Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Search Results Hijacker and Automatic Updates problem


Recommended Posts

Hi

 

I have run IOBit Free, Malwarebyte, and AdAware. All found malware and removed it. However, I still have a search results hijacker that redirects my search results links and my Windows Automatic Updates will not turn on leaving me to believe there is still some problems lurking. Please help.

 

Thank you,

 

Dustin

Link to comment
Share on other sites

dds log

 

.

DDS (Ver_11-03-05.01) - NTFSx86 MINIMAL

Run by Administrator at 14:00:55.71 on Mon 05/16/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.582 [GMT -5:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Dustin\My Documents\Downloads\dds.scr

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061003

mSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = localhost

mSearchAssistant = hxxp://www.google.com/ie

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101108134013.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File

TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [EM_EXEC] c:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [iObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart

dRun: [CY08W456F0] c:\windows\temp\Ojh.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

Trusted Zone: musicmatch.com\online

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169680657281

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

AppInit_DLLs: c:\docume~1\dustin\locals~1\temp\32131kou.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

Hosts: 184.95.59.203 http://www.google.com

Hosts: 184.95.59.204 search.yahoo.com

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-5-14 64512]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-29 2146496]

S0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-16 386840]

S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-16 84072]

S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-23 135664]

S2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2011-5-14 312152]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-5-1 88176]

S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-16 271480]

S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-16 271480]

S2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-16 271480]

S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-16 171168]

S2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-16 188136]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-16 141792]

S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-5-10 24652]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-16 55840]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-23 135664]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-4-29 15232]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-16 152960]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-16 52104]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-16 313288]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-16 88544]

S3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-16 88544]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-16 84264]

S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\stumbleupon\StumbleUponUpdateService.exe [2009-12-8 120232]

.

=============== Created Last 30 ================

.

2011-05-15 10:25:46 16432 ----a-w- c:\windows\system32\lsdelete.exe

2011-05-15 03:58:12 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-05-15 02:18:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit

2011-05-15 02:18:47 -------- d-----w- c:\program files\IObit

2011-05-15 02:15:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2011-05-15 02:15:37 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-05-14 23:13:43 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-05-14 23:13:26 -------- d-----w- c:\program files\Lavasoft

2011-05-14 22:29:10 81920 ------w- c:\windows\system32\ieencode.dll

2011-05-08 06:45:53 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes

2011-05-08 06:45:07 -------- d-sh--w- c:\documents and settings\administrator\IETldCache

.

==================== Find3M ====================

.

2011-04-10 17:26:37 0 ----a-w- c:\windows\Tjifubovisidu.bin

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2007-08-18 09:06:50 774144 -c--a-w- c:\program files\RngInterstitial.dll

.

============= FINISH: 14:01:51.70 ===============

Link to comment
Share on other sites

attach log

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 7/22/2010 8:05:54 PM

System Uptime: 5/16/2011 12:51:02 PM (2 hours ago)

.

Motherboard: Dell Inc | | 0UT226

Processor: AMD Athlon 64 Processor 3200+ | Socket M2 | 2004/1000mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 71 GiB total, 18.611 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP118: 2/15/2011 8:28:33 PM - System Checkpoint

RP119: 2/17/2011 2:34:29 AM - System Checkpoint

RP120: 2/18/2011 1:37:24 PM - System Checkpoint

RP121: 2/19/2011 1:53:45 PM - System Checkpoint

RP122: 2/21/2011 7:34:44 PM - System Checkpoint

RP123: 2/26/2011 6:39:52 AM - System Checkpoint

RP124: 2/27/2011 6:53:45 AM - System Checkpoint

RP125: 3/1/2011 5:13:30 PM - System Checkpoint

RP126: 3/4/2011 7:36:28 PM - System Checkpoint

RP127: 3/5/2011 8:52:34 PM - System Checkpoint

RP128: 3/6/2011 9:53:01 PM - System Checkpoint

RP129: 3/7/2011 10:22:04 PM - System Checkpoint

RP130: 3/9/2011 3:00:28 AM - Software Distribution Service 3.0

RP131: 3/10/2011 3:56:01 AM - System Checkpoint

RP132: 3/14/2011 10:20:15 PM - System Checkpoint

RP133: 3/16/2011 5:41:48 PM - System Checkpoint

RP134: 3/18/2011 3:00:26 AM - Software Distribution Service 3.0

RP135: 3/21/2011 10:22:38 PM - Configured Microsoft Office Home and Student 2007

RP136: 3/24/2011 2:55:21 AM - System Checkpoint

RP137: 3/24/2011 3:00:24 AM - Software Distribution Service 3.0

RP138: 3/25/2011 11:29:21 AM - System Checkpoint

RP139: 3/26/2011 12:17:02 PM - System Checkpoint

RP140: 3/27/2011 12:49:32 PM - System Checkpoint

RP141: 3/28/2011 1:11:34 PM - System Checkpoint

RP142: 3/29/2011 8:13:07 PM - System Checkpoint

RP143: 4/9/2011 9:02:52 PM - System Checkpoint

RP144: 4/10/2011 12:59:24 PM - Restore Operation

RP145: 4/10/2011 3:10:23 PM - Software Distribution Service 3.0

RP146: 4/12/2011 6:27:04 AM - System Checkpoint

RP147: 4/13/2011 6:39:48 AM - System Checkpoint

RP148: 4/14/2011 11:43:43 AM - System Checkpoint

RP149: 4/15/2011 12:05:18 PM - System Checkpoint

RP150: 4/16/2011 3:00:17 AM - Software Distribution Service 3.0

RP151: 4/19/2011 2:13:45 AM - System Checkpoint

RP152: 4/20/2011 2:41:29 AM - System Checkpoint

RP153: 4/21/2011 3:31:53 AM - System Checkpoint

RP154: 4/22/2011 4:19:09 AM - System Checkpoint

RP155: 4/23/2011 4:46:26 AM - System Checkpoint

RP156: 4/25/2011 4:34:35 AM - System Checkpoint

RP157: 4/26/2011 7:16:26 AM - System Checkpoint

RP158: 4/26/2011 3:05:58 PM - Configured Microsoft Office Home and Student 2007

RP159: 4/26/2011 3:06:51 PM - Configured Microsoft Office Home and Student 2007

RP160: 4/27/2011 3:00:17 AM - Software Distribution Service 3.0

RP161: 4/28/2011 3:21:08 AM - System Checkpoint

RP162: 4/29/2011 4:07:06 AM - System Checkpoint

RP163: 4/30/2011 4:17:12 AM - System Checkpoint

RP164: 5/1/2011 5:07:02 AM - System Checkpoint

RP165: 5/2/2011 12:33:16 AM - Restore Operation

RP166: 5/4/2011 8:36:52 PM - System Checkpoint

RP167: 5/5/2011 8:37:43 PM - System Checkpoint

RP168: 5/7/2011 12:16:43 AM - System Checkpoint

RP169: 5/8/2011 12:25:42 AM - System Checkpoint

RP170: 5/8/2011 1:40:57 AM - Restore Operation

RP171: 5/8/2011 1:45:11 AM - Restore Operation

RP172: 5/9/2011 6:55:34 PM - System Checkpoint

RP173: 5/10/2011 9:39:50 PM - System Checkpoint

RP174: 5/11/2011 10:00:16 PM - System Checkpoint

RP175: 5/12/2011 10:26:02 PM - System Checkpoint

RP176: 5/14/2011 3:34:23 PM - System Checkpoint

RP177: 5/14/2011 4:49:52 PM - Installed %1 %2.

RP178: 5/14/2011 5:03:59 PM - Installed Microsoft Fix it 50362

RP179: 5/14/2011 5:27:41 PM - Installed Windows XP Service Pack 3.

RP180: 5/14/2011 5:33:33 PM - Installed Windows XP KB946648.

RP181: 5/14/2011 5:34:40 PM - Installed Windows XP KB950762.

RP182: 5/14/2011 5:35:32 PM - Installed Windows XP KB950974.

RP183: 5/14/2011 5:36:20 PM - Installed Windows XP KB951066.

RP184: 5/14/2011 6:13:02 PM - Installed Ad-Aware

RP185: 5/14/2011 6:13:24 PM - Installed Ad-Aware

RP186: 5/15/2011 9:28:49 PM - System Checkpoint

.

==== Installed Programs ======================

.

1310

1310_Help

1310Tour

1310Trb

2007 Microsoft Office Suite Service Pack 1 (SP1)

AAC Decoder

Acrobat.com

Ad-Aware

Adobe AIR

Adobe Download Manager

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.1.3

Adobe Shockwave Player 11

AIM 6

AiO_Scan

AiOSoftware

Amazon MP3 Downloader 1.0.3

Andrea VoiceCenter

AOL Uninstaller (Choose which Products to Remove)

AOLIcon

Apple Mobile Device Support

Apple Software Update

Audacity 1.2.6

AutoUpdate

Bonjour

Broadcom Management Programs

BufferChm

Camera Access Library

Camera Support Core Library

Camera Window DS

Camera Window DVC

Camera Window MC

Canon Camera Access Library

Canon Camera Support Core Library

Canon Camera Window DC_DV 5 for ZoomBrowser EX

Canon Camera Window DC_DV 6 for ZoomBrowser EX

Canon Camera Window DSLR 5 for ZoomBrowser EX

Canon Camera Window MC 6 for ZoomBrowser EX

Canon MovieEdit Task for ZoomBrowser EX

Canon PhotoRecord

Canon RAW Image Task for ZoomBrowser EX

Canon Utilities PhotoStitch 3.1

Canon ZoomBrowser EX (E)

CCleaner

Conexant D850 56K V.9x DFVc Modem

Copy

Creative Audio Pack

Creative MediaSource 5

CreativeProjects

CreativeProjectsTemplates

CueTour

Dell CinePlayer

Dell Digital Jukebox Driver

Dell DJ Explorer

Dell Game Console

Dell Support 3.2

Dell System Restore

Destinations

Digital Content Portal

Digital Line Detect

Director

DivX Converter

DivX Version Checker

DocProc

Documentation & Support Launcher

DocumentViewer

EducateU

ELIcon

Fax

Games, Music, & Photos Launcher

getPlus® for Adobe

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

H.264 Decoder

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

HP Diagnostic Assistant

HP Image Zone 4.2

HP PSC & OfficeJet 4.2

HP Software Update

HPSystemDiagnostics

InstantShare

IObit Security 360

iTunes

IZArc 3.81

J2SE Runtime Environment 5.0 Update 6

Java Auto Updater

Java 6 Update 23

Learn2 Player (Uninstall Only)

Logitech Desktop Messenger

Logitech MouseWare 9.70

Malwarebytes' Anti-Malware

McAfee Total Protection

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Money 2004

Microsoft Money 2004 System Pack

Microsoft National Language Support Downlevel APIs

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher 2007

Microsoft Office Publisher 2007 Trial

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Windows XP Video Decoder Checkup Utility

Microsoft Works

MKV Splitter

Modem Diagnostic Tool

MovieEdit Task

Mozilla Firefox 4.0.1 (x86 en-US)

MP3Resizer 1.9.1

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Musicmatch® Jukebox

Mysteryville 2

Netflix Movie Viewer

NetWaiting

NVIDIA Drivers

Overland

PhotoGallery

PhotoStitch

PowerDVD 5.7

PrintScreen

ProductContext

QFolder

QuickProjects

QuickTime

RAW Image Task 2.2

Readme

Rhapsody Player Engine

Roxio DLA

Roxio RecordNow Audio

Roxio RecordNow Copy

Roxio RecordNow Data

Scan

Secure Game Player

Security Update for 2007 Microsoft Office System (KB960003)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Office Excel 2007 (KB959997)

Security Update for Microsoft Office OneNote 2007 (KB950130)

Security Update for Microsoft Office PowerPoint 2007 (KB951338)

Security Update for Microsoft Office Word 2007 (KB956358)

Security Update for Office 2007 (KB934062)

Security Update for Publisher 2007 (KB936646)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for the 2007 Microsoft Office System (KB936960)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB975558)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB953155)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

SkinsHP1

Sonic Activation Module

Sonic Advanced Decoder

Sonic Update Manager

Sony Ericsson Media Manager 1.2

Sound Blaster ADVANCED MB Drivers

Sound Blaster Audigy ADVANCED MB

Sound Blaster Audigy ADVANCED MB Product Registration

Spelling Dictionaries Support For Adobe Reader 9

StumbleUpon IE Toolbar

SUPERAntiSpyware

TBS WMP Plug-in

TrayApp

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 Help for Common Features (KB957244)

Update for Office 2007 (KB932080)

Update for Office 2007 (KB934391)

Update for Office 2007 (KB934393)

Update for Windows Internet Explorer 8 (KB982632)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB971029)

VC80CRTRedist - 8.0.50727.762

Viewpoint Manager (Remove Only)

Viewpoint Media Player

WebFldrs XP

WebReg

WildTangent Web Driver

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows Media Format 11 runtime

Windows Media Format Runtime

Windows Media Player 10

Windows Media Player 11

Windows XP Service Pack 3

Zuma’s Revenge!™ - Adventure

.

==== Event Viewer Messages From Past Week ========

.

5/16/2011 12:42:38 PM, error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s).

5/16/2011 12:42:38 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/16/2011 12:40:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

5/15/2011 9:13:13 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.

5/14/2011 9:26:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

5/14/2011 9:24:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

5/14/2011 9:24:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/14/2011 9:24:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 Fips IPSec mfehidk mfetdi2k MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip WS2IFSL

5/14/2011 9:24:07 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

5/14/2011 9:24:07 PM, error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

5/14/2011 9:24:07 PM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

5/14/2011 9:24:07 PM, error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

5/14/2011 9:24:07 PM, error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

5/14/2011 9:24:07 PM, error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

5/14/2011 9:24:07 PM, error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

5/14/2011 9:24:07 PM, error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

5/14/2011 9:24:07 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

5/14/2011 9:24:07 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

5/14/2011 9:24:07 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

5/14/2011 9:24:07 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

5/14/2011 9:24:07 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

5/13/2011 8:08:30 AM, error: Service Control Manager [7000] - The Security Services Driver (x86) service failed to start due to the following error: The system cannot find the file specified.

5/13/2011 8:08:30 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

.

==== End Of File ===========================

Link to comment
Share on other sites

I ran a Super AntiSpyware scan here is the log from that. Any help is greatly appreciated.

 

Thanks

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 05/16/2011 at 05:15 PM

 

Application Version : 4.52.1000

 

Core Rules Database Version : 7067

Trace Rules Database Version: 4879

 

Scan type : Complete Scan

Total Scan Time : 02:12:08

 

Memory items scanned : 593

Memory threats detected : 0

Registry items scanned : 8302

Registry threats detected : 0

File items scanned : 112385

File threats detected : 4

 

Adware.Tracking Cookie

C:\Documents and Settings\Dustin\Cookies\dustin@content.yieldmanager[1].txt

C:\Documents and Settings\Dustin\Cookies\dustin@interchangecorporation.122.2o7[1].txt

C:\Documents and Settings\Dustin\Cookies\dustin@doubleclick[1].txt

C:\Documents and Settings\Dustin\Cookies\dustin@ad.yieldmanager[1].txt

Link to comment
Share on other sites

Hi!

 

How long have you been running the lavasoft and McAfee simultaneously? This is a little to think about: Hosts: 184.95.59.203 www.google.com

Hosts: 184.95.59.204 search.yahoo.com. You appear to be online with two different providers simultaneously

 

You have much running in your machine that doesn't need to be running all the time.

 

I don't believe your machine is infected... only confused.

 

Please run a Hijack this scan and post the log here... without making any fixes. Or you can use the tool in Iobit ASC or Iobit 360 to run a log and copy/post it.

 

 

Thanks!

 

-Mel

Link to comment
Share on other sites

Hi,

 

Thank you for the reply. I downloaded AdAware only two days ago trying to find the google redirect and automatic update problem which I assuming is the lavasoft firewall. I have been running McAfee since I got the computer. Here is the Hijack scan from IOBit

 

Logfile of IObit HijackScan v1.0.2.0

Scan saved at 18:17:19, on 2011-5-16

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\WINDOWS\stsystra.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\DOCUME~1\Dustin\LOCALS~1\Temp\clclean.0001

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\wbem\unsecapp.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\McAfee\MSM\McSmtFwk.exe

C:\Program Files\COMMON~1\McAfee\MSC\McUICnt.exe

c:\Program Files\mcafee.com\agent\McUpdate.exe

c:\Program Files\mcafee\msc\mcupdmgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

 

O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101108134013.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [setDefaultMIDI] MIDIDef.exe

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [MBMon] Rundll32 CTMBHA.DLL,MBMon

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: Research - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}LegitCheckControl.LegitCheck.1 - http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}SoftwareDistribution.MicrosoftUpdateWebControl.1 - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169680657281

O23 - Service: Apple Mobile Device (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Creative Labs Licensing Service (Creative Labs Licensing Service) - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

O23 - Service: Creative Service for CDROM Access (Creative Service for CDROM Access) - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service (Lavasoft Ad-Aware Service) - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: McAfee SiteAdvisor Service (McAfee SiteAdvisor Service) - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 (Pml Driver HPZ12) - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: StumbleUponUpdateService (StumbleUponUpdateService) - stumbleupon.com - C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe

O23 - Service: Viewpoint Manager Service (Viewpoint Manager Service) - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Link to comment
Share on other sites

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*********************************************************

 

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

******************************************************

The log shows you have two anti-virus programs on your computer; Lavasoft Ad-Watch Live! Anti-Virus and McAfee Anti-Virus and Anti-Spyware. One will have to be disabled or uninstalled.

 

You have Viewpoint installed.

 

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

 

More information:

 

* ViewMgr.exe - Useless

* Viewpoint to Plunge Into Adware

 

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

 

* Viewpoint

* Viewpoint Manager

* Viewpoint Media Player

* Viewpoint Toolbar

* Viewpoint Experience Technology

******************************************************

Please read here for more information about WildTangent. Your choice if you want to remove it or not.

 

If you choose to follow my advice, please follow these instructions.

 

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

 

WildTangent Web Driveror anything related to WildTangent.

*********************************************************

Download OTL to your desktop.

 

* Open OTL

* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

 

:OTL
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
dRun: [CY08W456F0] c:\windows\temp\Ojh.exe
Trusted Zone: musicmatch.com\online

:Filesc:\windows\temp\Ojh.exe
:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

 

* Click Run Fix

* OTLI2 may ask to reboot the machine. Please do so if asked.

* Click OK

* A report will open. Copy and Paste that report in your next reply.

*********************************************************

Please download ComboFix http://img7.imageshack.us/img7/4930/combofix.gif from BleepingComputer.com

 

Alternate link: GeeksToGo.com

 

and save it to your Desktop.

It would be easiest to download using Internet Explorer.

If you insist on using Firefox, make sure that your download settings are as follows:

 

* Tools->Options->Main tab

* Set to "Always ask me where to Save the files".

 

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here

Double click ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

http://i424.photobucket.com/albums/pp322/digistar/Query_RC.gif

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://i424.photobucket.com/albums/pp322/digistar/RC_successful.gif

 

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

 

If you have problems with ComboFix usage, see How to use ComboFix

Link to comment
Share on other sites

Hi just in DC

 

Please follow SuperDaves instructions, and post here to the conclusion!!!! Lots of waiting for downloads, running programs,.. posting results.... etc. Just know that if you quit doing/posting... then nobody here can help!

 

Chin up!!!

 

-Mel

Link to comment
Share on other sites

Hi Super Dave,

 

Thank you so much for the help. Currently, I have uninstalled AdAware and should only be running McAfee.

 

I removed all Viewpoint programs and WildTangent.

 

I made sure Malwarebytes was updated and ran a full scan below is the log.

 

I will continue with your instructions and post the appropriate logs as soon as they are available.

 

Again thank you and thank you Mel I appreciate the help!

 

Dustin

 

 

Malwarebytes' Anti-Malware 1.50.1.1100

http://www.malwarebytes.org

 

Database version: 6594

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

5/16/2011 8:55:26 PM

mbam-log-2011-05-16 (20-55-26).txt

 

Scan type: Full scan (C:\|)

Objects scanned: 308411

Time elapsed: 1 hour(s), 23 minute(s), 44 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP186\A0031723.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

Link to comment
Share on other sites

Ran OTL here is the report

 

All processes killed

========== OTL ==========

Error: Unable to interpret <:Filesc:\windows\temp\Ojh.exe> in the

 

current context!

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 59995 bytes

->Temporary Internet Files folder emptied: 184978 bytes

->FireFox cache emptied: 7079839 bytes

 

User: All Users

 

User: Application Data

 

User: Cassie

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Dustin

->Temp folder emptied: 3113773 bytes

->Temporary Internet Files folder emptied: 8664881 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 42409728 bytes

->Google Chrome cache emptied: 6294836 bytes

->Flash cache emptied: 1554 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

 

User: Owner

 

User: Visitor

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 664 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp

 

folder emptied: 12437 bytes

%systemroot%\system32\config\systemprofile\Local

 

Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 2796 bytes

 

Total Files Cleaned = 65.00 mb

 

 

OTL by OldTimer - Version 3.2.22.3 log created on

 

05162011_211108

 

Files\Folders moved on Reboot...

C:\Documents and Settings\Dustin\Local

 

Settings\Temp\clclean.0001.dir.0000\~df394b.tmp moved

 

successfully.

C:\Documents and Settings\Dustin\Local

 

Settings\Temp\clclean.0001.dir.0000\~efe2.tmp moved successfully.

 

Registry entries deleted on Reboot...

Link to comment
Share on other sites

ComboFix 11-05-16.02 - Dustin 05/16/2011 21:27:50.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.530 [GMT -5:00]

Running from: c:\documents and settings\Dustin\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\docume~1\Dustin\LOCALS~1\Temp\clclean.0001.dir.0001\~df394b.tmp

c:\documents and settings\Cassie\HCUpgrade3.1.exe

c:\documents and settings\Cassie\Local Settings\Application Data\{11ECF587-F16C-4ECC-87AD-F9E9AC306BB3}

c:\documents and settings\Cassie\Local Settings\Application Data\{11ECF587-F16C-4ECC-87AD-F9E9AC306BB3}\chrome.manifest

c:\documents and settings\Cassie\Local Settings\Application Data\{11ECF587-F16C-4ECC-87AD-F9E9AC306BB3}\chrome\content\overlay.xul

c:\documents and settings\Cassie\Local Settings\Application Data\{11ECF587-F16C-4ECC-87AD-F9E9AC306BB3}\install.rdf

c:\documents and settings\Cassie\Local Settings\Application Data\{3B2091D9-618B-4648-92DE-AFBBB288BE2F}

c:\documents and settings\Cassie\Local Settings\Application Data\{3B2091D9-618B-4648-92DE-AFBBB288BE2F}\chrome.manifest

c:\documents and settings\Cassie\Local Settings\Application Data\{3B2091D9-618B-4648-92DE-AFBBB288BE2F}\chrome\content\overlay.xul

c:\documents and settings\Cassie\Local Settings\Application Data\{3B2091D9-618B-4648-92DE-AFBBB288BE2F}\install.rdf

c:\documents and settings\Dustin\Application Data\Dyro

c:\documents and settings\Dustin\Application Data\Dyro\kaop.yhu

c:\documents and settings\Dustin\Application Data\Foarh

c:\documents and settings\Dustin\Application Data\Foarh\huyk.boa

c:\documents and settings\Dustin\Application Data\Ibgyab

c:\documents and settings\Dustin\Application Data\Ibgyab\ybitb.oqq

c:\documents and settings\Dustin\Application Data\Ikow

c:\documents and settings\Dustin\Application Data\Ikow\inboy.zeo

c:\documents and settings\Dustin\Application Data\Ivuv

c:\documents and settings\Dustin\Application Data\Ivuv\wiubw.xye

c:\documents and settings\Dustin\Application Data\Nepa

c:\documents and settings\Dustin\Application Data\Nepa\ofoqa.hae

c:\documents and settings\Dustin\Application Data\Roypa

c:\documents and settings\Dustin\Application Data\Roypa\dogi.ara

c:\documents and settings\Dustin\Application Data\Soesmi

c:\documents and settings\Dustin\Application Data\Soesmi\tiim.olu

c:\documents and settings\Dustin\Application Data\Ysgeo

c:\documents and settings\Dustin\Application Data\Ysgeo\dici.afw

c:\documents and settings\Dustin\Application Data\Ywidaf

c:\documents and settings\Dustin\Application Data\Ywidaf\waixl.uhl

c:\documents and settings\Dustin\Local Settings\Application Data\{3AD0FED3-84CF-4FB2-B235-5530AE00E21C}

c:\documents and settings\Dustin\Local Settings\Application Data\{3AD0FED3-84CF-4FB2-B235-5530AE00E21C}\chrome.manifest

c:\documents and settings\Dustin\Local Settings\Application Data\{3AD0FED3-84CF-4FB2-B235-5530AE00E21C}\chrome\content\overlay.xul

c:\documents and settings\Dustin\Local Settings\Application Data\{3AD0FED3-84CF-4FB2-B235-5530AE00E21C}\install.rdf

c:\documents and settings\Dustin\Local Settings\Application Data\{AC20B6C8-D921-4A42-A80B-BED7A6542D58}

c:\documents and settings\Dustin\Local Settings\Application Data\{AC20B6C8-D921-4A42-A80B-BED7A6542D58}\chrome\content\_cfg.js

c:\documents and settings\Dustin\Local Settings\Application Data\{AC20B6C8-D921-4A42-A80B-BED7A6542D58}\chrome\content\overlay.xul

c:\documents and settings\Dustin\Local Settings\Application Data\{AC20B6C8-D921-4A42-A80B-BED7A6542D58}\install.rdf

c:\documents and settings\Dustin\Local Settings\Temp\clclean.0001.dir.0001\~df394b.tmp

c:\documents and settings\Visitor\Local Settings\Application Data\{72EED283-32CC-4B58-AC22-91B6D4515B18}

c:\documents and settings\Visitor\Local Settings\Application Data\{72EED283-32CC-4B58-AC22-91B6D4515B18}\chrome.manifest

c:\documents and settings\Visitor\Local Settings\Application Data\{72EED283-32CC-4B58-AC22-91B6D4515B18}\chrome\content\overlay.xul

c:\documents and settings\Visitor\Local Settings\Application Data\{72EED283-32CC-4B58-AC22-91B6D4515B18}\install.rdf

.

.

((((((((((((((((((((((((( Files Created from 2011-04-17 to 2011-05-17 )))))))))))))))))))))))))))))))

.

.

2011-05-17 02:11 . 2011-05-17 02:11 -------- d-----w- C:\_OTL

2011-05-15 03:58 . 2011-05-15 03:58 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-05-15 02:18 . 2011-05-15 02:18 -------- d-----w- c:\documents and settings\Dustin\Application Data\IObit

2011-05-15 02:18 . 2011-05-15 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2011-05-15 02:18 . 2011-05-15 02:18 -------- d-----w- c:\program files\IObit

2011-05-15 02:15 . 2011-05-15 02:15 -------- d-----w- c:\documents and settings\Dustin\Application Data\SUPERAntiSpyware.com

2011-05-15 02:15 . 2011-05-15 02:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-05-15 02:15 . 2011-05-15 02:15 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-05-14 23:14 . 2011-05-14 23:14 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Sunbelt Software

2011-05-14 23:13 . 2011-05-16 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2011-05-14 23:13 . 2011-05-14 23:13 -------- d-----w- c:\program files\Lavasoft

2011-05-14 22:29 . 2008-04-14 10:41 81920 ------w- c:\windows\system32\ieencode.dll

2011-05-14 21:52 . 2011-05-14 21:52 -------- d-----w- c:\documents and settings\Dustin\Application Data\ElevatedDiagnostics

2011-05-08 06:44 . 2011-05-08 06:45 -------- d-----w- c:\documents and settings\Administrator

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-07 05:33 . 2010-07-23 00:57 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37 . 2003-07-16 20:49 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2003-07-16 20:51 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06 . 2003-07-16 20:51 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06 . 2003-07-16 20:32 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06 . 2003-07-16 20:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 13:18 . 2003-07-16 20:34 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2003-07-16 20:46 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:32 . 2009-04-21 02:15 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2007-08-18 09:06 . 2007-08-18 09:06 774144 -c--a-w- c:\program files\RngInterstitial.dll

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

2011-04-29 15:25 . 2011-04-10 20:21 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-10-14 04:28 . 2010-09-21 05:18 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-27 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-24 7630848]

"MBMon"="CTMBHA.DLL" [2006-06-29 1355042]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 28672]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-24 86016]

"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-3 24576]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CO2 Saver.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CO2 Saver.lnk

backup=c:\windows\pss\CO2 Saver.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk

backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Dustin^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

path=c:\documents and settings\Dustin\Start Menu\Programs\Startup\LimeWire On Startup.lnk

backup=c:\windows\pss\LimeWire On Startup.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

2006-07-17 02:29 389120 ----a-w- c:\progra~1\DELLSU~1\DSAgnt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

2005-10-05 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

2005-12-10 01:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

2004-05-12 20:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2004-02-12 18:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]

2006-02-17 16:59 124520 ----a-w- c:\program files\Common Files\AOL\IPHSend\IPHSend.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-06-05 18:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

2004-04-20 18:24 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]

2003-06-18 18:00 200704 ----a-w- c:\program files\Microsoft Money\System\mnyexpr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2006-08-24 00:12 1617920 ----a-w- c:\windows\system32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-05-26 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-05-27 20:35 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]

2006-02-16 14:20 1118208 ------w- c:\program files\Creative\VoiceCenter\AndreaVC.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\1160199938\\ee\\aolsoftware.exe"=

"c:\\Program Files\\Common Files\\AOL\\1160199938\\ee\\aim6.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=

"c:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

.

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [8/16/2010 8:07 AM 84072]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]

R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [5/14/2011 9:18 PM 312152]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/1/2009 6:34 PM 88176]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/16/2010 8:07 AM 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/16/2010 8:07 AM 271480]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [8/16/2010 8:07 AM 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [8/16/2010 8:07 AM 141792]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [8/16/2010 8:07 AM 55840]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [8/16/2010 8:07 AM 313288]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [8/16/2010 8:07 AM 88544]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/23/2010 7:17 PM 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/23/2010 7:17 PM 135664]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [8/16/2010 8:07 AM 88544]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/16/2010 8:07 AM 84264]

S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [12/8/2009 5:41 PM 120232]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

2011-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-24 00:17]

.

2011-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-24 00:17]

.

2011-05-17 c:\windows\Tasks\User_Feed_Synchronization-{C27325E1-77BB-4ADE-8959-60FC087056DF}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.hotmail.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = localhost

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage

Trusted Zone: musicmatch.com\online

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - c:\documents and settings\Dustin\Application Data\Mozilla\Firefox\Profiles\qnl1s8x2.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.huffingtonpost.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-Adware_ProNET - c:\program files\AdwarePro\Adware_Pro.exe

MSConfigStartUp-{054A0513-3E59-4c06-B932-D5A2EBF46C55} - c:\docume~1\Dustin\LOCALS~1\Temp\Google Toolbar\gtb326.tmp.exe

AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Dustin\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\octoshape\octoshape.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-16 21:34

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(972)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

Completion time: 2011-05-16 21:37:04

ComboFix-quarantined-files.txt 2011-05-17 02:37

.

Pre-Run: 19,959,554,048 bytes free

Post-Run: 19,894,542,336 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

.

- - End Of File - - 7D1A6D9DE5C0413FD981F073126F7099

Link to comment
Share on other sites

I am required to inform you about this.The backdoor trojan was removed successfully but it's difficult to say how much damage was done. After reading this, please let me know if you want to continue with the cleaning.

 

One or more of the identified infections is a backdoor trojan.

 

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

Read this article: Danger: Remote Access Trojans.

 

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one! If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach.

 

I would counsel you to disconnect this PC from the Internet immediately.

 

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

 

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

 

When Should I Format, How Should I Reinstall?

 

We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.

 

Should you have any questions, please feel free to ask.

 

Please let us know what you have decided to do in your next post

Link to comment
Share on other sites

SuperDave,

 

Even though that's not very good news. I would like to go ahead and clean this computer. Is there anyway to tell approx. when I acquired the backdoor trojan? I have taken steps to protect my passwords, etc.

 

What would the next step be?

 

Thanks,

 

Dustin

Link to comment
Share on other sites

Is there anyway to tell approx. when I acquired the backdoor trojan?

It's impossible to tell.

 

P2P - I see you have P2P software installed on your machine ( LimeWire and eMule). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

 

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

 

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

***********************************************

Re-running ComboFix to remove infections:

 

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::
     
    DDS::
    Trusted Zone: musicmatch.com\online
     
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=-
     
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=-
     
  • Save this as CFScript.txt, in the same location as ComboFix.exe
     
    http://i424.photobucket.com/albums/pp322/digistar/cfscriptb4.gif
     
  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.

****************************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

Link 2

 

* Unzip SecurityCheck.zip and a folder named Security Check should appear.

* Open the Security Check folder and double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

 

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Link to comment
Share on other sites

SuperDave,

 

I have not used LimeWire in years and did not even know I had eMule on this computer. I'm not even familiar with eMule. Anyway, I went to remove them using Add or Remove Programs and neither one is on the list is there another way to locate/remove them?

 

I will be performing the suggestions you made and update you with the progress.

 

Thanks again,

 

Dustin

Link to comment
Share on other sites

You can look for them in HJT. I didn't see them in the DDS log but they showed up in ComboFix. They could be just remnants left over.

 

Delete An Uninstall Entry

 

•Start HijackThis

 

•Click on the Open the Misc Tools section

 

•Click on the Open Uninstall Manager button.

 

•Highlight the entry you want to remove.

•Click Delete this entry

Link to comment
Share on other sites

ComboFix 11-05-17.01 - Dustin 05/17/2011 20:54:26.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.417 [GMT -5:00]

Running from: c:\documents and settings\Dustin\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Dustin\Desktop\CFScript.txt

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((( Files Created from 2011-04-18 to 2011-05-18 )))))))))))))))))))))))))))))))

.

.

2011-05-17 02:11 . 2011-05-17 02:11 -------- d-----w- C:\_OTL

2011-05-15 03:58 . 2011-05-15 03:58 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-05-15 02:18 . 2011-05-15 02:18 -------- d-----w- c:\documents and settings\Dustin\Application Data\IObit

2011-05-15 02:18 . 2011-05-15 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2011-05-15 02:18 . 2011-05-15 02:18 -------- d-----w- c:\program files\IObit

2011-05-15 02:15 . 2011-05-15 02:15 -------- d-----w- c:\documents and settings\Dustin\Application Data\SUPERAntiSpyware.com

2011-05-15 02:15 . 2011-05-15 02:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-05-15 02:15 . 2011-05-15 02:15 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-05-14 23:14 . 2011-05-14 23:14 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Sunbelt Software

2011-05-14 23:13 . 2011-05-16 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2011-05-14 23:13 . 2011-05-14 23:13 -------- d-----w- c:\program files\Lavasoft

2011-05-14 22:29 . 2008-04-14 10:41 81920 ------w- c:\windows\system32\ieencode.dll

2011-05-14 21:52 . 2011-05-14 21:52 -------- d-----w- c:\documents and settings\Dustin\Application Data\ElevatedDiagnostics

2011-05-08 06:44 . 2011-05-08 06:45 -------- d-----w- c:\documents and settings\Administrator

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-07 05:33 . 2010-07-23 00:57 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37 . 2003-07-16 20:49 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2003-07-16 20:51 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06 . 2003-07-16 20:51 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06 . 2003-07-16 20:32 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06 . 2003-07-16 20:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 13:18 . 2003-07-16 20:34 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2003-07-16 20:46 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:32 . 2009-04-21 02:15 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2007-08-18 09:06 . 2007-08-18 09:06 774144 -c--a-w- c:\program files\RngInterstitial.dll

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

2011-04-29 15:25 . 2011-04-10 20:21 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-10-14 04:28 . 2010-09-21 05:18 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-27 68856]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-24 7630848]

"MBMon"="CTMBHA.DLL" [2006-06-29 1355042]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 28672]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-24 86016]

"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-3 24576]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CO2 Saver.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CO2 Saver.lnk

backup=c:\windows\pss\CO2 Saver.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk

backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Dustin^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

path=c:\documents and settings\Dustin\Start Menu\Programs\Startup\LimeWire On Startup.lnk

backup=c:\windows\pss\LimeWire On Startup.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

2006-07-17 02:29 389120 ----a-w- c:\progra~1\DELLSU~1\DSAgnt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

2005-10-05 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

2005-12-10 01:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

2004-05-12 20:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2004-02-12 18:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]

2006-02-17 16:59 124520 ----a-w- c:\program files\Common Files\AOL\IPHSend\IPHSend.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-06-05 18:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

2004-04-20 18:24 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]

2003-06-18 18:00 200704 ----a-w- c:\program files\Microsoft Money\System\mnyexpr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2006-08-24 00:12 1617920 ----a-w- c:\windows\system32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-05-26 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-05-27 20:35 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]

2006-02-16 14:20 1118208 ------w- c:\program files\Creative\VoiceCenter\AndreaVC.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\1160199938\\ee\\aolsoftware.exe"=

"c:\\Program Files\\Common Files\\AOL\\1160199938\\ee\\aim6.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=

"c:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

.

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [8/16/2010 8:07 AM 84072]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]

R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [5/14/2011 9:18 PM 312152]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/1/2009 6:34 PM 88176]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/16/2010 8:07 AM 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/16/2010 8:07 AM 271480]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [8/16/2010 8:07 AM 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [8/16/2010 8:07 AM 141792]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [8/16/2010 8:07 AM 55840]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [8/16/2010 8:07 AM 313288]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [8/16/2010 8:07 AM 88544]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/23/2010 7:17 PM 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/23/2010 7:17 PM 135664]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [8/16/2010 8:07 AM 88544]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/16/2010 8:07 AM 84264]

S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [12/8/2009 5:41 PM 120232]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-24 00:17]

.

2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-24 00:17]

.

2011-05-18 c:\windows\Tasks\User_Feed_Synchronization-{C27325E1-77BB-4ADE-8959-60FC087056DF}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.hotmail.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = localhost

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - c:\documents and settings\Dustin\Application Data\Mozilla\Firefox\Profiles\qnl1s8x2.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.huffingtonpost.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-17 21:06

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(968)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(3900)

c:\windows\system32\WININET.dll

c:\progra~1\mcafee\SITEAD~1\saHook.dll

c:\progra~1\Logitech\MOUSEW~1\SYSTEM\LGMOUSHK.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

c:\windows\system32\CTsvcCDA.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\windows\system32\fxssvc.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\windows\system32\rundll32.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\windows\system32\Rundll32.exe

c:\docume~1\Dustin\LOCALS~1\Temp\clclean.0001

c:\windows\stsystra.exe

c:\program files\Common Files\Java\Java Update\jucheck.exe

.

**************************************************************************

.

Completion time: 2011-05-17 21:13:31 - machine was rebooted

ComboFix-quarantined-files.txt 2011-05-18 02:13

ComboFix2.txt 2011-05-17 02:37

.

Pre-Run: 19,841,196,032 bytes free

Post-Run: 19,821,064,192 bytes free

.

- - End Of File - - 97859C666AFB67DE93ED7A5403C6E37B

Link to comment
Share on other sites

Results of screen317's Security Check version 0.99.11

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

McAfee Total Protection

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 23

Out of date Java installed!

Adobe Flash Player 10.2.153.1

Adobe Reader 9.1.3

Out of date Adobe Reader installed!

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

Link to comment
Share on other sites

Update Your Java (JRE)

 

Old versions of Java have vulnerabilities that malware can use to infect your system.

 

First Verify your Java Version

 

If there are any other version(s) installed then update now.

 

Get the new version (if needed)

 

If your version is out of date install the newest version of the Sun Java Runtime Environment.

 

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

 

Be sure to close ALL open web browsers before starting the installation.

 

Remove any old versions

 

1. Download JavaRa and unzip the file to your Desktop.

2. Open JavaRA.exe and choose Remove Older Versions

3. Once complete exit JavaRA.

 

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

****************************************************

Please download the newest version of Adobe Acrobat Reader from Adobe.com

 

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.

Go to the Control Panel and enter Add or Remove Programs.

Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

 

Once old versions are gone, please install the newest version.

****************************************************

SysProt Antirootkit

 

Download

SysProt Antirootkit from the link below (you will find it at the bottom

of the page under attachments, or you can get it from one of the

mirrors).

 

http://sites.google.com/site/sysprotantirootkit/

 

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.
    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

    [*]At the bottom of the page

    • Hidden Objects Only << Selected

    [*]Click on the Create Log button on the bottom right.

    [*]After a few seconds a new window should appear.

    [*]Select Scan Root Drive. Click on the Start button.

    [*]When it is complete a new window will appear to indicate that the scan is finished.

    [*]The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Link to comment
Share on other sites

SysProt AntiRootkit v1.0.1.0

by swatkat

 

******************************************************************************************

******************************************************************************************

 

No Hidden Processes found

 

******************************************************************************************

******************************************************************************************

Kernel Modules:

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys

Service Name: ---

Module Base: F3685000

Module End: F369D000

Hidden: Yes

 

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS

Service Name: ---

Module Base: F7A37000

Module End: F7A39000

Hidden: Yes

 

******************************************************************************************

******************************************************************************************

No SSDT Hooks found

 

******************************************************************************************

******************************************************************************************

Kernel Hooks:

Hooked Function: ZwYieldExecution

At Address: 8050225C

Jump To: F72B4294

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwUnmapViewOfSection

At Address: 805A83DA

Jump To: F72B42C0

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwTerminateProcess

At Address: 805C8DA6

Jump To: F72B42D4

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwSetValueKey

At Address: 8061925E

Jump To: F72B426A

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwSetSecurityObject

At Address: 805B6114

Jump To: F72B4280

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwRenameKey

At Address: 8061A70E

Jump To: F72B423E

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwOpenThread

At Address: 805C1684

Jump To: F72B41EC

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwOpenProcess

At Address: 805C13F8

Jump To: F72B41D8

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwOpenKey

At Address: 8061C0CA

Jump To: F72B4200

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwMapViewOfSection

At Address: 805A75C4

Jump To: F72B42AA

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwDeleteValueKey

At Address: 8061B358

Jump To: F72B4254

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwDeleteKey

At Address: 8061B188

Jump To: F72B4228

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwCreateKey

At Address: 8061ACEC

Jump To: F72B4214

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

******************************************************************************************

******************************************************************************************

No hidden files/folders found

Link to comment
Share on other sites

SuperDave,

 

The above log may not be complete I had clicked 'Okay' while it was running. I ran a second scan and let the dialog box close itself below is that scan.

 

 

SysProt AntiRootkit v1.0.1.0

by swatkat

 

******************************************************************************************

******************************************************************************************

 

No Hidden Processes found

 

******************************************************************************************

******************************************************************************************

Kernel Modules:

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys

Service Name: ---

Module Base: F3685000

Module End: F369D000

Hidden: Yes

 

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS

Service Name: ---

Module Base: F7A37000

Module End: F7A39000

Hidden: Yes

 

******************************************************************************************

******************************************************************************************

No SSDT Hooks found

 

******************************************************************************************

******************************************************************************************

Kernel Hooks:

Hooked Function: ZwYieldExecution

At Address: 8050225C

Jump To: F72B4294

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwUnmapViewOfSection

At Address: 805A83DA

Jump To: F72B42C0

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwTerminateProcess

At Address: 805C8DA6

Jump To: F72B42D4

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwSetValueKey

At Address: 8061925E

Jump To: F72B426A

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwSetSecurityObject

At Address: 805B6114

Jump To: F72B4280

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwRenameKey

At Address: 8061A70E

Jump To: F72B423E

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwOpenThread

At Address: 805C1684

Jump To: F72B41EC

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwOpenProcess

At Address: 805C13F8

Jump To: F72B41D8

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwOpenKey

At Address: 8061C0CA

Jump To: F72B4200

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwMapViewOfSection

At Address: 805A75C4

Jump To: F72B42AA

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwDeleteValueKey

At Address: 8061B358

Jump To: F72B4254

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwDeleteKey

At Address: 8061B188

Jump To: F72B4228

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwCreateKey

At Address: 8061ACEC

Jump To: F72B4214

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

******************************************************************************************

******************************************************************************************

Ports:

Local Address: DUOTRON2006:1337

Remote Address: BADGER.STUMBLEUPON.COM:HTTP

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: DUOTRON2006:1336

Remote Address: 174.37.22.174-STATIC.REVERSE.SOFTLAYER.COM:HTTP

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: DUOTRON2006:1335

Remote Address: 174.37.22.174-STATIC.REVERSE.SOFTLAYER.COM:HTTP

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: DUOTRON2006:1333

Remote Address: 174.37.22.174-STATIC.REVERSE.SOFTLAYER.COM:HTTP

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: DUOTRON2006:1332

Remote Address: 174.37.22.174-STATIC.REVERSE.SOFTLAYER.COM:HTTP

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: DUOTRON2006:1329

Remote Address: 174.37.22.174-STATIC.REVERSE.SOFTLAYER.COM:HTTP

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: DUOTRON2006:1328

Remote Address: 174.37.22.174-STATIC.REVERSE.SOFTLAYER.COM:HTTP

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: DUOTRON2006:1327

Remote Address: 174.37.22.174-STATIC.REVERSE.SOFTLAYER.COM:HTTP

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: DUOTRON2006:1326

Remote Address: 174.37.22.174-STATIC.REVERSE.SOFTLAYER.COM:HTTP

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: DUOTRON2006:1325

Remote Address: 174.37.22.174-STATIC.REVERSE.SOFTLAYER.COM:HTTP

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: DUOTRON2006:1324

Remote Address: 174.37.22.174-STATIC.REVERSE.SOFTLAYER.COM:HTTP

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: DUOTRON2006:1322

Remote Address: 174.37.22.174-STATIC.REVERSE.SOFTLAYER.COM:HTTP

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: DUOTRON2006:1320

Remote Address: GW-IN-F100.1E100.NET:HTTP

Type: TCP

Process: C:\Program Files\Mozilla Firefox\firefox.exe

State: ESTABLISHED

 

Local Address: DUOTRON2006:NETBIOS-SSN

Remote Address: 0.0.0.0:0

Type: TCP

Process: System

State: LISTENING

 

Local Address: DUOTRON2006:27015

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

State: LISTENING

 

Local Address: DUOTRON2006:5354

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Program Files\Bonjour\mDNSResponder.exe

State: LISTENING

 

Local Address: DUOTRON2006:5152

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Program Files\Java\jre6\bin\jqs.exe

State: LISTENING

 

Local Address: DUOTRON2006:1067

Remote Address: LOCALHOST:1066

Type: TCP

Process: C:\Program Files\Mozilla Firefox\firefox.exe

State: ESTABLISHED

 

Local Address: DUOTRON2006:1066

Remote Address: LOCALHOST:1067

Type: TCP

Process: C:\Program Files\Mozilla Firefox\firefox.exe

State: ESTABLISHED

 

Local Address: DUOTRON2006:1065

Remote Address: LOCALHOST:1064

Type: TCP

Process: C:\Program Files\Mozilla Firefox\firefox.exe

State: ESTABLISHED

 

Local Address: DUOTRON2006:1064

Remote Address: LOCALHOST:1065

Type: TCP

Process: C:\Program Files\Mozilla Firefox\firefox.exe

State: ESTABLISHED

 

Local Address: DUOTRON2006:1034

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\WINDOWS\system32\alg.exe

State: LISTENING

 

Local Address: DUOTRON2006:6646

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

State: LISTENING

 

Local Address: DUOTRON2006:2869

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\WINDOWS\system32\svchost.exe

State: LISTENING

 

Local Address: DUOTRON2006:MICROSOFT-DS

Remote Address: 0.0.0.0:0

Type: TCP

Process: System

State: LISTENING

 

Local Address: DUOTRON2006:EPMAP

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\WINDOWS\system32\svchost.exe

State: LISTENING

 

Local Address: DUOTRON2006:6646

Remote Address: NA

Type: UDP

Process: C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

State: NA

 

Local Address: DUOTRON2006:5353

Remote Address: NA

Type: UDP

Process: C:\Program Files\Bonjour\mDNSResponder.exe

State: NA

 

Local Address: DUOTRON2006:1900

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\svchost.exe

State: NA

 

Local Address: DUOTRON2006:138

Remote Address: NA

Type: UDP

Process: System

State: NA

 

Local Address: DUOTRON2006:NETBIOS-NS

Remote Address: NA

Type: UDP

Process: System

State: NA

 

Local Address: DUOTRON2006:123

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\svchost.exe

State: NA

 

Local Address: DUOTRON2006:1900

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\svchost.exe

State: NA

 

Local Address: DUOTRON2006:1255

Remote Address: NA

Type: UDP

Process: C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe

State: NA

 

Local Address: DUOTRON2006:1045

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\explorer.exe

State: NA

 

Local Address: DUOTRON2006:1043

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\svchost.exe

State: NA

 

Local Address: DUOTRON2006:123

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\svchost.exe

State: NA

 

Local Address: DUOTRON2006:61789

Remote Address: NA

Type: UDP

Process: C:\Program Files\Bonjour\mDNSResponder.exe

State: NA

 

Local Address: DUOTRON2006:4500

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\lsass.exe

State: NA

 

Local Address: DUOTRON2006:1025

Remote Address: NA

Type: UDP

Process: C:\Program Files\Bonjour\mDNSResponder.exe

State: NA

 

Local Address: DUOTRON2006:500

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\lsass.exe

State: NA

 

Local Address: DUOTRON2006:MICROSOFT-DS

Remote Address: NA

Type: UDP

Process: System

State: NA

 

******************************************************************************************

******************************************************************************************

Hidden files/folders:

Object: C:\Documents and Settings\Cassie\Local Settings\Application Data\Microsoft\Messenger\miscreant29@gmail.com\SharingMetadata\beautifulslumber@hotmail.com\DFSR\Staging\CS{2B13AEDE-CC4B-A89B-8465-DD67590F0789}\01\10-{2B13AEDE-CC4B-A89B-8465-DD67590F0789}-v1-{

Status: Hidden

 

Object: C:\Documents and Settings\Cassie\Local Settings\Application Data\Microsoft\Messenger\miscreant29@gmail.com\SharingMetadata\beautifulslumber@hotmail.com\DFSR\Staging\CS{2B13AEDE-CC4B-A89B-8465-DD67590F0789}\56\1256-{BB8AABA5-571D-4A60-8475-ED145FE0D0CC}-v1

Status: Hidden

 

Object: C:\Documents and Settings\Cassie\Local Settings\Application Data\Microsoft\Messenger\miscreant29@gmail.com\SharingMetadata\beautifulslumber@hotmail.com\DFSR\Staging\CS{2B13AEDE-CC4B-A89B-8465-DD67590F0789}\57\1257-{BB8AABA5-571D-4A60-8475-ED145FE0D0CC}-v1

Status: Hidden

 

Object: C:\Documents and Settings\Cassie\Local Settings\Application Data\Microsoft\Messenger\miscreant29@gmail.com\SharingMetadata\beautifulslumber@hotmail.com\DFSR\Staging\CS{2B13AEDE-CC4B-A89B-8465-DD67590F0789}\58\1258-{BB8AABA5-571D-4A60-8475-ED145FE0D0CC}-v1

Status: Hidden

 

Object: C:\Documents and Settings\Cassie\Local Settings\Application Data\Microsoft\Messenger\miscreant29@gmail.com\SharingMetadata\beautifulslumber@hotmail.com\DFSR\Staging\CS{2B13AEDE-CC4B-A89B-8465-DD67590F0789}\61\1161-{BB8AABA5-571D-4A60-8475-ED145FE0D0CC}-v1

Status: Hidden

 

Object: C:\Documents and Settings\Cassie\Local Settings\Application Data\Microsoft\Messenger\miscreant29@gmail.com\SharingMetadata\beautifulslumber@hotmail.com\DFSR\Staging\CS{2B13AEDE-CC4B-A89B-8465-DD67590F0789}\62\1162-{BB8AABA5-571D-4A60-8475-ED145FE0D0CC}-v1

Status: Hidden

 

Object: C:\Documents and Settings\Cassie\Local Settings\Application Data\Microsoft\Messenger\miscreant29@gmail.com\SharingMetadata\beautifulslumber@hotmail.com\DFSR\Staging\CS{2B13AEDE-CC4B-A89B-8465-DD67590F0789}\63\1263-{BB8AABA5-571D-4A60-8475-ED145FE0D0CC}-v1

Status: Hidden

 

Object: C:\Documents and Settings\Cassie\Local Settings\Application Data\Microsoft\Messenger\miscreant29@gmail.com\SharingMetadata\beautifulslumber@hotmail.com\DFSR\Staging\CS{2B13AEDE-CC4B-A89B-8465-DD67590F0789}\64\1264-{BB8AABA5-571D-4A60-8475-ED145FE0D0CC}-v1

Status: Hidden

 

Object: C:\Documents and Settings\Cassie\Local Settings\Application Data\Microsoft\Messenger\miscreant29@gmail.com\SharingMetadata\beautifulslumber@hotmail.com\DFSR\Staging\CS{2B13AEDE-CC4B-A89B-8465-DD67590F0789}\67\1267-{BB8AABA5-571D-4A60-8475-ED145FE0D0CC}-v1

Status: Hidden

 

Object: C:\Qoobox\BackEnv\AppData.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Cache.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Cookies.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Desktop.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Favorites.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\History.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Music.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\NetHood.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Personal.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Pictures.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Programs.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Recent.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\SendTo.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\SetPath.bat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\StartUp.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\SysPath.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Templates.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\VikPev00

Status: Access denied

Link to comment
Share on other sites

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

Link to comment
Share on other sites

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP144\A0025722.dll a variant of Win32/Kryptik.MHG trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP185\A0031673.exe a variant of Win32/Kryptik.FEE trojan cleaned by deleting - quarantined

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...