Jump to content

Virus Scanner Won't Turn On

shiro

By shiro
in Resolved Malware Removal Logs

 Share

Recommended Posts

shiro

shiro

Posted
Posted

I have McAfee Security Center, but I can't turn on the scanner. Every time I try to turn it on, it turns back off again the next second. Also, the Windows Security Alerts is active and says I have no virus protection. I think that it's fake, but a full scan of MBAM did not find an infection, and running ComboFix didn't get rid of it either. How do I turn the virus scanner on?

Link to post
Share on other sites
shiro

shiro

Posted
  • Author
Posted
Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7902

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/10/2011 5:38:02 PM

mbam-log-2011-10-10 (17-38-01).txt

Scan type: Quick scan

Objects scanned: 231569

Time elapsed: 11 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7902

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/10/2011 5:38:02 PM

mbam-log-2011-10-10 (17-38-01).txt

Scan type: Quick scan

Objects scanned: 231569

Time elapsed: 11 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Jonathan at 20:03:51 on 2011-10-10

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.492 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\GEARSec.exe

C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\WINDOWS\system32\mfevtps.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Norton Ghost\Agent\VProSvc.exe

C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

C:\Program Files\Giraffic\Veoh_Giraffic.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

C:\Program Files\Common Files\AOL\1188357693\ee\AOLSoftware.exe

C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

C:\Program Files\Digital Line Detect\DLG.exe

c:\program files\common files\aol\1188357693\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\1188357693\EE\aolsoftware.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe

C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\AOL Desktop 9.6\waol.exe

C:\Program Files\AOL Desktop 9.6\shellmon.exe

.

============== Pseudo HJT Report ===============

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: myBabylon Toolbar: {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - c:\program files\mybabylon\tbmyBa.dll

BHO: McAfee Anti-Phishing Filter: {41d68ed8-4cff-4115-88a6-6ebb8af19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110714230508.dll

BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - c:\program files\common files\homepage protection\HomepageProtection.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - c:\program files\norton safe web lite\engine\1.2.0.7\coIEPlg.dll

TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll

TB: myBabylon Toolbar: {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - c:\program files\mybabylon\tbmyBa.dll

TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll

TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - c:\program files\norton safe web lite\engine\1.2.0.7\coIEPlg.dll

TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler

uRun: [AOL Fast Start] "c:\program files\aol desktop 9.6\AOL.EXE" -b

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MSKDetct.exe /startup

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MskAgent.exe

mRun: [HostManager] c:\program files\common files\aol\1188357693\ee\AOLSoftware.exe

mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe

mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [DMXLauncher] "c:\program files\sonic\product\media experience\DMXLauncher.exe"

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\program files\mcafee\spamkiller\mcapfbho.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

Trusted Zone: musicmatch.com\online

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188358865640

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} - hxxps://dssterm.co.mecklenburg.nc.us/dssterm/msrdp.cab

DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mahjong-fortuna-2-deluxe/zylomplayer.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {D441AB53-A39C-42AE-AB79-3C05B7298F34} - hxxp://aolsvc.aol.com/onlinegames/free-trial-astro-avenger-ii/AstroAvenger2Loader.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.gamehouse.com/realarcade-webgames/zuma/popcaploader.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{7F678E8C-7C85-42C2-A5D8-076EAB571A78} : DhcpNameServer = 209.18.47.61 209.18.47.62

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-11-23 459728]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-7-14 84200]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-12-13 198256]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-12-13 165488]

R2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files\giraffic\veoh_girafficwatchdog.exe --service --> c:\program files\giraffic\Veoh_GirafficWatchdog.exe --service [?]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-8 366152]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-14 271480]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-7-14 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-7-14 148520]

R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\1.2.0.7\ccSvcHst.exe [2011-9-17 130000]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-8 22216]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-11-23 153280]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-7-14 314088]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-7-14 88736]

S1 MpKsld0636441;MpKsld0636441;\??\c:\windows\system32\mpenginestore\mpksld0636441.sys --> c:\windows\system32\mpenginestore\MpKsld0636441.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-10 136176]

S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-14 271480]

S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-7-14 171168]

S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-12-13 79472]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-7-14 56064]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-10 136176]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-11-23 52320]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-7-14 88736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-7-14 84488]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-11-23 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-11-23 40552]

S3 StreamSurge;StreamSurge Driver (miniport); [x]

S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-5-22 822424]

.

=============== Created Last 30 ================

.

2011-10-10 21:25:53 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-08 15:56:38 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-08 14:41:44 -------- d-----w- c:\documents and settings\jonathan\application data\lbD3pGHdK

2011-10-08 14:41:43 -------- d-----w- c:\documents and settings\jonathan\application data\LQJdL8RZqYkVlNP

2011-10-06 01:32:42 -------- d-----w- c:\documents and settings\jonathan\application data\R9hTXjCeltPyiDo

2011-10-06 01:32:41 -------- d-----w- c:\documents and settings\jonathan\application data\rbnGaQ6dW

2011-10-06 01:12:34 -------- d-----w- c:\documents and settings\jonathan\application data\iucS2D3pn5Q6W8R

2011-10-06 01:12:33 -------- d-----w- c:\documents and settings\jonathan\application data\HD2obF4pm5QLgZ

2011-10-06 00:54:49 -------- d-----w- c:\documents and settings\jonathan\application data\vyivD3FmHsJfLgZ

2011-10-06 00:54:48 -------- d-----w- c:\documents and settings\jonathan\application data\VjUCelIBrPyAuDo

2011-10-06 00:24:51 -------- d-----w- c:\documents and settings\jonathan\application data\kYIzy0vSb3m5Q6E

2011-10-06 00:24:50 -------- d-----w- c:\documents and settings\jonathan\application data\AXVlBPc1v

2011-10-05 23:59:43 -------- d-----w- c:\documents and settings\jonathan\application data\iYOvpJgXl0

2011-10-05 23:59:42 -------- d-----w- c:\documents and settings\jonathan\application data\vJdEKfRZXy

2011-10-05 23:06:23 -------- d-----w- c:\documents and settings\jonathan\application data\RjYCwkIVrOtAuSi

2011-10-05 23:06:23 -------- d-----w- c:\documents and settings\jonathan\application data\jF3pmG5aQ6E8R9Y

2011-10-05 23:06:01 -------- d-----w- c:\documents and settings\jonathan\application data\f4amH6sWKLgXjCk

2011-09-17 23:16:12 -------- d-----w- c:\windows\system32\drivers\nst\0102000.007

2011-09-17 23:16:12 -------- d-----w- c:\windows\system32\drivers\NST

2011-09-17 23:16:12 -------- d-----w- c:\program files\Norton Safe Web Lite

.

==================== Find3M ====================

.

2011-09-23 17:03:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-01 02:15:36 3714 --sha-w- c:\windows\system32\KGyGaAvL.sys

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.

============= FINISH: 20:05:02.97 ===============

attach.zip

Link to post
Share on other sites
shiro

shiro

Posted
  • Author
Posted
ComboFix 11-10-16.02 - Jonathan 10/16/2011 20:51:29.5.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.498 [GMT -4:00]

Running from: c:\documents and settings\Jonathan\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Ellen\Start Menu\Programs\AV Guard Online

c:\documents and settings\Tim\Start Menu\Programs\AV Guard Online

.

.

((((((((((((((((((((((((( Files Created from 2011-09-17 to 2011-10-17 )))))))))))))))))))))))))))))))

.

.

2011-10-16 01:10 . 2011-10-16 01:10 -------- d-----w- c:\program files\iPod

2011-10-16 01:09 . 2011-10-16 01:10 -------- d-----w- c:\program files\iTunes

2011-10-16 01:04 . 2011-10-16 01:04 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer

2011-10-16 01:04 . 2011-10-16 01:04 -------- d-----w- c:\windows\LastGood

2011-10-16 01:03 . 2011-10-16 01:03 -------- d-----w- c:\program files\Bonjour

2011-10-08 15:56 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-08 14:41 . 2011-10-08 14:46 -------- d-----w- c:\documents and settings\Jonathan\Application Data\lbD3pGHdK

2011-10-08 14:41 . 2011-10-08 14:41 -------- d-----w- c:\documents and settings\Jonathan\Application Data\LQJdL8RZqYkVlNP

2011-10-07 15:33 . 2011-10-07 15:33 -------- d-----w- c:\documents and settings\Ellen\Application Data\vdWKfRTqUeIrN

2011-10-07 15:33 . 2011-10-07 15:33 -------- d-----w- c:\documents and settings\Ellen\Application Data\EwUVrxS1b3

2011-10-07 15:09 . 2011-10-07 15:09 -------- d-----w- c:\documents and settings\Ellen\Application Data\wrPNycA1uDo4m5W

2011-10-07 15:09 . 2011-10-07 15:09 -------- d-----w- c:\documents and settings\Ellen\Application Data\Bu24mqlOx1b3fXj

2011-10-07 14:12 . 2011-10-07 14:12 -------- d-----w- c:\documents and settings\Tim\Application Data\mPu1bD3pna

2011-10-07 14:12 . 2011-10-07 14:12 -------- d-----w- c:\documents and settings\Tim\Application Data\x1vD2onF4m5W7E8

2011-10-07 06:12 . 2011-10-07 06:12 -------- d-----w- c:\documents and settings\Tim\Application Data\QG5aQJ6dKfZhwU

2011-10-07 06:12 . 2011-10-07 06:12 -------- d-----w- c:\documents and settings\Tim\Application Data\nP0ycS1i3n4m6W7

2011-10-06 17:49 . 2011-10-06 17:49 -------- d-----w- c:\documents and settings\Tim\Application Data\X2bD3nHWLjINina

2011-10-06 17:49 . 2011-10-06 17:49 -------- d-----w- c:\documents and settings\Tim\Application Data\mAu2obmQLRqwVNP

2011-10-06 17:48 . 2011-10-06 17:48 -------- d-----w- c:\documents and settings\Tim\Application Data\DOBtx0ucSiDpGaH

2011-10-06 17:40 . 2011-10-06 17:40 -------- d-----w- c:\documents and settings\Tim\Application Data\PiDoFa6W7E9TqYe

2011-10-06 17:40 . 2011-10-06 17:40 -------- d-----w- c:\documents and settings\Tim\Application Data\kA0uv2obFpGsJd

2011-10-06 01:32 . 2011-10-06 01:32 -------- d-----w- c:\documents and settings\Jonathan\Application Data\R9hTXjCeltPyiDo

2011-10-06 01:32 . 2011-10-06 01:32 -------- d-----w- c:\documents and settings\Jonathan\Application Data\rbnGaQ6dW

2011-10-06 01:12 . 2011-10-06 01:12 -------- d-----w- c:\documents and settings\Jonathan\Application Data\iucS2D3pn5Q6W8R

2011-10-06 01:12 . 2011-10-06 01:12 -------- d-----w- c:\documents and settings\Jonathan\Application Data\HD2obF4pm5QLgZ

2011-10-06 00:54 . 2011-10-06 00:54 -------- d-----w- c:\documents and settings\Jonathan\Application Data\vyivD3FmHsJfLgZ

2011-10-06 00:54 . 2011-10-06 00:54 -------- d-----w- c:\documents and settings\Jonathan\Application Data\VjUCelIBrPyAuDo

2011-10-06 00:24 . 2011-10-06 00:24 -------- d-----w- c:\documents and settings\Jonathan\Application Data\kYIzy0vSb3m5Q6E

2011-10-06 00:24 . 2011-10-06 00:24 -------- d-----w- c:\documents and settings\Jonathan\Application Data\AXVlBPc1v

2011-10-05 23:59 . 2011-10-05 23:59 -------- d-----w- c:\documents and settings\Jonathan\Application Data\iYOvpJgXl0

2011-10-05 23:59 . 2011-10-05 23:59 -------- d-----w- c:\documents and settings\Jonathan\Application Data\vJdEKfRZXy

2011-10-05 23:37 . 2011-10-05 23:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-10-05 23:30 . 2011-10-05 23:30 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2011-10-05 23:06 . 2011-10-05 23:06 -------- d-----w- c:\documents and settings\Jonathan\Application Data\RjYCwkIVrOtAuSi

2011-10-05 23:06 . 2011-10-05 23:06 -------- d-----w- c:\documents and settings\Jonathan\Application Data\jF3pmG5aQ6E8R9Y

2011-10-05 23:06 . 2011-10-05 23:06 -------- d-----w- c:\documents and settings\Jonathan\Application Data\f4amH6sWKLgXjCk

2011-09-26 15:41 . 2011-09-26 15:41 220160 ------w- c:\windows\system32\dllcache\oleacc.dll

2011-09-26 15:41 . 2011-09-26 15:41 20480 ------w- c:\windows\system32\dllcache\oleaccrc.dll

2011-09-17 23:16 . 2011-09-17 23:16 -------- d-----w- c:\windows\system32\drivers\NST

2011-09-17 23:16 . 2011-09-17 23:16 -------- d-----w- c:\program files\Norton Safe Web Lite

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-14 23:00 . 2011-07-12 04:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41 . 2005-08-16 08:18 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41 . 2005-08-16 08:18 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12 . 2005-08-16 08:18 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20 . 2005-08-16 08:18 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-31 03:05 . 2011-08-31 03:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-08-22 23:48 . 2005-08-16 08:18 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48 . 2005-08-16 08:18 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48 . 2005-08-16 08:18 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56 . 2005-08-16 08:18 385024 ----a-w- c:\windows\system32\html.iec

2011-08-17 13:49 . 2005-08-16 08:18 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]

2008-02-14 18:54 1555480 ----a-w- c:\program files\myBabylon\tbmyBa.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]

2009-08-28 14:40 128360 ----a-w- c:\program files\Common Files\Homepage Protection\HomepageProtection.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "c:\program files\myBabylon\tbmyBa.dll" [2008-02-14 1555480]

.

[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{34EA1C70-42CC-42C5-AA29-EC58B95A343E}"= "c:\program files\myBabylon\tbmyBa.dll" [2008-02-14 1555480]

.

[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]

"AOL Fast Start"="c:\program files\AOL Desktop 9.6\AOL.EXE" [2011-01-13 42320]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 58992]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2007-08-28 73728]

"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-07-12 1117184]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-07-12 110592]

"HostManager"="c:\program files\Common Files\AOL\1188357693\ee\AOLSoftware.exe" [2010-03-08 41800]

"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2010-07-13 70720]

"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 99480]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]

"DMXLauncher"="c:\program files\Sonic\Product\Media Experience\DMXLauncher.exe" [2007-04-02 113400]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-05 1195408]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]

.

c:\documents and settings\Ellen\Start Menu\Programs\Startup\

AOL Desktop.lnk - c:\program files\Common Files\AOL\Launch\aollaunch.exe [2010-3-8 41800]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-22 24576]

HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Qshelf.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Qshelf.lnk

backup=c:\windows\pss\Qshelf.lnkCommon Startup

backupExtension=Common Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]

2005-12-07 20:05 1537696 ----a-w- c:\program files\Norton Ghost\Agent\GhostTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]

2011-06-22 08:25 2648184 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=

"c:\\Program Files\\Common Files\\AOL\\1188357693\\EE\\AOLServiceHost.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\1188357693\\EE\\aolsoftware.exe"=

"c:\\Program Files\\AOL 9.1\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Common Files\\AOL\\1188357693\\EE\\AOLDesktop.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=

"c:\\Program Files\\Recosoft PDF2Office\\PDF2Office Personal v4.0\\PDF2OfficeDesktopServer.exe"=

"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\AOL Desktop 9.6\\waol.exe"=

"c:\\Program Files\\Giraffic\\Veoh_Giraffic.exe"=

"c:\\Program Files\\Giraffic\\Veoh_GirafficWatchdog.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3355:UDP"= 3355:UDP:Windows Media Format SDK (aolbrowser.exe)

"3354:UDP"= 3354:UDP:Windows Media Format SDK (aolbrowser.exe)

.

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [7/14/2011 11:04 PM 84200]

R2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files\Giraffic\Veoh_GirafficWatchdog.exe --service --> c:\program files\Giraffic\Veoh_GirafficWatchdog.exe --service [?]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/8/2011 11:56 AM 366152]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [7/14/2011 11:04 PM 271480]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [7/14/2011 11:05 PM 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [7/14/2011 9:59 PM 148520]

R2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe [9/17/2011 7:16 PM 130000]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/8/2011 11:56 AM 22216]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [7/14/2011 11:04 PM 314088]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [7/14/2011 11:04 PM 88736]

S1 MpKsld0636441;MpKsld0636441;\??\c:\windows\system32\MpEngineStore\MpKsld0636441.sys --> c:\windows\system32\MpEngineStore\MpKsld0636441.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/10/2011 8:24 AM 136176]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [7/14/2011 11:04 PM 56064]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/10/2011 8:24 AM 136176]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [7/14/2011 11:04 PM 88736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [7/14/2011 11:04 PM 84488]

S3 StreamSurge;StreamSurge Driver (miniport); [x]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - BONJOUR_SERVICE

*NewlyCreated* - IPOD_SERVICE

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2011-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-10 12:23]

.

2011-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-10 12:23]

.

2011-10-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-11-23 16:22]

.

2011-09-01 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-11-23 16:22]

.

2011-10-16 c:\windows\Tasks\Norton Security Scan for Ellen.job

- c:\progra~1\NORTON~2\NORTON~1\Engine\301~1.8\Nss.exe [2011-01-11 08:19]

.

2011-10-16 c:\windows\Tasks\RegCure Program Check.job

- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

.

2011-10-16 c:\windows\Tasks\RegCure.job

- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

.

.

------- Supplementary Scan -------

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

Trusted Zone: musicmatch.com\online

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mahjong-fortuna-2-deluxe/zylomplayer.cab

DPF: {D441AB53-A39C-42AE-AB79-3C05B7298F34} - hxxp://aolsvc.aol.com/onlinegames/free-trial-astro-avenger-ii/AstroAvenger2Loader.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-16 21:11

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1336)

c:\windows\system32\igfxdev.dll

.

- - - - - - - > 'winlogon.exe'(5452)

c:\windows\system32\igfxdev.dll

.

- - - - - - - > 'explorer.exe'(7888)

c:\windows\system32\WININET.dll

c:\progra~1\WINDOW~3\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

- - - - - - - > 'explorer.exe'(6060)

c:\windows\system32\WININET.dll

c:\progra~1\WINDOW~3\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-10-16 21:16:44

ComboFix-quarantined-files.txt 2011-10-17 01:16

ComboFix2.txt 2011-10-08 19:31

.

Pre-Run: 17,345,531,904 bytes free

Post-Run: 17,839,616,000 bytes free

.

- - End Of File - - A4155599354C39A54069EDC26FCE8988

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Jonathan at 21:18:59 on 2011-10-16

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.430 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\GEARSec.exe

C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\WINDOWS\system32\mfevtps.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Norton Ghost\Agent\VProSvc.exe

C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Giraffic\Veoh_Giraffic.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\AOL\1188357693\ee\AOLSoftware.exe

C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\AOL\1188357693\EE\aolsoftware.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Common Files\AOL\1188357693\EE\aolupdates.exe

C:\Program Files\AOL Desktop 9.6\waol.exe

C:\Program Files\AOL Desktop 9.6\shellmon.exe

c:\PROGRA~1\mcafee.com\agent\McUpdate.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

.

============== Pseudo HJT Report ===============

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: myBabylon Toolbar: {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - c:\program files\mybabylon\tbmyBa.dll

BHO: McAfee Anti-Phishing Filter: {41d68ed8-4cff-4115-88a6-6ebb8af19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110714230508.dll

BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - c:\program files\common files\homepage protection\HomepageProtection.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - c:\program files\norton safe web lite\engine\1.2.0.7\coIEPlg.dll

TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll

TB: myBabylon Toolbar: {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - c:\program files\mybabylon\tbmyBa.dll

TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll

TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - c:\program files\norton safe web lite\engine\1.2.0.7\coIEPlg.dll

TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler

uRun: [AOL Fast Start] "c:\program files\aol desktop 9.6\AOL.EXE" -b

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MSKDetct.exe /startup

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MskAgent.exe

mRun: [HostManager] c:\program files\common files\aol\1188357693\ee\AOLSoftware.exe

mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe

mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [DMXLauncher] "c:\program files\sonic\product\media experience\DMXLauncher.exe"

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\program files\mcafee\spamkiller\mcapfbho.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

Trusted Zone: musicmatch.com\online

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188358865640

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} - hxxps://dssterm.co.mecklenburg.nc.us/dssterm/msrdp.cab

DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mahjong-fortuna-2-deluxe/zylomplayer.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {D441AB53-A39C-42AE-AB79-3C05B7298F34} - hxxp://aolsvc.aol.com/onlinegames/free-trial-astro-avenger-ii/AstroAvenger2Loader.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.gamehouse.com/realarcade-webgames/zuma/popcaploader.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{7F678E8C-7C85-42C2-A5D8-076EAB571A78} : DhcpNameServer = 209.18.47.61 209.18.47.62

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-11-23 459728]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-7-14 84200]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-12-13 198256]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-12-13 165488]

R2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files\giraffic\veoh_girafficwatchdog.exe --service --> c:\program files\giraffic\Veoh_GirafficWatchdog.exe --service [?]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-8 366152]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-14 271480]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-7-14 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-7-14 148520]

R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\1.2.0.7\ccSvcHst.exe [2011-9-17 130000]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-8 22216]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-11-23 153280]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-7-14 314088]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-7-14 88736]

R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-5-22 822424]

S1 MpKsld0636441;MpKsld0636441;\??\c:\windows\system32\mpenginestore\mpksld0636441.sys --> c:\windows\system32\mpenginestore\MpKsld0636441.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-10 136176]

S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-14 271480]

S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-7-14 171168]

S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-12-13 79472]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-7-14 56064]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-10 136176]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-11-23 52320]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-7-14 88736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-7-14 84488]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-11-23 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-11-23 40552]

S3 StreamSurge;StreamSurge Driver (miniport); [x]

.

=============== Created Last 30 ================

.

2011-10-17 00:47:04 98816 ----a-w- c:\windows\sed.exe

2011-10-17 00:47:04 518144 ----a-w- c:\windows\SWREG.exe

2011-10-17 00:47:04 256000 ----a-w- c:\windows\PEV.exe

2011-10-17 00:47:04 208896 ----a-w- c:\windows\MBR.exe

2011-10-16 01:10:00 -------- d-----w- c:\program files\iPod

2011-10-16 01:09:54 -------- d-----w- c:\program files\iTunes

2011-10-16 01:03:29 -------- d-----w- c:\program files\Bonjour

2011-10-08 15:56:38 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-08 14:41:44 -------- d-----w- c:\documents and settings\jonathan\application data\lbD3pGHdK

2011-10-08 14:41:43 -------- d-----w- c:\documents and settings\jonathan\application data\LQJdL8RZqYkVlNP

2011-10-06 01:32:42 -------- d-----w- c:\documents and settings\jonathan\application data\R9hTXjCeltPyiDo

2011-10-06 01:32:41 -------- d-----w- c:\documents and settings\jonathan\application data\rbnGaQ6dW

2011-10-06 01:12:34 -------- d-----w- c:\documents and settings\jonathan\application data\iucS2D3pn5Q6W8R

2011-10-06 01:12:33 -------- d-----w- c:\documents and settings\jonathan\application data\HD2obF4pm5QLgZ

2011-10-06 00:54:49 -------- d-----w- c:\documents and settings\jonathan\application data\vyivD3FmHsJfLgZ

2011-10-06 00:54:48 -------- d-----w- c:\documents and settings\jonathan\application data\VjUCelIBrPyAuDo

2011-10-06 00:24:51 -------- d-----w- c:\documents and settings\jonathan\application data\kYIzy0vSb3m5Q6E

2011-10-06 00:24:50 -------- d-----w- c:\documents and settings\jonathan\application data\AXVlBPc1v

2011-10-05 23:59:43 -------- d-----w- c:\documents and settings\jonathan\application data\iYOvpJgXl0

2011-10-05 23:59:42 -------- d-----w- c:\documents and settings\jonathan\application data\vJdEKfRZXy

2011-10-05 23:06:23 -------- d-----w- c:\documents and settings\jonathan\application data\RjYCwkIVrOtAuSi

2011-10-05 23:06:23 -------- d-----w- c:\documents and settings\jonathan\application data\jF3pmG5aQ6E8R9Y

2011-10-05 23:06:01 -------- d-----w- c:\documents and settings\jonathan\application data\f4amH6sWKLgXjCk

2011-09-26 15:41:20 220160 ------w- c:\windows\system32\dllcache\oleacc.dll

2011-09-26 15:41:14 20480 ------w- c:\windows\system32\dllcache\oleaccrc.dll

2011-09-17 23:16:12 -------- d-----w- c:\windows\system32\drivers\nst\0102000.007

2011-09-17 23:16:12 -------- d-----w- c:\windows\system32\drivers\NST

2011-09-17 23:16:12 -------- d-----w- c:\program files\Norton Safe Web Lite

.

==================== Find3M ====================

.

2011-10-14 23:00:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-09-01 02:15:36 3714 --sha-w- c:\windows\system32\KGyGaAvL.sys

2011-08-31 03:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-31 03:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-31 03:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-08-31 03:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

============= FINISH: 21:19:25.33 ===============

attach.zip

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

Don't use any quote or code tags with your logs.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites
  • 2 weeks later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.