Jump to content
Sign in to follow this  
Rev-Roy

Rev-roy Hjt Log

Recommended Posts

Good morning:

 

My daughter's computer caught the XP antivirus 2011 thru a Google redirect and I have cleaned it up but caught it again next day and cleaned it again. I am posting this HJT log for someone to tell me if there is more I need to clean up?

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:32:56 AM, on 4/8/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE

C:\Program Files\Verizon\McciTrayApp.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\AWS\WeatherBug\Weather.exe

C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\mfevtps.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Documents and Settings\Chase\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/'>http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/'>http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=6.1&bm=ho_home

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

R3 - URLSearchHook: Oryte Games 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\prxtbGam0.dll

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110113110803.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Oryte Games 1 - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\prxtbGam0.dll

O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Oryte Games 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\prxtbGam0.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"

O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB002" /M "Stylus CX3800"

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [sSP Notifier] C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [AgentMonitor] C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab

O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

O23 - Service: FlipShare Server (FlipShareServer) - Unknown owner - C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

 

--

End of file - 14368 bytes

 

 

Thanks for any help!

 

Rev-Roy

Share this post


Link to post
Share on other sites

Hello Rev-Roy :adios:

 

My name is JonTom (I'm sure we've seen each other in the various forums from time to time but I'll post my general introduction to you anyway :) ).

 

  • Malware Logs can sometimes take a lot of time to research and interpret.

  • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.

  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.

  • Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.

  • PLEASE NOTE: If you do not reply after 5 days your thread will be closed.

I am posting this HJT log for someone to tell me if there is more I need to clean up?

HJT is a good tool but there are deeper scanners available that will give us a better picture of what is going on.

 

Please do the following:

 

  • Please perform the following scan

     

     

    • Please download DDS from here and save it to your desktop.
    • Disable any script blocking protection (How to Disable your Security Programs)
    • Double click on the DDS icon to run the tool (may take up to 3 minutes to run).
    • When done, DDS.txt will open.
    • After a few moments, attach.txt will open in a second window.
    • Save both reports to your desktop.
    • Please post the contents of the DDS.txt and Attach.txt logs in your next reply.

  • Please scan your system with GMER

     

     

    Posted Image

    Download GMER Rootkit Scanner from here or here.

    • Extract the contents of the zipped file to desktop.
    • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent.
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

  • Save it where you can easily find it, such as your desktop, and post it in your reply.

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries

 

Please post the DDS logs and the GMER log in your next reply. If you encounter any problems with the scans just come back and let me know :)

 

Share this post


Link to post
Share on other sites

Hello JonTom...I really appreciate your time helping me.

 

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Chase at 15:15:40.75 on Fri 04/08/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.328 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE

C:\Program Files\Verizon\McciTrayApp.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\AWS\WeatherBug\Weather.exe

C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\mfevtps.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Chase\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en

uWindow Title = Microsoft Internet Explorer provided by Verizon Online

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://www.yahoo.com

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = hxxp://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=6.1&bm=ho_home

uInternet Settings,ProxyOverride = 127.0.0.1;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

uURLSearchHooks: Oryte Games 1 Toolbar: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - c:\program files\games_bar_1\prxtbGam0.dll

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110113110803.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Oryte Games 1 Toolbar: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - c:\program files\games_bar_1\prxtbGam0.dll

BHO: MSN Search Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

TB: MSN Search Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll

TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Oryte Games 1 Toolbar: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - c:\program files\games_bar_1\prxtbGam0.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet

uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [A Verizon App] c:\progra~1\verizo~1\helpsu~1\VERIZO~1.EXE

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"

mRun: [EPSON Stylus CX3800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB002" /M "Stylus CX3800"

mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"

mRun: [sSP Notifier] c:\program files\fisher-price\fp3 player\sspnotifier.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [AgentMonitor] c:\program files\vtech\downloadmanager\system\AgentMonitor.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\documents and settings\chase\start menu\programs\startup\PowerReg Scheduler V3.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

IE: &MSN Search - c:\program files\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll/search.htm

IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: musicmatch.com\online

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://zone.msn.com/bingame/feed/default/SproutLauncher.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\chase\applic~1\mozilla\firefox\profiles\w3yuryd3.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\documents and settings\chase\application data\move networks\plugins\npqmp071701000002.dll

FF - plugin: c:\documents and settings\chase\application data\move networks\plugins\npqmp071705000014.dll

FF - plugin: c:\documents and settings\chase\local settings\application data\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll

FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll

FF - plugin: c:\program files\common files\motive\npMotive.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol305.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmnqmp07010901.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-6-1 386840]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-13 84072]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 67656]

R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-7-2 88176]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-13 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-13 271480]

R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-13 271480]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-13 171168]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-13 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-13 141792]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-13 55840]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-6-1 152960]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-13 313288]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-1-13 88544]

S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-6-1 52104]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-1-13 88544]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-13 84264]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-6-1 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-6-1 40552]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 12872]

.

=============== Created Last 30 ================

.

2011-04-07 02:27:40 -------- d-s---w- C:\ComboFix

2011-04-07 01:50:58 89088 ----a-w- c:\windows\MBR.exe

2011-04-07 01:50:58 256512 ----a-w- c:\windows\PEV.exe

2011-04-07 00:54:10 -------- d-----w- c:\docume~1\chase\locals~1\applic~1\ConduitEngine

2011-04-07 00:54:09 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-04-07 00:54:09 -------- d-----w- c:\program files\ConduitEngine

2011-04-07 00:28:18 -------- d-sha-r- C:\cmdcons

2011-04-07 00:26:07 98816 ----a-w- c:\windows\sed.exe

2011-04-07 00:26:07 161792 ----a-w- c:\windows\SWREG.exe

2011-04-07 00:25:43 389120 ----a-w- c:\windows\system32\CF23057.exe

2011-04-01 15:10:07 0 ---ha-w- c:\documents and settings\chase\cctwlalips.tmp

2011-03-31 15:37:45 -------- d-----w- c:\docume~1\chase\applic~1\Flip Video

2011-03-31 15:36:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Flip Video

2011-03-31 15:36:47 -------- d-----w- c:\program files\Flip Video

.

==================== Find3M ====================

.

2011-03-04 21:02:10 398760 ----a-r- c:\windows\system32\cpnprt2.cid

2011-02-04 22:48:32 456192 ----a-w- c:\windows\system32\encdec.dll

2011-02-04 22:48:30 291840 ----a-w- c:\windows\system32\sbe.dll

2011-02-03 01:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-02 23:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

.

============= FINISH: 15:16:23.16 ===============

 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 2/2/2006 7:52:46 PM

System Uptime: 4/7/2011 9:18:26 AM (30 hours ago)

.

Motherboard: Dell Inc. | | 0JC474

Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 144 GiB total, 92.439 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: PlayLinc Adapter

Device ID: ROOT\NET\0000

Manufacturer: Super Computer Inc.

Name: PlayLinc Adapter

PNP Device ID: ROOT\NET\0000

Service: hamachi_oem

.

==== System Restore Points ===================

.

RP1: 4/6/2011 8:51:06 PM - System Checkpoint

RP2: 4/7/2011 9:26:20 AM - Installed Java 6 Update 24

RP3: 4/8/2011 9:51:04 AM - System Checkpoint

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 7.0.5 Language Support

Adobe Reader 7.1.0

Adobe Shockwave Player 11.5

Adobe® Photoshop® Album Starter Edition 3.0

AOLIcon

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft Panorama Maker 3

ArcSoft PhotoImpression 5

AVIcodec (remove only)

Bonjour

Business Plan Pro 2006

Caillou's Preschool

Compatibility Pack for the 2007 Office system

Conexant D850 56K V.9x DFVc Modem

Coupon Printer for Windows

Dell Digital Jukebox Driver

Dell Driver Reset Tool

Dell Game Console

Dell Support 3.1

Dell System Restore

Digital Content Portal

Digital Line Detect

DIGOpt

DIGReqEx

EducateU

ELIcon

EPSON CX 3800 Guide

EPSON PhotoCenter

EPSON Printer Software

EPSON Scan

EPSON Web-To-Page

ESPNMotion

FlipShare

FP3 Player

Games_Bar_1 Toolbar

Gap Snow Day

GemMaster Mystic

Get High Speed Internet!

Hotfix for Windows Internet Explorer 7 (KB947864)

Image Resizer Powertoy for Windows XP

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Connections Drivers

Intel® PROSet for Wired Connections

iTunes

J2SE Runtime Environment 5.0 Update 10

J2SE Runtime Environment 5.0 Update 11

J2SE Runtime Environment 5.0 Update 6

Java 2 Runtime Environment, SE v1.4.2_03

Java Auto Updater

Java 6 Update 24

Java 6 Update 3

Java 6 Update 5

Java SE Runtime Environment 6 Update 1

JS3DPreSchool

JumpStart 3D Ages 3-5

JumpStart Reading for First Graders v1.2

Learn2 Player (Uninstall Only)

Learning Lodge Navigator

Malwarebytes' Anti-Malware

MathPlayer

McAfee SecurityCenter

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office XP Professional with FrontPage

Microsoft Picture It! Express 9

Microsoft Picture It! Library 9

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Modem Helper

Move Media Player

Move Networks Player for Firefox

Mozilla Firefox 4.0 (x86 en-US)

MSN

MSN Encarta Plus Support Files

MSN Messenger 7.5

MSN Search Toolbar

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Musicmatch for Windows Media Player

Musicmatch® Jukebox

NetWaiting

Nikon Message Center

Otto

Palo Alto Software's Application Manager 8.2

PictureProject

PlayLinc

PowerDVD 5.5

QuickTime

RealPlayer Basic

Sandlot Games Client Services

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Sonic DLA

Sonic Encoders

Sonic MyDVD LE

Sonic RecordNow Audio

Sonic RecordNow Copy

Sonic RecordNow Data

Sonic Update Manager

Spybot - Search & Destroy

Spybot - Search & Destroy 1.4

SpywareBlaster 4.4

SUPERAntiSpyware Free Edition

TONKA Firefighter

Tonka Workshop

Unity Web Player

Update for Windows Internet Explorer 8 (KB972636)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Verizon Help and Support Tool

Verizon Online

Verizon Online Help & Support

Viewpoint Media Player

VTech Download Agent Library

Vz In Home Agent

WeatherBug

WebCyberCoach 3.2 Dell

WebFldrs XP

Windows Genuine Advantage v1.3.0254.0

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]

Windows Media Player 11

Windows XP Service Pack 3

WordPerfect Office 12

Yahoo! BrowserPlus 2.7.1

Yahoo! extras

Yahoo! Install Manager

Yahoo! Internet Mail

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

4/7/2011 9:18:58 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

4/6/2011 8:26:06 PM, error: SRService [104] - The System Restore initialization process failed.

4/6/2011 8:26:06 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.

4/6/2011 4:21:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

4/6/2011 4:09:22 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file rundll32.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.

4/5/2011 7:49:17 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}

4/5/2011 7:05:30 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SASDIFSV SASKUTIL

4/5/2011 6:04:28 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Image Acquisition (WIA) service to connect.

4/5/2011 6:04:28 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SSDP Discovery Service service to connect.

4/5/2011 6:04:28 AM, error: Service Control Manager [7001] - The Media Center Extender Service service depends on the SSDP Discovery Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

4/5/2011 6:04:28 AM, error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/5/2011 6:04:28 AM, error: Service Control Manager [7000] - The SSDP Discovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/5/2011 5:44:33 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

4/5/2011 4:59:49 AM, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/5/2011 4:59:48 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.

4/5/2011 4:59:48 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}

4/5/2011 4:59:13 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/5/2011 4:59:12 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

4/4/2011 9:58:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

4/4/2011 9:57:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfehidk mfetdi2k MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip

4/4/2011 9:57:30 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

4/4/2011 9:57:30 PM, error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

4/4/2011 9:57:30 PM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

4/4/2011 9:57:30 PM, error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

4/4/2011 9:57:30 PM, error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

4/4/2011 9:57:30 PM, error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

4/4/2011 9:57:30 PM, error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

4/4/2011 9:57:30 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/4/2011 9:57:30 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/4/2011 9:57:30 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

4/4/2011 9:57:30 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/4/2011 9:57:30 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/4/2011 9:56:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/4/2011 9:56:51 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

4/4/2011 1:19:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde

.

==== End Of File ===========================

 

 

 

GMER 1.0.15.15570 - http://www.gmer.net

Rootkit scan 2011-04-08 16:52:09

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 ST3160828AS rev.8.03

Running: gmer.exe; Driver: C:\DOCUME~1\Chase\LOCALS~1\Temp\pwryipob.sys

 

 

---- System - GMER 1.0.15 ----

 

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF73450E0]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF73450F4]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF7345120]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7345176]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF73450CC]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF73450A4]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF73450B8]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF734510A]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF734514C]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF7345136]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF73451A0]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF734518C]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7345160]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\WINDOWS\Explorer.EXE[328] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CE000A

.text C:\WINDOWS\Explorer.EXE[328] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CE0036

.text C:\WINDOWS\Explorer.EXE[328] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CE001B

.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CD0FEF

.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CD007D

.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CD006C

.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CD0051

.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CD0F94

.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CD0036

.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CD00A9

.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CD0F6D

.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CD0F17

.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CD0F3C

.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CD00CB

.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CD0FAF

.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CD0014

.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CD0098

.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CD0FD4

.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CD0025

.text C:\WINDOWS\Explorer.EXE[328] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CD00BA

.text C:\WINDOWS\Explorer.EXE[328] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CC0014

.text C:\WINDOWS\Explorer.EXE[328] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CC004A

.text C:\WINDOWS\Explorer.EXE[328] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CC0FC3

.text C:\WINDOWS\Explorer.EXE[328] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CC0FD4

.text C:\WINDOWS\Explorer.EXE[328] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CC0F8D

.text C:\WINDOWS\Explorer.EXE[328] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CC0FEF

.text C:\WINDOWS\Explorer.EXE[328] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CC002F

.text C:\WINDOWS\Explorer.EXE[328] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CC0FB2

.text C:\WINDOWS\Explorer.EXE[328] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F50FAD

.text C:\WINDOWS\Explorer.EXE[328] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F50042

.text C:\WINDOWS\Explorer.EXE[328] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F50016

.text C:\WINDOWS\Explorer.EXE[328] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F50FEF

.text C:\WINDOWS\Explorer.EXE[328] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F50027

.text C:\WINDOWS\Explorer.EXE[328] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F50FD2

.text C:\WINDOWS\Explorer.EXE[328] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00CF0000

.text C:\WINDOWS\Explorer.EXE[328] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00CF0011

.text C:\WINDOWS\Explorer.EXE[328] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00CF0022

.text C:\WINDOWS\Explorer.EXE[328] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00CF0033

.text C:\WINDOWS\Explorer.EXE[328] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F40FEF

.text C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE[740] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 02582D10 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)

.text C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE[740] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 02582BF0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)

.text C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE[740] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 02582EB0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)

.text C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE[740] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 02582FB0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)

.text C:\WINDOWS\system32\services.exe[1036] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00050000

.text C:\WINDOWS\system32\services.exe[1036] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00050022

.text C:\WINDOWS\system32\services.exe[1036] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00050011

.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00040000

.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00040F9E

.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00040FAF

.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0004007D

.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0004006C

.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00040051

.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00040F5C

.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00040F6D

.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00040F26

.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00040F37

.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00040F15

.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00040FCA

.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00040011

.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 000400A4

.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00040036

.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00040FE5

.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 000400B5

.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006B002C

.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006B004E

.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006B001B

.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006B0FEF

.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006B0F91

.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006B0000

.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!RegCreateKeyW 77DFBA55 3 Bytes JMP 006B003D

.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!RegCreateKeyW + 4 77DFBA59 1 Byte [88]

.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 3 Bytes JMP 006B0FC0

.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!RegCreateKeyA + 4 77DFBCF7 1 Byte [88]

.text C:\WINDOWS\system32\services.exe[1036] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00070FB9

.text C:\WINDOWS\system32\services.exe[1036] msvcrt.dll!system 77C293C7 5 Bytes JMP 00070044

.text C:\WINDOWS\system32\services.exe[1036] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00070033

.text C:\WINDOWS\system32\services.exe[1036] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00070FEF

.text C:\WINDOWS\system32\services.exe[1036] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00070FDE

.text C:\WINDOWS\system32\services.exe[1036] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00070018

.text C:\WINDOWS\system32\services.exe[1036] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0006000A

.text C:\WINDOWS\system32\lsass.exe[1048] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C60FEF

.text C:\WINDOWS\system32\lsass.exe[1048] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C60000

.text C:\WINDOWS\system32\lsass.exe[1048] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C60FD4

.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BD0000

.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BD0F88

.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BD0087

.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BD006C

.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BD005B

.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BD0FC0

.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BD0F5C

.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BD0F77

.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BD0F4B

.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BD00E4

.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BD00F5

.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BD0FAF

.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BD001B

.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BD0098

.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BD0FDB

.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BD0036

.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BD00C9

.text C:\WINDOWS\system32\lsass.exe[1048] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C90025

.text C:\WINDOWS\system32\lsass.exe[1048] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C90F79

.text C:\WINDOWS\system32\lsass.exe[1048] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C90FD4

.text C:\WINDOWS\system32\lsass.exe[1048] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C9000A

.text C:\WINDOWS\system32\lsass.exe[1048] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C90F94

.text C:\WINDOWS\system32\lsass.exe[1048] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C90FEF

.text C:\WINDOWS\system32\lsass.exe[1048] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C90FA5

.text C:\WINDOWS\system32\lsass.exe[1048] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes JMP C89FEDE5

.text C:\WINDOWS\system32\lsass.exe[1048] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C90036

.text C:\WINDOWS\system32\lsass.exe[1048] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C80FCA

.text C:\WINDOWS\system32\lsass.exe[1048] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C80055

.text C:\WINDOWS\system32\lsass.exe[1048] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C8003A

.text C:\WINDOWS\system32\lsass.exe[1048] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C8000C

.text C:\WINDOWS\system32\lsass.exe[1048] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C80FE5

.text C:\WINDOWS\system32\lsass.exe[1048] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C80029

.text C:\WINDOWS\system32\lsass.exe[1048] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C70000

.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B10FE5

.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B10FC3

.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B10FD4

.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B00FE5

.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B00F1F

.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B0001E

.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B00F46

.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!LoadLibraryExA 7C801D53 1 Byte [E9]

.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B00F57

.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B00F8D

.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B00EFA

.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B0004C

.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B00ECB

.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B0006E

.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B00EBA

.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B00F7C

.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B00FD4

.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B0002F

.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B00F9E

.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B00FAF

.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B0005D

.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B40FD4

.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B40065

.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B40025

.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyW

Share this post


Link to post
Share on other sites

Hello Rev-Roy

 

Thank you for the logs.

 

hope I did it correctly!

You did :)

 

 

  • Please un-install your outdated Java

     

     

    • Click on "Start" then on "Control Panel" and then on "Add or remove programs".
    • Click on "remove a program". A list of currently installed programs will be displayed.
    • Find the "Java 2 Runtime Environment, SE v1.4.2_03" program, click on it once and then click on the "uninstall" button.
    • If you are prompted to re-boot your computer to complete the uninstall please do so.

    • Please repeat this process for the following:

    J2SE Runtime Environment 5.0 Update 10

    J2SE Runtime Environment 5.0 Update 11

    J2SE Runtime Environment 5.0 Update 6

    Java 2 Runtime Environment, SE v1.4.2_03

    Java™ 6 Update 3

    Java™ 6 Update 5

    Java™ SE Runtime Environment 6 Update 1

    • NOTE: DO NOT remove Java™ 6 Update 24.
  • Foistware

     

     

    • I can see from your log that you have Viewpoint Media Player installed.
    • Viewpoint Media Player is considered as foistware rather than malware since it is installed without user's approval but doesn't spy or do anything "bad".
    • It is recommended that you remove Viewpoint products. However, this choice is up to you.
    • To remove these programs, click "Start" and then on "Control Panel" and then on "Add or Remove Programs".
    • Select Viewpoint Media Player and click on "Remove".

    Now, I can see that ComboFix has been run on this machine very recently....

     

    While you may see ComboFix being used quite often and without incident, the tool should not be run unsupervised (as stated in the Disclaimer that is first displayed by ComboFix when you run the tool)

     

    Why we don't ask you to run ComboFix from the onset

     

    As stated by the author of ComboFix:

     

    ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

     

    We first need to verify if there's any rootkits present and how they could affect our tools. DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

     

    With these logs we can determine the infections present & decide whether to deploy ComboFix.

    That being said, the log produced by ComboFix contains important information for us. Kindly post the contents of the C:\ComboFix.txt in your next reply.

Share this post


Link to post
Share on other sites

Good Morning JonTom:

 

I really am thankful for folk such as you taking time to help.

 

I have completed the things you gave me, however, I cannot find a combo.txt file even by running a search of hidden files etc.

 

In the windows explorer, when I open it it gives me the file combofix and if I click on it it gives me another tree with combofix folder and doesn't end but keeps opening more and more if I continue to click on the new folder in each tree.

 

The search I did also would not end but was a continuous loop of search through all these trees.

 

Should I delete this folder and start over with running combo fix?

 

Thanks Roy

Share this post


Link to post
Share on other sites

Hello Rev-Roy

 

Should I delete this folder and start over with running combo fix?

Lets try this insead:

 

If you still have ComboFix installed on your desktop, please delete it by dragging it to the Recycle Bin and then Empty the bin.

 

Once you have done that, lets get a fresh copy of ComboFix onboard: Link

 

Please make sure that all of your system security is disabled before running the program.

 

Please post the ComboFix log in your next reply.

Share this post


Link to post
Share on other sites

Thanks

 

here it is:

 

ComboFix 11-04-08.02 - Chase 04/09/2011 10:46:44.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.509 [GMT -4:00]

Running from: c:\documents and settings\Chase\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Chase\Application Data\Mozilla\Firefox\Profiles\w3yuryd3.default\extensions\{29cf4142-1456-4559-8300-2ed298e9c263}

c:\documents and settings\Chase\Application Data\Mozilla\Firefox\Profiles\w3yuryd3.default\extensions\{29cf4142-1456-4559-8300-2ed298e9c263}\chrome.manifest

c:\documents and settings\Chase\Application Data\Mozilla\Firefox\Profiles\w3yuryd3.default\extensions\{29cf4142-1456-4559-8300-2ed298e9c263}\chrome\xulcache.jar

c:\documents and settings\Chase\Application Data\Mozilla\Firefox\Profiles\w3yuryd3.default\extensions\{29cf4142-1456-4559-8300-2ed298e9c263}\defaults\preferences\xulcache.js

c:\documents and settings\Chase\Application Data\Mozilla\Firefox\Profiles\w3yuryd3.default\extensions\{29cf4142-1456-4559-8300-2ed298e9c263}\install.rdf

c:\documents and settings\Chase\WINDOWS

c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\s35xyye1.default\extensions\{29cf4142-1456-4559-8300-2ed298e9c263}

c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\s35xyye1.default\extensions\{29cf4142-1456-4559-8300-2ed298e9c263}\chrome.manifest

c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\s35xyye1.default\extensions\{29cf4142-1456-4559-8300-2ed298e9c263}\chrome\xulcache.jar

c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\s35xyye1.default\extensions\{29cf4142-1456-4559-8300-2ed298e9c263}\defaults\preferences\xulcache.js

c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\s35xyye1.default\extensions\{29cf4142-1456-4559-8300-2ed298e9c263}\install.rdf

.

.

((((((((((((((((((((((((( Files Created from 2011-03-09 to 2011-04-09 )))))))))))))))))))))))))))))))

.

.

2011-04-07 00:54 . 2011-04-07 00:54 -------- d-----w- c:\documents and settings\Chase\Local Settings\Application Data\ConduitEngine

2011-04-07 00:54 . 2011-04-07 00:54 -------- d-----w- c:\program files\ConduitEngine

2011-04-07 00:54 . 2011-04-07 00:54 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-04-07 00:25 . 2011-04-07 00:25 389120 ----a-w- c:\windows\system32\CF23057.exe

2011-04-06 23:11 . 2011-04-06 23:11 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2011-04-06 20:20 . 2011-04-06 20:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2011-04-05 01:57 . 2011-04-05 01:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-04-05 01:56 . 2011-04-05 01:56 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2011-04-01 15:10 . 2011-04-01 15:10 0 ---ha-w- c:\documents and settings\Chase\cctwlalips.tmp

2011-03-31 15:37 . 2011-03-31 15:37 -------- d-----w- c:\documents and settings\Chase\Application Data\Flip Video

2011-03-31 15:37 . 2011-03-31 15:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\Flip Video

2011-03-31 15:36 . 2011-03-31 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Flip Video

2011-03-31 15:36 . 2011-03-31 15:36 -------- d-----w- c:\program files\Flip Video

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-04 21:02 . 2008-11-19 02:21 398760 ----a-r- c:\windows\system32\cpnprt2.cid

2011-02-04 22:48 . 2005-08-16 10:18 456192 ----a-w- c:\windows\system32\encdec.dll

2011-02-04 22:48 . 2005-08-16 10:18 291840 ----a-w- c:\windows\system32\sbe.dll

2011-02-03 01:40 . 2010-05-26 12:01 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-02 23:19 . 2009-11-16 00:42 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-02 07:58 . 2005-08-16 10:37 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2005-08-16 10:37 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-24 12:41 . 2011-01-24 12:41 18944 ----a-r- c:\documents and settings\Chase\Application Data\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe

2011-01-24 12:41 . 2011-01-24 12:41 11264 ----a-r- c:\documents and settings\Chase\Application Data\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A1630.exe

2011-01-21 14:44 . 2005-08-16 10:18 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-03-18 17:53 . 2011-04-07 01:43 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-10-14 03:28 . 2011-01-13 16:08 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}"= "c:\program files\Games_Bar_1\prxtbGam0.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]

2011-01-17 14:54 175912 ----a-w- c:\program files\Games_Bar_1\prxtbGam0.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}"= "c:\program files\Games_Bar_1\prxtbGam0.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{BC04B34E-5DD8-465A-A5E0-86F7C11BC009}"= "c:\program files\Games_Bar_1\prxtbGam0.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]

"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]

"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304]

"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-09 110592]

"SSP Notifier"="c:\program files\Fisher-Price\FP3 Player\sspnotifier.exe" [2006-07-12 20480]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-11-22 1193848]

"AgentMonitor"="c:\program files\VTech\DownloadManager\System\AgentMonitor.exe" [2010-12-21 326048]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

.

c:\documents and settings\Chase\Start Menu\Programs\Startup\

PowerReg Scheduler V3.exe [2010-4-10 225280]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-1-29 24576]

EPSON Status Monitor 3 Environment Check(2).lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2006-2-24 135680]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-21 02:48 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk

backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GapSDR.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GapSDR.lnk

backup=c:\windows\pss\GapSDR.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk

backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Palo Alto Software Update Manager 8.0.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Palo Alto Software Update Manager 8.0.lnk

backup=c:\windows\pss\Palo Alto Software Update Manager 8.0.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk

backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2005-06-07 03:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

2005-05-15 08:04 332800 ----a-w- c:\program files\Dell Support\DSAgnt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

2005-02-23 22:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fbdirect]

1998-11-18 00:10 227328 ----a-w- c:\progra~1\scansoft\PAPERP~1\FBDirect.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-06-10 16:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-01-25 20:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]

2005-09-09 01:20 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

2005-09-09 01:20 110592 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2006-01-24 16:37 7094272 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

2006-01-29 09:42 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\VTech\\DownloadManager\\System\\AgentMonitor.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"24726:TCP"= 24726:TCP:FlipShareServer

"24727:TCP"= 24727:TCP:FlipShareServer

.

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [1/13/2011 12:07 PM 84072]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 4:17 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 4:17 PM 67656]

R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [12/15/2010 1:22 PM 1085440]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [7/2/2009 9:55 PM 88176]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/13/2011 12:07 PM 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [1/13/2011 12:07 PM 271480]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [1/13/2011 12:08 PM 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/13/2011 12:07 PM 141792]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [1/13/2011 12:07 PM 55840]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [1/13/2011 12:07 PM 313288]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [1/13/2011 12:07 PM 88544]

S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [10/19/2006 11:11 AM 10664]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [1/13/2011 12:07 PM 88544]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/13/2011 12:07 PM 84264]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 4:17 PM 12872]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://www.yahoo.com

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = hxxp://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=6.1&bm=ho_home

uInternet Settings,ProxyOverride = 127.0.0.1;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm

IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm

Trusted Zone: musicmatch.com\online

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Chase\Application Data\Mozilla\Firefox\Profiles\w3yuryd3.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

MSConfigStartUp-Motive SmartBridge - c:\progra~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-04-09 10:54

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(992)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

Completion time: 2011-04-09 10:57:36

ComboFix-quarantined-files.txt 2011-04-09 14:57

.

Pre-Run: 101,203,353,600 bytes free

Post-Run: 101,217,591,296 bytes free

.

- - End Of File - - D45C04646BC3855FD3C885C16E7C39D2

 

Roy

Share this post


Link to post
Share on other sites

Hello Rev-Roy

 

Thank you for the log.

 

  • Please work through the following steps

     

     

    • Open Notepad (Click on "Start", then on "Run" and type "notepad" (without quotations) in the Open field, then click on "OK").
    • NOTE: Do not Use Wordpad or any other text editor except Notepad or the script will fail.
    • Copy and Paste the text in the quotebox below into the open Notepad window:

       

      File::

      c:\documents and settings\Chase\cctwlalips.tmp

      c:\windows\system32\ConduitEngine.tmp

       

      DDS::

      Trusted Zone: musicmatch.com\online

       

      RegLock::

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

       

       

    • Save this as "CFScript.txt" (including the quotation marks), change the "Save as type" to "All Files" and save it to your desktop.
    • Close any open browsers.
    • Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Refering to the picture below, drag CFScript.txt into ComboFix.exe

       

      Posted Image

       

    • When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
    • Once the log is produced, re-engage your resident anti virus.

  • Clean out your temporary files

     

     

    • Please download ATF Cleaner by Atribune by clicking here and save the file (called ATF-Cleaner.exe) to your desktop.
    • Run the program by double clicking the ATF-Cleaner.exe icon located on your desktop.
    • Check the boxes to the left of the following:

    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Temporary Internet Files
    • Java Cache

    • The rest are optional. If you want to remove everything check the "Select All" box.
    • Click on "Empty Selected" to begin cleaning.
    • Once the "Done Cleaning" message appears, click OK.
    • If you use Firefox, Click on the Firefox tab and repeat the above process.
    • When you have finished cleaning, click on the "Exit" button in the main menu.

  • MalwareBytes AntiMalware:

     

     

    • I can see that you have MBAM installed.
    • Double click on your MalwareBytes AntiMalware icon to launch the program.
    • Click on the "Update" tab and then on "Check for Updates".
    • The program will now install the latest Malware definition files.
    • Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan".
    • Once the program has scanned your computer, a log file will be created in Notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

     

    • If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
    • The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
    • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
    • Come back here to this thread and Paste the log in your next reply.

    Please post the ComboFix log and the MBAM log in your next reply, and let me know how the machine is running now :)

Share this post


Link to post
Share on other sites

Good Evening JonTom:

 

This has been a very interesting and learning experience for me. I have learned i don't know as much as I thought I did.

 

I would double your pay if I had the authority.

 

Here are the last logs you want and the machine is running great!

 

I could never thank you enough but know that if you ever need a wedding or a funeral, it's on me! LOL

 

REV-ROY

 

ComboFix 11-04-08.03 - Chase 04/09/2011 15:59:07.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.583 [GMT -4:00]

Running from: c:\documents and settings\Chase\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Chase\Desktop\CFScript.txt

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

FILE ::

"c:\documents and settings\Chase\cctwlalips.tmp"

"c:\windows\system32\ConduitEngine.tmp"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Chase\cctwlalips.tmp

c:\windows\system32\ConduitEngine.tmp

.

.

((((((((((((((((((((((((( Files Created from 2011-03-09 to 2011-04-09 )))))))))))))))))))))))))))))))

.

.

2011-04-07 00:54 . 2011-04-07 00:54 -------- d-----w- c:\documents and settings\Chase\Local Settings\Application Data\ConduitEngine

2011-04-07 00:54 . 2011-04-07 00:54 -------- d-----w- c:\program files\ConduitEngine

2011-04-07 00:25 . 2011-04-07 00:25 389120 ----a-w- c:\windows\system32\CF23057.exe

2011-04-06 23:11 . 2011-04-06 23:11 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2011-04-06 20:20 . 2011-04-06 20:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2011-04-05 01:57 . 2011-04-05 01:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-04-05 01:56 . 2011-04-05 01:56 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2011-03-31 15:37 . 2011-03-31 15:37 -------- d-----w- c:\documents and settings\Chase\Application Data\Flip Video

2011-03-31 15:37 . 2011-03-31 15:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\Flip Video

2011-03-31 15:36 . 2011-03-31 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Flip Video

2011-03-31 15:36 . 2011-03-31 15:36 -------- d-----w- c:\program files\Flip Video

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-04 21:02 . 2008-11-19 02:21 398760 ----a-r- c:\windows\system32\cpnprt2.cid

2011-02-04 22:48 . 2005-08-16 10:18 456192 ----a-w- c:\windows\system32\encdec.dll

2011-02-04 22:48 . 2005-08-16 10:18 291840 ----a-w- c:\windows\system32\sbe.dll

2011-02-03 01:40 . 2010-05-26 12:01 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-02 23:19 . 2009-11-16 00:42 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-02 07:58 . 2005-08-16 10:37 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2005-08-16 10:37 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-24 12:41 . 2011-01-24 12:41 18944 ----a-r- c:\documents and settings\Chase\Application Data\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe

2011-01-24 12:41 . 2011-01-24 12:41 11264 ----a-r- c:\documents and settings\Chase\Application Data\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A1630.exe

2011-01-21 14:44 . 2005-08-16 10:18 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-03-18 17:53 . 2011-04-07 01:43 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-10-14 03:28 . 2011-01-13 16:08 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((( [email protected]_14.54.31 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-04-09 15:03 . 2011-04-09 15:03 16384 c:\windows\temp\Perflib_Perfdata_994.dat

+ 2011-04-09 15:02 . 2011-04-09 15:02 16384 c:\windows\temp\Perflib_Perfdata_938.dat

+ 2006-02-03 00:31 . 2011-04-09 19:16 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2006-02-03 00:31 . 2011-04-09 09:53 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2011-04-09 19:16 . 2011-04-09 19:16 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}"= "c:\program files\Games_Bar_1\prxtbGam0.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]

2011-01-17 14:54 175912 ----a-w- c:\program files\Games_Bar_1\prxtbGam0.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}"= "c:\program files\Games_Bar_1\prxtbGam0.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{BC04B34E-5DD8-465A-A5E0-86F7C11BC009}"= "c:\program files\Games_Bar_1\prxtbGam0.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]

"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]

"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304]

"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-09 110592]

"SSP Notifier"="c:\program files\Fisher-Price\FP3 Player\sspnotifier.exe" [2006-07-12 20480]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-11-22 1193848]

"AgentMonitor"="c:\program files\VTech\DownloadManager\System\AgentMonitor.exe" [2010-12-21 326048]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

.

c:\documents and settings\Chase\Start Menu\Programs\Startup\

PowerReg Scheduler V3.exe [2010-4-10 225280]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-1-29 24576]

EPSON Status Monitor 3 Environment Check(2).lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2006-2-24 135680]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-21 02:48 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk

backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GapSDR.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GapSDR.lnk

backup=c:\windows\pss\GapSDR.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk

backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Palo Alto Software Update Manager 8.0.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Palo Alto Software Update Manager 8.0.lnk

backup=c:\windows\pss\Palo Alto Software Update Manager 8.0.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk

backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2005-06-07 03:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

2005-05-15 08:04 332800 ----a-w- c:\program files\Dell Support\DSAgnt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

2005-02-23 22:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fbdirect]

1998-11-18 00:10 227328 ----a-w- c:\progra~1\scansoft\PAPERP~1\FBDirect.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-06-10 16:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-01-25 20:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]

2005-09-09 01:20 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

2005-09-09 01:20 110592 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2006-01-24 16:37 7094272 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

2006-01-29 09:42 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\VTech\\DownloadManager\\System\\AgentMonitor.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"24726:TCP"= 24726:TCP:FlipShareServer

"24727:TCP"= 24727:TCP:FlipShareServer

.

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [1/13/2011 12:07 PM 84072]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 4:17 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 4:17 PM 67656]

R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [12/15/2010 1:22 PM 1085440]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [7/2/2009 9:55 PM 88176]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/13/2011 12:07 PM 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [1/13/2011 12:07 PM 271480]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [1/13/2011 12:08 PM 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/13/2011 12:07 PM 141792]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [1/13/2011 12:07 PM 55840]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [1/13/2011 12:07 PM 313288]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [1/13/2011 12:07 PM 88544]

S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [10/19/2006 11:11 AM 10664]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [1/13/2011 12:07 PM 88544]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/13/2011 12:07 PM 84264]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 4:17 PM 12872]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://www.yahoo.com

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = hxxp://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=6.1&bm=ho_home

uInternet Settings,ProxyOverride = 127.0.0.1;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm

IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Chase\Application Data\Mozilla\Firefox\Profiles\w3yuryd3.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-04-09 16:06

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(992)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

Completion time: 2011-04-09 16:09:52

ComboFix-quarantined-files.txt 2011-04-09 20:09

ComboFix2.txt 2011-04-09 14:57

.

Pre-Run: 101,172,170,752 bytes free

Post-Run: 101,157,842,944 bytes free

.

- - End Of File - - A880B9F0DB79EF26D25A31076B612133

 

 

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Database version: 6320

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

4/9/2011 4:25:28 PM

mbam-log-2011-04-09 (16-25-28).txt

 

Scan type: Quick scan

Objects scanned: 163411

Time elapsed: 4 minute(s), 44 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

Thanks again!

 

Roy

Share this post


Link to post
Share on other sites

Hello Rev-Roy

 

I would double your pay if I had the authority

You are very kind Roy. However, all of the helpers at this forum are volunteers. We receive no payment of any kind for our work (just happy to help out when we can).

 

the machine is running great!

Thats good news :)

 

We have a little more to do to make sure that everything is as it should be. I am slightly curious about a file that appears in your logs. I have an idea about its origins but I would like to have it checked just to be sure.

 

Please do the following:

 

  • Please scan the following files

     

     

     

    • On the page you'll find a "Browse" button.
    • Click on the Browse button.
    • In the Choose File to Upload window which opens, copy and paste this into the File Name box.

     

    c:\windows\system32\CF23057.exe

     

    • Next, click the Open button.
    • Then click the "Send File" button just below.
    • This will scan the file. Please be patient.
    • If you get a message saying File has already been analyzed: click Reanalyze file now.
    • Once scanned, copy and paste the link to the results page in your next reply.

  • Please run the following scan

     

     

    • Note: You will need to use Internet Explorer for this scan.
    • Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
    • Please disable your real time security programs before performing the scan.

     

    • Scan your system with Eset Online Scanner
    • Place a check mark in the box YES, I accept the Terms Of Use.
    • Click the Posted Image button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.

     

    • Check Posted Image
    • Click the Posted Image button.
    • Accept any security warnings from your browser.
    • Check Posted Image
    • Make sure that the option to "Remove Found Threats" is UN checked.
    • Push the "Start" button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push Posted Image
    • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the Posted Image button.
    • Push Posted Image

    Please post the link to the VirusTotal scan results and the ESET log in your next reply :)

Share this post


Link to post
Share on other sites

Hello Rev-Roy

 

but don't have time at moment til I get back from Church to finish the Eset sdcan

No problem at all my friend, there is no rush.

Post when you can :)

Share this post


Link to post
Share on other sites

Hello JonTom:

 

here is the Eset Scan results.

 

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinWebdirb3.zip Win32/Bagle.gen.zip worm

C:\Qoobox\Quarantine\C\Documents and Settings\Chase\Application Data\Mozilla\Firefox\Profiles\w3yuryd3.default\extensions\{29cf4142-1456-4559-8300-2ed298e9c263}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan

C:\Qoobox\Quarantine\C\Documents and Settings\Chase\Application Data\Mozilla\Firefox\Profiles\w3yuryd3.default\extensions\{29cf4142-1456-4559-8300-2ed298e9c263}\chrome\xulcache.jar.vir JS/Agent.NCP trojan

C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\s35xyye1.default\extensions\{29cf4142-1456-4559-8300-2ed298e9c263}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan

C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\s35xyye1.default\extensions\{29cf4142-1456-4559-8300-2ed298e9c263}\chrome\xulcache.jar.vir JS/Agent.NCP trojan

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP10\A0002648.manifest Win32/TrojanDownloader.Tracur.F trojan

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP10\A0002649.manifest Win32/TrojanDownloader.Tracur.F trojan

 

 

Could not believe it still had all of these.

 

Thanks, waiting your reply.

 

Rev-Roy

Share this post


Link to post
Share on other sites

Hello Rev-Roy

 

Thank you for the scans :)

 

Could not believe it still had all of these.

Those are nothing to worry about. One item has been quarantined by Spybot, others are present in ComboFix quarantine and you have a number of infected System Restore points which will be flushed when we remove our tools:

 

 

  • Please empty your Spybot Recovery Folder

     

     

    • One of the infections detected by the ESET Online Scan is located in your Spybot Recovery Folder.
    • To empty this folder, please do the following:
    • Open Spybot Search & Destroy, click on "Recovery", select "WinWebdirb3.zip", then click on "purge selected items".
    • Close Spybot.

  • Please Uninstall Combofix

     

     

    • Click on "Start" and then on "Run".
    • Now type combofix /uninstall in the run box and click "OK". Please note the space between the "x" and the "/Uninstall", it needs to be there.

  • Removal of Tools

     

     

    • You no longer need DDS or GMER. Please delete them from your system.

  • Your Adobe Reader is out of date

     

     

    • You can obtain the latest version of Adobe Reader from here, and the latest version of Flash Player from here.
    • For more information and links to Adobe updates and downloads click here.

     

    Once you have completed the above steps you should be good to go! If you have any further questions, please feel free to ask.

     

  • Finally, please take the time to read through the information provided below:

     

    Enhance your System Security

     

    • For an excellent list of free anti virus software, free online virus scanners, free spyware detection/removal and free firewalls, click here.

    • IMPORTANT! Please make sure you only have ONE firewall and ONE real-time antivirus installed on your system. When using "on demand" scanners, first update the detection signature files, then disconnect from the internet and disable your resident security program before running the scan.
    • Once complete, remember to re-engage your resident security before going online.

    Web Browsers and Browser Security

     

    Firefox

    • Firefox is generally considered to have greater browsing security in comparison to other popular programs. You can download Firefox 4.0 from here.

    No-Script

    • If you use Firefox as your default browser, No-Script can provide additional security by preventing malicious scripts from being executed on your system.
    • You can download No-Script by clicking here.

    Internet Explorer

    • The newest version of Internet Explorer is available from here.
    • Please Note: IE9 is not configured to run on XP machines.

    SpywareBlaster

    • If you use Internet Explorer as your default browser, SpywareBlaster would be a valuable addition to your online security.
    • SpywareBlaster prevents malicious ActiveX objects from being downloaded onto your system.
    • You can download SpywareBlaster by clicking here.

    Web of Trust

    • When using search engines, Web of Trust provides you with an easy way of telling the good sites from the bad and is compatible with both Firefox and Internet Explorer.
    • Coloured symbols are displayed next to search results, giving you more confidence in the links you choose to click on: Green (To go), Yellow (Caution) and Red (Stop).
    • You can download Web of Trust by clicking here.

    Keep your Software Updated

    • Outdated software can sometimes have vulnerabilities that are exploitable by malware.
    • Check if there are available updates for your installed software with Secunia's Online Software Inspector by clicking here.

    Passwords

    • Learn how to create strong passwords by clicking here and test the strength of the passwords you already use by clicking here.

    General Reading

    Learn How To Combat Malware

    • Would you like to learn how to fight back against malware and help others? Enroll at the What The Tech (Formerly Tom Coyotes) Malware Classroom by clicking here.

Share this post


Link to post
Share on other sites

I have finished your advice and am forever thankful!

 

My daughter is very appreciative as well!

 

Thanks JonTom!!!!!!

 

Rev-Roy

Share this post


Link to post
Share on other sites

Thanks JonTom!!!!!!

You and your daughter are both Very Welcome Rev-Roy

 

Put in a good word for me with "The Big Man Upstairs" (I need all the help I can get) :)

 

Enjoy the rest of your Sunday,

 

Best wishes

JonTom

Share this post


Link to post
Share on other sites

Since this problem appears to be resolved this topic is now closed.

 

Glad we could help :)

 

Best wishes

JonTom

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...