21:45:59.0843 3576 CCDECODE - ok

21:45:59.0906 3576 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

21:45:59.0906 3576 cd20xrnt - ok

21:45:59.0937 3576 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

21:45:59.0953 3576 Cdaudio - ok

21:46:00.0000 3576 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

21:46:00.0000 3576 Cdfs - ok

21:46:00.0046 3576 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

21:46:00.0046 3576 Cdrom - ok

21:46:00.0125 3576 cfwids (142e4e00ad91600a2d20692ed52fafc8) C:\WINDOWS\system32\drivers\cfwids.sys

21:46:00.0125 3576 cfwids - ok

21:46:00.0171 3576 Changer - ok

21:46:00.0250 3576 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

21:46:00.0250 3576 CmdIde - ok

21:46:00.0343 3576 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

21:46:00.0343 3576 Cpqarray - ok

21:46:00.0468 3576 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys

21:46:00.0468 3576 ctsfm2k - ok

21:46:00.0515 3576 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys

21:46:00.0531 3576 CTUSFSYN - ok

21:46:00.0593 3576 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

21:46:00.0609 3576 dac2w2k - ok

21:46:00.0671 3576 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

21:46:00.0671 3576 dac960nt - ok

21:46:00.0734 3576 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

21:46:00.0734 3576 Disk - ok

21:46:00.0828 3576 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

21:46:00.0859 3576 dmboot - ok

21:46:00.0937 3576 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

21:46:00.0937 3576 dmio - ok

21:46:00.0984 3576 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

21:46:00.0984 3576 dmload - ok

21:46:01.0031 3576 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

21:46:01.0031 3576 DMusic - ok

21:46:01.0078 3576 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

21:46:01.0078 3576 dpti2o - ok

21:46:01.0125 3576 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

21:46:01.0125 3576 drmkaud - ok

21:46:01.0187 3576 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys

21:46:01.0187 3576 drvmcdb - ok

21:46:01.0265 3576 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys

21:46:01.0265 3576 drvnddm - ok

21:46:01.0468 3576 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys

21:46:01.0468 3576 DSproct - ok

21:46:01.0562 3576 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys

21:46:01.0562 3576 dsunidrv - ok

21:46:01.0625 3576 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

21:46:01.0625 3576 E100B - ok

21:46:01.0718 3576 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

21:46:01.0734 3576 e1express - ok

21:46:01.0812 3576 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

21:46:01.0812 3576 Fastfat - ok

21:46:01.0906 3576 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

21:46:01.0906 3576 Fdc - ok

21:46:02.0062 3576 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

21:46:02.0062 3576 Fips - ok

21:46:02.0125 3576 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

21:46:02.0125 3576 Flpydisk - ok

21:46:02.0187 3576 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

21:46:02.0203 3576 FltMgr - ok

21:46:02.0250 3576 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

21:46:02.0250 3576 Fs_Rec - ok

21:46:02.0281 3576 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

21:46:02.0281 3576 Ftdisk - ok

21:46:02.0359 3576 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

21:46:02.0359 3576 GEARAspiWDM - ok

21:46:02.0546 3576 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

21:46:02.0546 3576 Gpc - ok

21:46:02.0593 3576 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

21:46:02.0609 3576 HDAudBus - ok

21:46:02.0656 3576 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

21:46:02.0671 3576 HidUsb - ok

21:46:02.0734 3576 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

21:46:02.0750 3576 hpn - ok

21:46:02.0812 3576 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

21:46:02.0812 3576 HSFHWBS2 - ok

21:46:02.0890 3576 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

21:46:02.0921 3576 HSF_DP - ok

21:46:03.0031 3576 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

21:46:03.0046 3576 HTTP - ok

21:46:03.0093 3576 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

21:46:03.0109 3576 i2omgmt - ok

21:46:03.0171 3576 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

21:46:03.0171 3576 i2omp - ok

21:46:03.0250 3576 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

21:46:03.0250 3576 i8042prt - ok

21:46:03.0328 3576 iastor (0b2fd26f61874c12257051afb26d3c24) C:\WINDOWS\system32\drivers\iastor.sys

21:46:03.0343 3576 iastor - ok

21:46:03.0453 3576 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

21:46:03.0453 3576 Imapi - ok

21:46:03.0531 3576 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

21:46:03.0531 3576 ini910u - ok

21:46:03.0625 3576 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

21:46:03.0625 3576 IntelIde - ok

21:46:03.0687 3576 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

21:46:03.0687 3576 intelppm - ok

21:46:03.0765 3576 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

21:46:03.0765 3576 Ip6Fw - ok

21:46:03.0875 3576 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

21:46:03.0875 3576 IpFilterDriver - ok

21:46:04.0031 3576 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

21:46:04.0031 3576 IpInIp - ok

21:46:04.0109 3576 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

21:46:04.0140 3576 IpNat - ok

21:46:04.0203 3576 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

21:46:04.0203 3576 IPSec - ok

21:46:04.0265 3576 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

21:46:04.0281 3576 IRENUM - ok

21:46:04.0484 3576 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

21:46:04.0484 3576 isapnp - ok

21:46:04.0531 3576 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

21:46:04.0531 3576 Kbdclass - ok

21:46:04.0593 3576 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

21:46:04.0593 3576 kbdhid - ok

21:46:04.0671 3576 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

21:46:04.0671 3576 kmixer - ok

21:46:04.0750 3576 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

21:46:04.0750 3576 KSecDD - ok

21:46:04.0812 3576 lbrtfdc - ok

21:46:04.0921 3576 MBAMSwissArmy (0905dc0814d738cff53577a59ccd81e0) C:\WINDOWS\system32\drivers\mbamswissarmy.sys

21:46:04.0921 3576 MBAMSwissArmy - ok

21:46:05.0031 3576 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

21:46:05.0031 3576 mdmxsdk - ok

21:46:05.0140 3576 mfeapfk (c373a719d704d12f5a4503f6f10239ff) C:\WINDOWS\system32\drivers\mfeapfk.sys

21:46:05.0140 3576 mfeapfk - ok

21:46:05.0234 3576 mfeavfk (851ad52871b62457152a8acaff0c632d) C:\WINDOWS\system32\drivers\mfeavfk.sys

21:46:05.0250 3576 mfeavfk - ok

21:46:05.0296 3576 mfebopk (5b9ffb027669a8ac30aac0b4996bc603) C:\WINDOWS\system32\drivers\mfebopk.sys

21:46:05.0296 3576 mfebopk - ok

21:46:05.0484 3576 mfefirek (2cabe72e53365834cb9969dde47bd690) C:\WINDOWS\system32\drivers\mfefirek.sys

21:46:05.0484 3576 mfefirek - ok

21:46:05.0546 3576 mfehidk (46db8f041e928bdc17b8daba249a2148) C:\WINDOWS\system32\drivers\mfehidk.sys

21:46:05.0562 3576 mfehidk - ok

21:46:05.0609 3576 mfendisk (348e3db31cf458adaa3798fb8af659c3) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

21:46:05.0609 3576 mfendisk - ok

21:46:05.0625 3576 mfendiskmp (348e3db31cf458adaa3798fb8af659c3) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

21:46:05.0625 3576 mfendiskmp - ok

21:46:05.0828 3576 mferkdet (316fd7c31cd57ca793fb10912aeeb2d2) C:\WINDOWS\system32\drivers\mferkdet.sys

21:46:05.0828 3576 mferkdet - ok

21:46:05.0890 3576 mfetdi2k (2026fe7c9e6b26ffeb08cd89c6326b91) C:\WINDOWS\system32\drivers\mfetdi2k.sys

21:46:05.0890 3576 mfetdi2k - ok

21:46:05.0984 3576 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

21:46:05.0984 3576 MHNDRV - ok

21:46:06.0046 3576 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

21:46:06.0046 3576 mnmdd - ok

21:46:06.0140 3576 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

21:46:06.0140 3576 Modem - ok

21:46:06.0187 3576 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

21:46:06.0187 3576 MODEMCSA - ok

21:46:06.0234 3576 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

21:46:06.0234 3576 Mouclass - ok

21:46:06.0343 3576 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

21:46:06.0343 3576 mouhid - ok

21:46:06.0453 3576 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

21:46:06.0453 3576 MountMgr - ok

21:46:06.0531 3576 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

21:46:06.0531 3576 mraid35x - ok

21:46:06.0687 3576 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

21:46:06.0687 3576 MREMP50 - ok

21:46:06.0750 3576 MREMPR5 - ok

21:46:06.0796 3576 MRENDIS5 - ok

21:46:06.0828 3576 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

21:46:06.0828 3576 MRESP50 - ok

21:46:06.0953 3576 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

21:46:06.0968 3576 MRxDAV - ok

21:46:07.0218 3576 MRxSmb (72aa97e57e1e2e560355c8ec45e50bed) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

21:46:07.0234 3576 MRxSmb - ok

21:46:07.0312 3576 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys

21:46:07.0312 3576 MSDV - ok

21:46:07.0484 3576 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

21:46:07.0500 3576 Msfs - ok

21:46:07.0578 3576 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

21:46:07.0578 3576 MSKSSRV - ok

21:46:07.0656 3576 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

21:46:07.0656 3576 MSPCLOCK - ok

21:46:07.0734 3576 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

21:46:07.0734 3576 MSPQM - ok

21:46:07.0812 3576 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

21:46:07.0812 3576 mssmbios - ok

21:46:07.0875 3576 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

21:46:07.0875 3576 MSTEE - ok

21:46:07.0953 3576 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

21:46:07.0968 3576 Mup - ok

21:46:08.0031 3576 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

21:46:08.0031 3576 NABTSFEC - ok

21:46:08.0093 3576 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

21:46:08.0109 3576 NDIS - ok

21:46:08.0171 3576 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

21:46:08.0171 3576 NdisIP - ok

21:46:08.0234 3576 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

21:46:08.0234 3576 NdisTapi - ok

21:46:08.0296 3576 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

21:46:08.0296 3576 Ndisuio - ok

21:46:08.0343 3576 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

21:46:08.0343 3576 NdisWan - ok

21:46:08.0468 3576 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

21:46:08.0468 3576 NDProxy - ok

21:46:08.0531 3576 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

21:46:08.0531 3576 NetBIOS - ok

21:46:08.0578 3576 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

21:46:08.0593 3576 NetBT - ok

21:46:08.0703 3576 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

21:46:08.0703 3576 NIC1394 - ok

21:46:08.0812 3576 nmwcd (48fb907b069524f2dc7ba62a0762850c) C:\WINDOWS\system32\drivers\ccdcmb.sys

21:46:08.0812 3576 nmwcd - ok

21:46:08.0890 3576 nmwcdc (2914ceb789964141ac6e22c6bc980c42) C:\WINDOWS\system32\drivers\ccdcmbo.sys

21:46:08.0890 3576 nmwcdc - ok

21:46:08.0968 3576 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

21:46:08.0968 3576 Npfs - ok

21:46:09.0031 3576 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

21:46:09.0062 3576 Ntfs - ok

21:46:09.0109 3576 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

21:46:09.0109 3576 Null - ok

21:46:09.0250 3576 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

21:46:09.0312 3576 nv - ok

21:46:09.0406 3576 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

21:46:09.0406 3576 NwlnkFlt - ok

21:46:09.0500 3576 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

21:46:09.0500 3576 NwlnkFwd - ok

21:46:09.0562 3576 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

21:46:09.0562 3576 ohci1394 - ok

21:46:09.0656 3576 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys

21:46:09.0656 3576 ossrv - ok

21:46:09.0734 3576 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

21:46:09.0734 3576 Parport - ok

21:46:09.0796 3576 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

21:46:09.0796 3576 PartMgr - ok

21:46:09.0859 3576 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

21:46:09.0859 3576 ParVdm - ok

21:46:09.0921 3576 PCAMPR5 - ok

21:46:10.0015 3576 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

21:46:10.0015 3576 pccsmcfd - ok

21:46:10.0093 3576 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

21:46:10.0093 3576 PCI - ok

21:46:10.0125 3576 PCIDump - ok

21:46:10.0171 3576 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

21:46:10.0171 3576 PCIIde - ok

21:46:10.0265 3576 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

21:46:10.0265 3576 Pcmcia - ok

21:46:10.0328 3576 PDCOMP - ok

21:46:10.0421 3576 PDFRAME - ok

21:46:10.0468 3576 PDRELI - ok

21:46:10.0500 3576 PDRFRAME - ok

21:46:10.0578 3576 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

21:46:10.0578 3576 perc2 - ok

21:46:10.0671 3576 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

21:46:10.0671 3576 perc2hib - ok

21:46:10.0781 3576 pfc (ed2e7f396b4098608c95bc3806bdf6fc) C:\WINDOWS\system32\drivers\pfc.sys

21:46:10.0781 3576 pfc - ok

21:46:10.0921 3576 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

21:46:10.0921 3576 PptpMiniport - ok

21:46:11.0015 3576 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

21:46:11.0031 3576 PSched - ok

21:46:11.0062 3576 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

21:46:11.0078 3576 Ptilink - ok

21:46:11.0156 3576 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys

21:46:11.0156 3576 PxHelp20 - ok

21:46:11.0234 3576 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

21:46:11.0234 3576 ql1080 - ok

21:46:11.0328 3576 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

21:46:11.0328 3576 Ql10wnt - ok

21:46:11.0500 3576 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

21:46:11.0500 3576 ql12160 - ok

21:46:11.0593 3576 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

21:46:11.0593 3576 ql1240 - ok

21:46:11.0687 3576 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

21:46:11.0687 3576 ql1280 - ok

21:46:11.0750 3576 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

21:46:11.0765 3576 RasAcd - ok

21:46:11.0812 3576 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

21:46:11.0812 3576 Rasl2tp - ok

21:46:11.0859 3576 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

21:46:11.0859 3576 RasPppoe - ok

21:46:11.0890 3576 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

21:46:11.0906 3576 Raspti - ok

21:46:11.0953 3576 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

21:46:11.0953 3576 Rdbss - ok

21:46:12.0062 3576 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

21:46:12.0062 3576 RDPCDD - ok

21:46:12.0156 3576 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

21:46:12.0156 3576 rdpdr - ok

21:46:12.0218 3576 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

21:46:12.0234 3576 RDPWD - ok

21:46:12.0281 3576 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

21:46:12.0281 3576 redbook - ok

21:46:12.0453 3576 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

21:46:12.0453 3576 Secdrv - ok

21:46:12.0546 3576 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

21:46:12.0546 3576 serenum - ok

21:46:12.0625 3576 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

21:46:12.0625 3576 Serial - ok

21:46:12.0671 3576 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

21:46:12.0671 3576 Sfloppy - ok

21:46:12.0812 3576 sigfilt (6bd3976b881888ac9a0ed3eb94e7fd38) C:\WINDOWS\system32\drivers\sigfilt.sys

21:46:12.0875 3576 sigfilt - ok

21:46:12.0906 3576 Simbad - ok

21:46:13.0000 3576 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

21:46:13.0000 3576 sisagp - ok

21:46:13.0156 3576 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

21:46:13.0156 3576 SLIP - ok

21:46:13.0265 3576 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

21:46:13.0265 3576 Sparrow - ok

21:46:13.0343 3576 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

21:46:13.0343 3576 splitter - ok

21:46:13.0421 3576 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

21:46:13.0437 3576 sr - ok

21:46:13.0546 3576 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

21:46:13.0562 3576 Srv - ok

21:46:13.0640 3576 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys

21:46:13.0640 3576 sscdbhk5 - ok

21:46:13.0734 3576 ssfs0bbc (6c46d1d2fc31a8cf0f1d6f9d6859d836) C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys

21:46:13.0734 3576 ssfs0bbc - ok

21:46:13.0796 3576 SSHRMD (cfbd9006204468f64c5737f71eb602f3) C:\WINDOWS\system32\Drivers\SSHRMD.SYS

21:46:13.0796 3576 SSHRMD - ok

21:46:13.0859 3576 SSIDRV (808c18876dd615b82f08298c98af46b2) C:\WINDOWS\system32\Drivers\SSIDRV.SYS

21:46:13.0875 3576 SSIDRV - ok

21:46:13.0953 3576 SSKBFD (8564bc9598be1705477b7fa61d657c2b) C:\WINDOWS\system32\Drivers\sskbfd.sys

21:46:13.0953 3576 SSKBFD - ok

21:46:14.0015 3576 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys

21:46:14.0015 3576 ssrtln - ok

21:46:14.0125 3576 STHDA (b95480c92c4c9c311be47b8a1ad73770) C:\WINDOWS\system32\drivers\sthda.sys

21:46:14.0250 3576 STHDA - ok

21:46:14.0468 3576 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

21:46:14.0468 3576 streamip - ok

21:46:14.0765 3576 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

21:46:14.0765 3576 swenum - ok

21:46:15.0531 3576 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

21:46:15.0531 3576 swmidi - ok

21:46:15.0765 3576 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

21:46:15.0781 3576 symc810 - ok

21:46:15.0937 3576 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

21:46:15.0937 3576 symc8xx - ok

21:46:16.0031 3576 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

21:46:16.0031 3576 sym_hi - ok

21:46:16.0125 3576 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

21:46:16.0125 3576 sym_u3 - ok

21:46:16.0390 3576 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

21:46:16.0390 3576 sysaudio - ok

21:46:16.0859 3576 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

21:46:16.0875 3576 Tcpip - ok

21:46:16.0953 3576 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

21:46:16.0953 3576 TDPIPE - ok

21:46:17.0203 3576 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

21:46:17.0203 3576 TDTCP - ok

21:46:17.0296 3576 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

21:46:17.0296 3576 TermDD - ok

21:46:17.0468 3576 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys

21:46:17.0468 3576 tfsnboio - ok

21:46:17.0500 3576 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys

21:46:17.0500 3576 tfsncofs - ok

21:46:17.0546 3576 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys

21:46:17.0546 3576 tfsndrct - ok

21:46:17.0593 3576 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys

21:46:17.0593 3576 tfsndres - ok

21:46:17.0796 3576 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys

21:46:17.0796 3576 tfsnifs - ok

21:46:17.0843 3576 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys

21:46:17.0843 3576 tfsnopio - ok

21:46:17.0875 3576 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys

21:46:17.0875 3576 tfsnpool - ok

21:46:17.0921 3576 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys

21:46:17.0921 3576 tfsnudf - ok

21:46:17.0968 3576 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys

21:46:17.0968 3576 tfsnudfa - ok

21:46:18.0046 3576 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

21:46:18.0046 3576 TosIde - ok

21:46:18.0140 3576 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

21:46:18.0140 3576 Udfs - ok

21:46:18.0312 3576 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

21:46:18.0312 3576 ultra - ok

21:46:18.0421 3576 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys

21:46:18.0421 3576 UnlockerDriver5 - ok

21:46:18.0546 3576 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

21:46:18.0578 3576 Update - ok

21:46:18.0750 3576 upperdev (e526a166e6acafd0a9b3841d3941669e) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys

21:46:18.0750 3576 upperdev - ok

21:46:18.0875 3576 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys

21:46:18.0875 3576 USBAAPL - ok

21:46:19.0000 3576 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

21:46:19.0000 3576 usbccgp - ok

21:46:19.0031 3576 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

21:46:19.0031 3576 usbehci - ok

21:46:19.0078 3576 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

21:46:19.0078 3576 usbhub - ok

21:46:19.0125 3576 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

21:46:19.0125 3576 usbprint - ok

21:46:19.0171 3576 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

21:46:19.0171 3576 usbscan - ok

21:46:19.0281 3576 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys

21:46:19.0281 3576 usbser - ok

21:46:19.0375 3576 UsbserFilt (6f3e3c6811b930d2414552a2e4a40f36) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys

21:46:19.0375 3576 UsbserFilt - ok

21:46:19.0437 3576 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

21:46:19.0437 3576 USBSTOR - ok

21:46:19.0484 3576 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

21:46:19.0484 3576 usbuhci - ok

21:46:19.0546 3576 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

21:46:19.0562 3576 VgaSave - ok

21:46:19.0640 3576 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

21:46:19.0640 3576 viaagp - ok

21:46:19.0734 3576 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

21:46:19.0734 3576 ViaIde - ok

21:46:19.0859 3576 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

21:46:19.0859 3576 VolSnap - ok

21:46:19.0906 3576 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

21:46:19.0906 3576 Wanarp - ok

21:46:19.0953 3576 wanatw - ok

21:46:20.0031 3576 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

21:46:20.0046 3576 Wdf01000 - ok

21:46:20.0093 3576 WDICA - ok

21:46:20.0140 3576 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

21:46:20.0156 3576 wdmaud - ok

21:46:20.0359 3576 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

21:46:20.0390 3576 winachsf - ok

21:46:20.0500 3576 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys

21:46:20.0500 3576 WpdUsb - ok

21:46:20.0562 3576 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

21:46:20.0562 3576 WS2IFSL - ok

21:46:20.0640 3576 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

21:46:20.0640 3576 WSTCODEC - ok

21:46:20.0734 3576 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

21:46:20.0734 3576 WudfPf - ok

21:46:20.0890 3576 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

21:46:20.0906 3576 WudfRd - ok

21:46:20.0937 3576 MBR (0x1B8) (e175c5c4ddfda9cb9c071eb890750c05) \Device\Harddisk0\DR0

21:46:20.0953 3576 \Device\Harddisk0\DR0 - ok

21:46:20.0953 3576 MBR (0x1B8) (06449e7c4af0550b77e260798769aa40) \Device\Harddisk1\DR4

21:46:20.0953 3576 \Device\Harddisk1\DR4 - ok

21:46:20.0968 3576 Boot (0x1200) (ec288c615e039963aae5b653c93ae10b) \Device\Harddisk0\DR0\Partition0

21:46:20.0968 3576 \Device\Harddisk0\DR0\Partition0 - ok

21:46:20.0968 3576 Boot (0x1200) (6d18a405eda8ede01766fd9e2477ed07) \Device\Harddisk1\DR4\Partition0

21:46:20.0968 3576 \Device\Harddisk1\DR4\Partition0 - ok

21:46:20.0968 3576 ============================================================

21:46:20.0968 3576 Scan finished

21:46:20.0968 3576 ============================================================

21:46:20.0984 3788 Detected object count: 1

21:46:20.0984 3788 Actual detected object count: 1

21:49:55.0890 3788 HKLM\SYSTEM\ControlSet002\services\57719641 - will be deleted on reboot

21:49:55.0890 3788 HKLM\SYSTEM\ControlSet003\services\57719641 - will be deleted on reboot

21:49:55.0890 3788 C:\WINDOWS\1100378455:2827905470.exe - will be deleted on reboot

21:49:55.0890 3788 57719641 ( HiddenFile.Multi.Generic ) - User select action: Delete

21:50:22.0390 1544 Deinitialize success

DDS

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by Jack at 21:13:25 on 2011-10-02

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.614 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\1100378455:2827905470.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATT-SST\McciTrayApp.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\DellSupport\DSAgnt.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\dllhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig/dell?hl=en

uSearch Page = hxxp://www.google.com/hws/sb/dell/en/side.html

uDefault_Page_URL = hxxp://att.net

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearch Bar = hxxp://www.google.com/hws/sb/dell/en/side.html

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en

mSearchAssistant = hxxp://www.google.com/hws/sb/dell/en/side.html

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110918114827.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [setDefaultMIDI] MIDIDef.exe

uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R

uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"

uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [userFaultCheck] "c:\windows\system32\dumprep.exe" 0 -u

mRun: [KernelFaultCheck] "c:\windows\system32\dumprep.exe" 0 -k

mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [switchBoard] "c:\program files\common files\adobe\switchboard\SwitchBoard.exe"

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRunOnce: [RunNarrator] Narrator.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

LSP: mswsock.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{6FD11E35-8F25-42F5-83EA-4503FF459143} : DhcpNameServer = 192.168.1.254

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-25 461864]

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29832]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-25 89624]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-28 88176]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-25 214904]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-25 214904]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-25 214904]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-25 160344]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-25 148520]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-29 24652]

R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2009-3-15 1201656]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-25 57432]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-25 180072]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-25 338040]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-25 83688]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]

S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-25 166024]

S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2011-3-22 4048256]

S3 {E759A799-4756-46F5-B08BAC5C630D6E50};{E759A799-4756-46F5-B08BAC5C630D6E50};c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-25 59288]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-25 83688]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-25 87808]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

.

=============== Created Last 30 ================

.

2011-10-03 02:05:23 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-03 02:01:52 -------- d-----w- c:\documents and settings\jack\application data\Malwarebytes

2011-10-03 02:01:26 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-10-03 02:01:23 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-03 02:01:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-18 16:48:27 28504 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll

2011-09-09 13:39:54 -------- d-----w- c:\documents and settings\all users\application data\regid.1986-12.com.adobe

2011-09-09 02:03:15 -------- d-----w- c:\program files\Adobe Download Assistant

.

==================== Find3M ====================

.

2011-09-28 00:33:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-15 15:00:06 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-08-15 15:00:06 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-08-15 15:00:06 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-08-15 15:00:06 83688 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-08-15 15:00:06 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-08-15 15:00:06 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-08-15 15:00:06 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-08-15 15:00:06 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-08-15 15:00:06 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-08-15 15:00:06 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

.

============= FINISH: 21:15:01.79 ===============

Share this post


Link to post
Share on other sites

Thank you very much.

ComboFix

ComboFix 11-10-05.02 - Jack 10/05/2011 20:13:34.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.649 [GMT -5:00]

Running from: c:\documents and settings\Jack\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\HNwUijLvsL.exe

c:\documents and settings\HelpAssistant\WINDOWS

c:\documents and settings\Joel\WINDOWS

c:\windows\$NtUninstallKB16079$\1070045055

c:\windows\$NtUninstallKB16079$\1467061825\@

c:\windows\$NtUninstallKB16079$\1467061825\bckfg.tmp

c:\windows\$NtUninstallKB16079$\1467061825\cfg.ini

c:\windows\$NtUninstallKB16079$\1467061825\Desktop.ini

c:\windows\$NtUninstallKB16079$\1467061825\keywords

c:\windows\$NtUninstallKB16079$\1467061825\kwrd.dll

c:\windows\$NtUninstallKB16079$\1467061825\L\pdmzmplg

c:\windows\$NtUninstallKB16079$\1467061825\lsflt7.ver

c:\windows\$NtUninstallKB16079$\1467061825\U\00000001.$

c:\windows\$NtUninstallKB16079$\1467061825\U\00000001.@

c:\windows\$NtUninstallKB16079$\1467061825\U\00000002.$

c:\windows\$NtUninstallKB16079$\1467061825\U\00000002.@

c:\windows\$NtUninstallKB16079$\1467061825\U\80000000.@

c:\windows\$NtUninstallKB16079$\1467061825\U\80000032.$

c:\windows\$NtUninstallKB16079$\1467061825\U\80000032.@

c:\windows\kb913800.exe

c:\windows\$NtUninstallKB16079$ . . . . Failed to delete

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_57719641

.

.

((((((((((((((((((((((((( Files Created from 2011-09-06 to 2011-10-06 )))))))))))))))))))))))))))))))

.

.

2011-10-06 00:38 . 2011-10-06 00:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-10-06 00:34 . 2011-08-19 20:56 28504 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll

2011-10-04 01:00 . 2011-10-04 01:01 -------- d-----w- c:\documents and settings\Jack\Local Settings\Application Data\Adobe

2011-10-03 02:43 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-03 02:29 . 2011-10-03 02:29 -------- d-----w- c:\program files\Unlocker

2011-10-03 02:20 . 2011-10-03 02:20 -------- d-----w- C:\TDSSKiller_Quarantine

2011-10-03 02:05 . 2011-10-03 02:44 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-03 02:01 . 2011-10-03 02:01 -------- d-----w- c:\documents and settings\Jack\Application Data\Malwarebytes

2011-10-03 02:01 . 2011-10-03 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-10-03 02:01 . 2011-10-03 02:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-09 13:39 . 2011-09-09 13:39 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe

2011-09-09 02:03 . 2011-09-09 02:03 -------- d-----w- c:\program files\Adobe Download Assistant

2011-09-09 02:02 . 2011-09-09 02:02 -------- d-----w- c:\program files\Common Files\Adobe AIR

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-28 00:33 . 2011-06-05 19:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-15 15:00 . 2010-08-26 01:56 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-08-15 15:00 . 2010-08-26 01:56 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-08-15 15:00 . 2010-08-26 01:56 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-08-15 15:00 . 2010-08-26 01:56 83688 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-08-15 15:00 . 2010-08-26 01:56 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-08-15 15:00 . 2010-08-26 01:56 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-08-15 15:00 . 2010-08-26 01:56 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-08-15 15:00 . 2010-08-26 01:56 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-08-15 15:00 . 2010-08-26 01:56 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-08-15 15:00 . 2010-08-26 01:56 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-04-14 19:01 . 2010-08-26 01:56 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe

[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe

[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

.

c:\windows\System32\ctfmon.exe ... is missing !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]

"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-26 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2009-10-22 1577984]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk

backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk

backup=c:\windows\pss\ymetray.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MskAgentexe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

2005-08-06 03:05 344064 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]

2006-02-09 22:34 106496 -c--a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]

2004-12-03 00:23 102400 ------w- c:\program files\Creative\MediaSource\Detector\CTDetect.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]

2005-09-15 15:47 57344 -c----w- c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

2005-05-31 11:33 122941 -c--a-w- c:\windows\system32\dla\tfswctrl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCCCATS]

2005-06-07 18:38 69632 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\dlcctime.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]

2005-07-22 19:03 425984 -c--a-w- c:\program files\Dell Photo AIO Printer 924\dlccmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

2005-02-23 22:19 53248 -c----w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

2005-09-29 20:01 67584 -c--a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

2005-06-17 13:56 139264 -c--a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-06-10 16:44 249856 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-06-10 16:44 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-03-07 20:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]

2005-05-19 14:54 1345520 -c--a-w- c:\windows\system32\CTMBHA.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

2006-01-05 23:44 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]

2004-12-22 23:40 24576 ----a-w- c:\windows\MIDIDEF.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2005-03-23 06:20 339968 -c--a-w- c:\windows\stsystra.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2007-07-12 09:00 132496 -c--a-w- c:\program files\Java\jre1.6.0_02\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-07-26 01:35 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

2000-05-11 07:00 90112 -c----w- c:\windows\Updreg.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]

2005-09-19 13:42 1159168 -c----w- c:\program files\Creative\VoiceCenter\AndreaVC.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Java\\jdk1.6.0_06\\jre\\bin\\java.exe"=

"c:\\Program Files\\Java\\jre1.6.0_06\\bin\\javaw.exe"=

"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3596:UDP"= 3596:UDP:Windows Media Format SDK (wmplayer.exe)

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

"2479:TCP"= 2479:TCP:Services

"3246:TCP"= 3246:TCP:Services

"3389:TCP"= 3389:TCP:Remote Desktop

"7540:TCP"= 7540:TCP:Services

"7541:TCP"= 7541:TCP:Services

.

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [8/9/2008 2:42 PM 29832]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [8/25/2010 8:56 PM 89624]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/28/2008 7:36 PM 94880]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/25/2010 8:56 PM 214904]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/25/2010 8:56 PM 214904]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [8/25/2010 8:57 PM 160344]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [8/25/2010 8:56 PM 148520]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/29/2008 8:42 PM 24652]

R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [3/15/2009 8:21 PM 1201656]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [8/25/2010 8:56 PM 57432]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [8/25/2010 8:56 PM 338040]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [8/25/2010 8:56 PM 83688]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 4:18 PM 135664]

S3 {E759A799-4756-46F5-B08BAC5C630D6E50};{E759A799-4756-46F5-B08BAC5C630D6E50};c:\windows\System32\svchost.exe -k netsvcs [8/16/2005 5:18 AM 14336]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 4:18 PM 135664]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [8/25/2010 8:56 PM 83688]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/25/2010 8:56 PM 87808]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

.

2011-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 21:18]

.

2011-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 21:18]

.

2011-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1822975280-1932388528-3927860585-1007Core.job

- c:\documents and settings\Jen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-17 01:49]

.

2011-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1822975280-1932388528-3927860585-1007UA.job

- c:\documents and settings\Jen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-17 01:49]

.

2011-10-06 c:\windows\Tasks\RegistryBooster.job

- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-03-14 15:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig/dell?hl=en

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.254

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath -

.

- - - - ORPHANS REMOVED - - - -

.

HKU-Default-Run-HNwUijLvsL.exe - c:\documents and settings\All Users\Application Data\HNwUijLvsL.exe

SafeBoot-11573089.sys

SafeBoot-42704237.sys

SafeBoot-86609227.sys

SafeBoot-90390051.sys

SafeBoot-WudfPf

SafeBoot-WudfRd

SafeBoot-svcWRSSSDK

MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

MSConfigStartUp-ctfmon - c:\windows\system32\ctfmon.exe

MSConfigStartUp-MimBoot - c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

MSConfigStartUp-Motive SmartBridge - c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

MSConfigStartUp-SpySweeper - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe

AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-05 20:34

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,fe,99,dd,81,15,12,49,b9,52,b4,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,fe,99,dd,81,15,12,49,b9,52,b4,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2324)

c:\windows\system32\WININET.dll

c:\progra~1\mcafee\SITEAD~1\saHook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\CTsvcCDA.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\dllhost.exe

c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

c:\progra~1\mcafee.com\agent\mcagent.exe

c:\windows\system32\msiexec.exe

c:\windows\system32\MsiExec.exe

.

**************************************************************************

.

Completion time: 2011-10-05 20:39:10 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-06 01:39

.

Pre-Run: 77,117,448,192 bytes free

Post-Run: 77,366,919,168 bytes free

.

- - End Of File - - BE3B6A7283D79DF15ACC1EDD8F5C7D7E

DDS

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by Jack at 20:41:51 on 2011-10-05

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.514 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\ATT-SST\McciTrayApp.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\MsiExec.exe

C:\WINDOWS\system32\notepad.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig/dell?hl=en

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110918114827.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [setDefaultMIDI] MIDIDef.exe

uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R

uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [switchBoard] "c:\program files\common files\adobe\switchboard\SwitchBoard.exe"

mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRunOnce: [RunNarrator] Narrator.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{6FD11E35-8F25-42F5-83EA-4503FF459143} : DhcpNameServer = 192.168.1.254

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-25 461864]

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29832]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-25 89624]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-28 94880]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-25 214904]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-25 214904]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-25 214904]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-25 160344]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-25 148520]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-29 24652]

R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2009-3-15 1201656]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-25 57432]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-25 180072]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-25 338040]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-25 83688]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]

S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-25 166024]

S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2011-3-22 4048256]

S3 {E759A799-4756-46F5-B08BAC5C630D6E50};{E759A799-4756-46F5-B08BAC5C630D6E50};c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-25 59288]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-25 83688]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-25 87808]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

.

=============== Created Last 30 ================

.

2011-10-06 00:34:33 28504 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll

2011-10-04 01:01:03 -------- d-sha-r- C:\cmdcons

2011-10-04 01:00:41 -------- d-----w- c:\documents and settings\jack\local settings\application data\Adobe

2011-10-04 00:54:35 208896 ----a-w- c:\windows\MBR.exe

2011-10-04 00:54:34 518144 ----a-w- c:\windows\SWREG.exe

2011-10-04 00:54:34 256000 ----a-w- c:\windows\PEV.exe

2011-10-04 00:54:33 98816 ----a-w- c:\windows\sed.exe

2011-10-03 02:43:20 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-03 02:29:58 -------- d-----w- c:\program files\Unlocker

2011-10-03 02:20:46 -------- d-----w- C:\TDSSKiller_Quarantine

2011-10-03 02:05:23 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-03 02:01:52 -------- d-----w- c:\documents and settings\jack\application data\Malwarebytes

2011-10-03 02:01:26 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-10-03 02:01:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-09 13:39:54 -------- d-----w- c:\documents and settings\all users\application data\regid.1986-12.com.adobe

2011-09-09 02:03:15 -------- d-----w- c:\program files\Adobe Download Assistant

.

==================== Find3M ====================

.

2011-09-28 00:33:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-15 15:00:06 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-08-15 15:00:06 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-08-15 15:00:06 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-08-15 15:00:06 83688 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-08-15 15:00:06 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-08-15 15:00:06 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-08-15 15:00:06 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-08-15 15:00:06 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-08-15 15:00:06 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-08-15 15:00:06 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

.

============= FINISH: 20:42:09.03 ===============

Share this post


Link to post
Share on other sites

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

FCOPY::
c:\windows\system32\dllcache\ctfmon.exe | c:\windows\system32\ctfmon.exe

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Share this post


Link to post
Share on other sites

Thanks again, here is the info.

ComboFix 11-10-09.01 - Jack 10/09/2011 21:05:56.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.539 [GMT -5:00]

Running from: c:\documents and settings\Jack\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Jack\Desktop\CFScript.txt

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

--------------- FCopy ---------------

.

c:\windows\system32\dllcache\ctfmon.exe --> c:\windows\system32\ctfmon.exe

.

((((((((((((((((((((((((( Files Created from 2011-09-10 to 2011-10-10 )))))))))))))))))))))))))))))))

.

.

2011-10-10 02:05 . 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\dllcache\ctfmon.exe

2011-10-10 02:05 . 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

2011-10-06 00:38 . 2011-10-06 00:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-10-06 00:34 . 2011-08-19 20:56 28504 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll

2011-10-04 01:00 . 2011-10-04 01:01 -------- d-----w- c:\documents and settings\Jack\Local Settings\Application Data\Adobe

2011-10-03 02:43 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-03 02:29 . 2011-10-03 02:29 -------- d-----w- c:\program files\Unlocker

2011-10-03 02:20 . 2011-10-03 02:20 -------- d-----w- C:\TDSSKiller_Quarantine

2011-10-03 02:05 . 2011-10-03 02:44 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-03 02:01 . 2011-10-03 02:01 -------- d-----w- c:\documents and settings\Jack\Application Data\Malwarebytes

2011-10-03 02:01 . 2011-10-03 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-10-03 02:01 . 2011-10-03 02:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-28 00:33 . 2011-06-05 19:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-15 15:00 . 2010-08-26 01:56 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-08-15 15:00 . 2010-08-26 01:56 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-08-15 15:00 . 2010-08-26 01:56 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-08-15 15:00 . 2010-08-26 01:56 83688 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-08-15 15:00 . 2010-08-26 01:56 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-08-15 15:00 . 2010-08-26 01:56 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-08-15 15:00 . 2010-08-26 01:56 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-08-15 15:00 . 2010-08-26 01:56 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-08-15 15:00 . 2010-08-26 01:56 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-08-15 15:00 . 2010-08-26 01:56 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-04-14 19:01 . 2010-08-26 01:56 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-10-06_01.34.27 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-10-10 02:01 . 2011-10-10 02:01 16384 c:\windows\Temp\Perflib_Perfdata_4a4.dat

+ 2006-01-15 18:09 . 2011-10-10 02:11 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2006-01-15 18:09 . 2011-10-06 01:08 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2011-10-10 02:06 . 2011-10-10 02:11 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]

"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-26 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2009-10-22 1577984]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk

backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk

backup=c:\windows\pss\ymetray.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

2005-08-06 03:05 344064 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]

2006-02-09 22:34 106496 -c--a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]

2004-12-03 00:23 102400 ------w- c:\program files\Creative\MediaSource\Detector\CTDetect.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]

2005-09-15 15:47 57344 -c----w- c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

2005-05-31 11:33 122941 -c--a-w- c:\windows\system32\dla\tfswctrl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCCCATS]

2005-06-07 18:38 69632 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\dlcctime.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]

2005-07-22 19:03 425984 -c--a-w- c:\program files\Dell Photo AIO Printer 924\dlccmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

2005-02-23 22:19 53248 -c----w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

2005-09-29 20:01 67584 -c--a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

2005-06-17 13:56 139264 -c--a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-06-10 16:44 249856 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-06-10 16:44 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-03-07 20:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]

2005-05-19 14:54 1345520 -c--a-w- c:\windows\system32\CTMBHA.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

2006-01-05 23:44 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]

2004-12-22 23:40 24576 ----a-w- c:\windows\MIDIDEF.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2005-03-23 06:20 339968 -c--a-w- c:\windows\stsystra.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2007-07-12 09:00 132496 -c--a-w- c:\program files\Java\jre1.6.0_02\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-07-26 01:35 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

2000-05-11 07:00 90112 -c----w- c:\windows\Updreg.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]

2005-09-19 13:42 1159168 -c----w- c:\program files\Creative\VoiceCenter\AndreaVC.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Java\\jdk1.6.0_06\\jre\\bin\\java.exe"=

"c:\\Program Files\\Java\\jre1.6.0_06\\bin\\javaw.exe"=

"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3596:UDP"= 3596:UDP:Windows Media Format SDK (wmplayer.exe)

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

"2479:TCP"= 2479:TCP:Services

"3246:TCP"= 3246:TCP:Services

"3389:TCP"= 3389:TCP:Remote Desktop

"7540:TCP"= 7540:TCP:Services

"7541:TCP"= 7541:TCP:Services

.

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [8/9/2008 2:42 PM 29832]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [8/25/2010 8:56 PM 89624]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/28/2008 7:36 PM 94880]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/25/2010 8:56 PM 214904]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/25/2010 8:56 PM 214904]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [8/25/2010 8:57 PM 160344]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [8/25/2010 8:56 PM 148520]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/29/2008 8:42 PM 24652]

R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [3/15/2009 8:21 PM 1201656]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [8/25/2010 8:56 PM 57432]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [8/25/2010 8:56 PM 338040]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [8/25/2010 8:56 PM 83688]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 4:18 PM 135664]

S3 {E759A799-4756-46F5-B08BAC5C630D6E50};{E759A799-4756-46F5-B08BAC5C630D6E50};c:\windows\System32\svchost.exe -k netsvcs [8/16/2005 5:18 AM 14336]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 4:18 PM 135664]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [8/25/2010 8:56 PM 83688]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/25/2010 8:56 PM 87808]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

.

2011-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 21:18]

.

2011-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 21:18]

.

2011-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1822975280-1932388528-3927860585-1007Core.job

- c:\documents and settings\Jen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-17 01:49]

.

2011-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1822975280-1932388528-3927860585-1007UA.job

- c:\documents and settings\Jen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-17 01:49]

.

2011-10-10 c:\windows\Tasks\RegistryBooster.job

- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-03-14 15:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig/dell?hl=en

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.254

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath -

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-09 21:22

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,fe,99,dd,81,15,12,49,b9,52,b4,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,fe,99,dd,81,15,12,49,b9,52,b4,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3348)

c:\windows\system32\WININET.dll

c:\progra~1\mcafee\SITEAD~1\saHook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-10-09 21:25:40

ComboFix-quarantined-files.txt 2011-10-10 02:25

ComboFix2.txt 2011-10-06 01:39

.

Pre-Run: 77,337,681,920 bytes free

Post-Run: 77,309,288,448 bytes free

.

- - End Of File - - A44D00D49CF872022782DA06AA692CE6

DDS

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by Jack at 21:26:48 on 2011-10-09

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.517 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\ATT-SST\McciTrayApp.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig/dell?hl=en

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110918114827.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [setDefaultMIDI] MIDIDef.exe

uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R

uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [switchBoard] "c:\program files\common files\adobe\switchboard\SwitchBoard.exe"

mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRunOnce: [RunNarrator] Narrator.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{6FD11E35-8F25-42F5-83EA-4503FF459143} : DhcpNameServer = 192.168.1.254

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-25 461864]

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29832]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-25 89624]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-28 94880]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-25 214904]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-25 214904]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-25 214904]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-25 160344]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-25 148520]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-29 24652]

R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2009-3-15 1201656]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-25 57432]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-25 180072]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-25 338040]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-25 83688]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]

S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-25 166024]

S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2011-3-22 4048256]

S3 {E759A799-4756-46F5-B08BAC5C630D6E50};{E759A799-4756-46F5-B08BAC5C630D6E50};c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-25 59288]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-25 83688]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-25 87808]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

.

=============== Created Last 30 ================

.

2011-10-10 02:05:56 15360 ----a-w- c:\windows\system32\dllcache\ctfmon.exe

2011-10-10 02:05:56 15360 ----a-w- c:\windows\system32\ctfmon.exe

2011-10-10 02:04:06 -------- d-----w- C:\ComboFix

2011-10-06 00:34:33 28504 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll

2011-10-04 01:01:03 -------- d-sha-r- C:\cmdcons

2011-10-04 01:00:41 -------- d-----w- c:\documents and settings\jack\local settings\application data\Adobe

2011-10-04 00:54:35 208896 ----a-w- c:\windows\MBR.exe

2011-10-04 00:54:34 518144 ----a-w- c:\windows\SWREG.exe

2011-10-04 00:54:34 256000 ----a-w- c:\windows\PEV.exe

2011-10-04 00:54:33 98816 ----a-w- c:\windows\sed.exe

2011-10-03 02:43:20 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-03 02:29:58 -------- d-----w- c:\program files\Unlocker

2011-10-03 02:20:46 -------- d-----w- C:\TDSSKiller_Quarantine

2011-10-03 02:05:23 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-03 02:01:52 -------- d-----w- c:\documents and settings\jack\application data\Malwarebytes

2011-10-03 02:01:26 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-10-03 02:01:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

2011-09-28 00:33:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-15 15:00:06 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-08-15 15:00:06 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-08-15 15:00:06 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-08-15 15:00:06 83688 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-08-15 15:00:06 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-08-15 15:00:06 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-08-15 15:00:06 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-08-15 15:00:06 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-08-15 15:00:06 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-08-15 15:00:06 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

.

============= FINISH: 21:27:05.46 ===============

Share this post


Link to post
Share on other sites

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Share this post


Link to post
Share on other sites

I'm unable to run ESET Online Scanner. My Internet Explorer locked up every time I tried to run ESET. Thanks.

Share this post


Link to post
Share on other sites

Try this one instead:

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Share this post


Link to post
Share on other sites

Here you go, thanks much.

F-Secure

Scanning Report

Friday, October 14, 2011 21:27:37 - 07:03:29

Computer name: KIEDAISCH

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\

--------------------------------------------------------------------------------

42 malware found

TrackingCookie.Questionmarket (spyware)

System (Disinfected)

TrackingCookie.Adinterax (spyware)

System (Disinfected)

TrackingCookie.2o7 (spyware)

System (Disinfected)

TrackingCookie.Advertising (spyware)

System (Disinfected)

TrackingCookie.Atdmt (spyware)

System (Disinfected)

TrackingCookie.Adtech (spyware)

System (Disinfected)

TrackingCookie.Doubleclick (spyware)

System (Disinfected)

TrackingCookie.Revsci (spyware)

System (Disinfected)

TrackingCookie.Clickbank (spyware)

System (Disinfected)

TrackingCookie.Fastclick (spyware)

System (Disinfected)

TrackingCookie.Adbrite (spyware)

System (Disinfected)

TrackingCookie.Xiti (spyware)

System (Disinfected)

TrackingCookie.Mediaplex (spyware)

System (Disinfected)

TrackingCookie.Liveperson (spyware)

System (Disinfected)

TrackingCookie.Statcounter (spyware)

System (Disinfected)

TrackingCookie.Atwola (spyware)

System (Disinfected)

TrackingCookie.Yieldmanager (spyware)

System (Disinfected)

Suspicious:W32/Malware!Gemini (virus)

C:\RAILSINSTALLER\DEVKIT\MINGW\MINGW32\BIN\LD.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

C:\RAILSINSTALLER\DEVKIT\MINGW\MINGW32\BIN\AS.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

C:\RAILSINSTALLER\DEVKIT\MINGW\MINGW32\BIN\NM.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

C:\RAILSINSTALLER\DEVKIT\MINGW\MINGW32\BIN\OBJCOPY.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

C:\RAILSINSTALLER\DEVKIT\MINGW\MINGW32\BIN\DLLTOOL.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

C:\RAILSINSTALLER\DEVKIT\MINGW\MINGW32\BIN\OBJDUMP.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

C:\RAILSINSTALLER\DEVKIT\MINGW\MINGW32\BIN\AR.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

C:\RAILSINSTALLER\DEVKIT\MINGW\MINGW32\BIN\RANLIB.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

C:\RAILSINSTALLER\DEVKIT\MINGW\MINGW32\BIN\STRIP.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\ADDR2LINE.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\AS.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\AR.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\C++FILT.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\DLLTOOL.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\GPROF.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\LD.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\OBJCOPY.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\RANLIB.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\NM.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\OBJDUMP.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\STRINGS.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\WINDMC.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\SIZE.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\STRIP.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

C:\RAILSINSTALLER\DEVKIT\MINGW\BIN\WINDRES.EXE (Not cleaned & Submitted)

--------------------------------------------------------------------------------

Statistics

Scanned:

Files: 167362

System: 5065

Not scanned: 40

Actions:

Disinfected: 17

Renamed: 0

Deleted: 0

Not cleaned: 25

Submitted: 25

Files not scanned:

C:\HIBERFIL.SYS

C:\PAGEFILE.SYS

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

C:\WINDOWS\SYSTEM32\CONFIG\SAM

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1576\A0484239.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1576\A0484231.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1575\A0483125.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1575\A0483200.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1575\A0483210.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1575\A0484177.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1575\A0483150.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1574\A0480887.SYS

C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1574\A0481887.SYS

C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1574\A0482887.SYS

C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1574\A0482963.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1574\A0482979.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1574\A0483040.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1574\A0483055.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1574\A0483092.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1573\A0474752.SYS

C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1573\A0474770.SYS

C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1573\A0474749.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1573\A0475770.SYS

C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1573\A0475799.SYS

C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1573\A0475832.SYS

C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1573\A0475844.SYS

C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1573\A0475874.SYS

C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE

C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE

C:\DOCUMENTS AND SETTINGS\JOEL\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\H2EJZQCO\FILE[1].EXE

C:\DOCUMENTS AND SETTINGS\JACK\LOCAL SETTINGS\TEMP\HSPERFDATA_JACK\2672

C:\DOCUMENTS AND SETTINGS\JACK\LOCAL SETTINGS\TEMP\HSPERFDATA_JACK\3848

C:\DOCUMENTS AND SETTINGS\JACK\DESKTOP\AUTORUNS.EXE

C:\DOCUMENTS AND SETTINGS\JACK\DESKTOP\PROCEXP.EXE

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1F255CDAD041FFB61CD5E4C68064FB53_24ADF822-76F7-4481-B30B-FF1B40F8687F

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AD391678A806EC4D691E83AAA393B6F_24ADF822-76F7-4481-B30B-FF1B40F8687F

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6361243DF0FCC8CDE52BA9C6D2368086_24ADF822-76F7-4481-B30B-FF1B40F8687F

--------------------------------------------------------------------------------

Options

Scanning engines:

Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

Use advanced heuristics

--------------------------------------------------------------------------------

Security Check

checkup.txt

Results of screen317's Security Check version 0.99.24

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

McAfee Uninstaller

McAfee SecurityCenter

Antivirus up to date! (On Access scanning disabled!)

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

HijackThis 2.0.2

CCleaner

Java DB 10.5.3.0

Java 6 Update 26

Java SE Runtime Environment 6 Update 1

Java 6 Update 2

Java 6 Update 6

Java SE Development Kit 6 Update 6

Java SE Development Kit 6 Update 21

Java 2 Runtime Environment, SE v1.4.2_03

Java DB 10.3.1.4

Out of date Java installed!

Mozilla Firefox (3.6.) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

mcafee VIRUSS~1 mcvsshld.exe

``````````End of Log````````````

Share this post


Link to post
Share on other sites

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

HijackThis 2.0.2

Java DB 10.5.3.0

Java™ 6 Update 26

Java™ SE Runtime Environment 6 Update 1

Java™ 6 Update 2

Java™ 6 Update 6

Java™ SE Development Kit 6 Update 6

Java™ SE Development Kit 6 Update 21

Java 2 Runtime Environment, SE v1.4.2_03

Java DB 10.3.1.4

Restart your computer.

Get the latest version of Java.

Also update Firefox. Ensure that you are using version 7. Reboot.

Let me know what issues remain.

Share this post


Link to post
Share on other sites

I followed all your steps except updating Firefox. After updating Java and performing a reboot, the Microsoft Windows Malicious Software Removal Tool window appeared and stated it found "Trojan:DOS/Alureon.C" which was partially removed and manual steps were still required. It suggested I run a scan with an anti-virus program. Any suggestions? Am I able to run Malwarebytes at this point?

Thanks.

Share this post


Link to post
Share on other sites

Yes try running MBAM at this point. Likely that it was found in a Temp folder or in System Restore.

Why didn't you update Firefox??

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Share this post


Link to post
Share on other sites

Sorry, I received the Trojan notification after I updated the Java but before I updated Firefox. I didn't want to take any chances so I just stopped and posted the results. I will follow your newest instructions and update Firefox as well. Thanks.

Share this post


Link to post
Share on other sites

I ran MBAM and TFC. Also updated Firefox. Things seem to be working correctly, haven't had a problem since my last post. Do you need to see any other logs? Thank you.

Share this post


Link to post
Share on other sites

Thing look good from here. :)

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.