Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

kingtel

kingtel

Recommended Posts

Superdave Newbie

Superdave

Posted
Posted

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*********************************************************

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

*******************************************

 

 

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

*********************************************

Download DDS from HERE or HERE and save it to your desktop.

 

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

 

* XP users Double click on dds to run it.

* If your antivirus or firewall try to block DDS then please allow it to run.

* When finished DDS will open two (2) logs.

 

1) DDS.txt

2) Attach.txt

 

* Save both logs to your desktop.

* Please copy and paste the entire contents of both logs in your next reply.

 

Note: DDS will instruct you to post the Attach.txt log as an attachment.

Please just post it as you would any other log by copying and pasting it into the reply.

Link to comment
Share on other sites
kingtel Newbie

kingtel

Posted
  • Author
Posted

Hi Dave,

Here are the copies of the logs you requested. I messed up on my first scan with SuperAntispyware so the log is from my second scan.

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 07/12/2011 at 09:11 AM

 

Application Version : 4.55.1000

 

Core Rules Database Version : 7397

Trace Rules Database Version: 5209

 

Scan type : Complete Scan

Total Scan Time : 01:48:00

 

Memory items scanned : 597

Memory threats detected : 0

Registry items scanned : 7503

Registry threats detected : 0

File items scanned : 111137

File threats detected : 6

 

Adware.Tracking Cookie

C:\Documents and Settings\Ron\Cookies\ron@content.yieldmanager[1].txt

C:\Documents and Settings\Ron\Cookies\ron@www.cpcadnet[2].txt

C:\Documents and Settings\Ron\Cookies\ron@ad.wsod[2].txt

C:\Documents and Settings\Ron\Cookies\ron@ad.yieldmanager[2].txt

C:\Documents and Settings\Ron\Cookies\ron@www.cpcadnet[1].txt

C:\Documents and Settings\Ron\Cookies\ron@ads.pointroll[2].txt

 

 

Malwarebytes' Anti-Malware 1.50.1.1100

http://www.malwarebytes.org

 

Database version: 7088

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

7/12/2011 11:05:01 AM

mbam-log-2011-07-12 (11-05-01).txt

 

Scan type: Full scan (C:\|)

Objects scanned: 317907

Time elapsed: 1 hour(s), 28 minute(s), 57 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 5

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

c:\program files\Adobe\photoshop elements 3.0\moxplugins\usbmanager.mox (Trojan.Agent) -> Quarantined and deleted successfully.

c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

c:\system volume information\_restore{cca15f78-7193-4ca6-8115-2b570dd6546c}\RP293\A0036713.dll (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\system volume information\_restore{cca15f78-7193-4ca6-8115-2b570dd6546c}\RP293\A0036714.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\documents and settings\Ron\application data\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.

 

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Ron at 11:13:01 on 2011-07-12

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.433 [GMT -7:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Application Updater\ApplicationUpdater.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\WINDOWS\system32\mfevtps.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe

C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\IObit\IObit Malware Fighter\IMF.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page =

uStart Page = hxxp://att.net

uWindow Title = Windows Internet Explorer provided by Yahoo!

uInternet Settings,ProxyOverride = *.local

uSearchAssistant =

mSearchAssistant =

uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.5\iobitToolbarIE.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.5\iobitToolbarIE.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110510024056.dll

BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL

BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.5\iobitToolbarIE.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [PhotoshopElements8SyncAgent] c:\program files\adobe\elements 9 organizer\ElementsOrganizerSyncAgent.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [cdloader] "c:\documents and settings\ron\application data\mjusbsp\cdloader2.exe" MAGICJACK

uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe

mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [searchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"

mRun: [iObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

uPolicies-explorer: NoInstrumentation = 1 (0x1)

IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6398/mcfscan.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{92CF94E8-621E-410F-BD02-0031EA7D1852} : DhcpNameServer = 10.0.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

Hosts: 184.107.64.187 http://www.google.com

Hosts: 209.172.56.118 search.yahoo.com

Hosts: 209.172.56.118 http://www.bing.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\ron\application data\mozilla\firefox\profiles\jkklrtmq.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=380920&p=

FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-2-28 387480]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-2-28 84200]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]

R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]

R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-4-24 353168]

R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-6-24 393112]

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]

R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-6-13 821080]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-10-1 203280]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-28 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-28 271480]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-28 271480]

R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-2-28 171168]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-2-28 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-2-28 141792]

R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-2-28 56064]

R3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [2011-7-9 239472]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-2-28 153280]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-2-28 52320]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-2-28 314088]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-2-28 88736]

R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\RegFilter.sys [2011-7-9 30368]

R3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\UrlFilter.sys [2011-7-9 16080]

S2 0132311309919596mcinstcleanup;McAfee Application Installer Cleanup (0132311309919596);c:\windows\temp\013231~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\013231~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-2-28 88736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-2-28 84488]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-3-19 14336]

.

=============== Created Last 30 ================

.

2011-07-12 16:32:28 -------- d-----w- c:\documents and settings\ron\application data\Malwarebytes

2011-07-12 16:31:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-12 16:31:50 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-07-12 16:31:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-12 16:31:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-12 04:14:55 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-07-12 01:50:45 -------- d-----w- c:\documents and settings\ron\application data\SUPERAntiSpyware.com

2011-07-12 01:50:45 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-07-10 01:29:19 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-07-10 01:25:48 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro

2011-07-10 00:41:54 -------- d-----w- c:\documents and settings\ron\application data\Search Settings

2011-07-10 00:41:39 -------- d-----w- c:\program files\IObit Toolbar

2011-07-10 00:41:39 -------- d-----w- c:\program files\common files\Spigot

2011-07-10 00:41:39 -------- d-----w- c:\program files\Application Updater

2011-07-06 00:58:24 -------- d-----w- c:\windows\McAfee.com

2011-07-06 00:09:40 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-07-06 00:09:40 -------- d-----w- c:\windows\system32\wbem\Repository

2011-06-26 16:58:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-17 10:03:12 -------- d-----w- c:\windows\SxsCaPendDel

2011-06-16 18:47:06 105472 ------w- c:\windows\system32\dllcache\mup.sys

.

==================== Find3M ====================

.

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11:11 43520 ------w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01:22 385024 ------w- c:\windows\system32\html.iec

2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-14 21:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-04-14 21:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-04-14 21:01:38 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-04-14 21:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-04-14 21:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-04-14 21:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-04-14 21:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-04-14 21:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-04-14 21:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-04-14 21:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-04-14 21:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe

.

============= FINISH: 11:15:46.37 ===============

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-23.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 9/30/2010 6:41:24 PM

System Uptime: 7/12/2011 11:07:58 AM (0 hours ago)

.

Motherboard: Dell Inc. | | 0CH776

Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 145 GiB total, 104.105 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is FIXED (NTFS) - 1397 GiB total, 1372.68 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: TI Technologies Inc.

Description: RADEON X300 Series Secondary

Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_03031002&REV_00\4&16EC1A1&0&0108

Manufacturer: ATI Technologies Inc.

Name: RADEON X300 Series Secondary

PNP Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_03031002&REV_00\4&16EC1A1&0&0108

Service: ati2mtag

.

==== System Restore Points ===================

.

RP208: 4/13/2011 10:58:30 PM - System Checkpoint

RP209: 4/15/2011 7:49:06 AM - System Checkpoint

RP210: 4/16/2011 3:00:23 AM - Software Distribution Service 3.0

RP211: 4/17/2011 3:00:21 AM - Software Distribution Service 3.0

RP212: 4/17/2011 11:42:51 AM - Installed %1 %2.

RP213: 4/17/2011 11:43:10 AM - Installed Windows XP Update for Microsoft Windows (KB971513).

RP214: 4/17/2011 11:44:12 AM - Installed %1 %2.

RP215: 4/18/2011 11:48:40 AM - System Checkpoint

RP216: 4/19/2011 2:13:21 PM - System Checkpoint

RP217: 4/20/2011 2:50:47 PM - System Checkpoint

RP218: 4/21/2011 3:00:18 AM - Software Distribution Service 3.0

RP219: 4/22/2011 3:28:09 AM - System Checkpoint

RP220: 4/23/2011 4:17:38 AM - System Checkpoint

RP221: 4/24/2011 4:27:50 AM - System Checkpoint

RP222: 4/25/2011 4:53:58 AM - System Checkpoint

RP223: 4/26/2011 5:05:58 AM - System Checkpoint

RP224: 4/27/2011 7:40:07 AM - System Checkpoint

RP225: 4/27/2011 6:05:07 PM - Software Distribution Service 3.0

RP226: 4/28/2011 9:18:03 PM - System Checkpoint

RP227: 4/29/2011 9:18:26 PM - System Checkpoint

RP228: 4/30/2011 10:06:29 PM - System Checkpoint

RP229: 5/1/2011 11:20:33 PM - System Checkpoint

RP230: 5/2/2011 11:33:19 PM - System Checkpoint

RP231: 5/4/2011 2:31:25 AM - System Checkpoint

RP232: 5/5/2011 3:06:21 AM - System Checkpoint

RP233: 5/6/2011 3:42:21 AM - System Checkpoint

RP234: 5/7/2011 4:23:12 AM - System Checkpoint

RP235: 5/8/2011 8:41:18 PM - Installed Windows XP KB2492386.

RP236: 5/10/2011 8:23:07 AM - System Checkpoint

RP237: 5/11/2011 8:56:48 AM - System Checkpoint

RP238: 5/12/2011 3:00:17 AM - Software Distribution Service 3.0

RP239: 5/13/2011 3:44:22 AM - System Checkpoint

RP240: 5/14/2011 3:46:22 AM - System Checkpoint

RP241: 5/15/2011 5:22:23 AM - System Checkpoint

RP242: 5/16/2011 5:22:38 AM - System Checkpoint

RP243: 5/17/2011 5:30:16 AM - System Checkpoint

RP244: 5/18/2011 6:42:10 AM - System Checkpoint

RP245: 5/18/2011 9:18:48 PM - Removed DESI Labeling System

RP246: 5/18/2011 9:19:41 PM - Installed DESI Labeling System

RP247: 5/19/2011 10:42:44 PM - System Checkpoint

RP248: 5/20/2011 11:34:02 PM - System Checkpoint

RP249: 5/22/2011 1:24:23 AM - System Checkpoint

RP250: 5/23/2011 1:29:18 AM - System Checkpoint

RP251: 5/24/2011 2:06:10 AM - System Checkpoint

RP252: 5/25/2011 3:37:38 AM - System Checkpoint

RP253: 5/26/2011 4:37:39 AM - System Checkpoint

RP254: 5/26/2011 8:07:36 PM - Restore Operation

RP255: 5/26/2011 9:24:51 PM - Restore Operation

RP256: 5/27/2011 6:05:23 PM - Restore Operation

RP257: 5/27/2011 6:36:54 PM - Restore Operation

RP258: 5/28/2011 9:10:03 PM - System Checkpoint

RP259: 5/30/2011 2:06:15 AM - System Checkpoint

RP260: 5/31/2011 2:15:57 AM - System Checkpoint

RP261: 6/1/2011 8:49:00 AM - System Checkpoint

RP262: 6/2/2011 9:08:15 AM - System Checkpoint

RP263: 6/3/2011 10:07:05 AM - System Checkpoint

RP264: 6/4/2011 12:55:41 PM - System Checkpoint

RP265: 6/5/2011 2:24:29 PM - System Checkpoint

RP266: 6/6/2011 10:33:13 PM - System Checkpoint

RP267: 6/8/2011 12:03:07 AM - System Checkpoint

RP268: 6/9/2011 7:28:46 AM - System Checkpoint

RP269: 6/10/2011 9:55:52 AM - System Checkpoint

RP270: 6/11/2011 10:31:30 AM - System Checkpoint

RP271: 6/12/2011 10:32:06 AM - System Checkpoint

RP272: 6/13/2011 12:36:21 PM - System Checkpoint

RP273: 6/14/2011 6:13:14 PM - System Checkpoint

RP274: 6/15/2011 7:55:42 PM - System Checkpoint

RP275: 6/16/2011 8:15:28 PM - System Checkpoint

RP276: 6/17/2011 3:00:18 AM - Software Distribution Service 3.0

RP277: 6/18/2011 10:13:36 AM - System Checkpoint

RP278: 6/19/2011 11:08:24 AM - System Checkpoint

RP279: 6/20/2011 11:27:40 AM - System Checkpoint

RP280: 6/21/2011 12:37:55 PM - System Checkpoint

RP281: 6/22/2011 2:11:53 PM - System Checkpoint

RP282: 6/23/2011 4:54:34 PM - System Checkpoint

RP283: 6/24/2011 9:14:38 PM - System Checkpoint

RP284: 6/26/2011 7:10:44 AM - System Checkpoint

RP285: 6/27/2011 8:39:03 AM - System Checkpoint

RP286: 6/28/2011 3:00:16 AM - Software Distribution Service 3.0

RP287: 6/29/2011 10:38:13 AM - System Checkpoint

RP288: 6/30/2011 3:00:16 AM - Software Distribution Service 3.0

RP289: 7/1/2011 10:49:19 AM - System Checkpoint

RP290: 7/2/2011 4:47:44 PM - System Checkpoint

RP291: 7/3/2011 6:13:56 PM - System Checkpoint

RP292: 7/4/2011 6:21:15 PM - System Checkpoint

RP293: 7/5/2011 5:07:56 PM - Restore Operation

RP294: 7/6/2011 9:21:50 PM - System Checkpoint

RP295: 7/7/2011 3:00:15 AM - Software Distribution Service 3.0

RP296: 7/8/2011 7:43:58 AM - System Checkpoint

RP297: 7/9/2011 1:50:51 PM - System Checkpoint

RP298: 7/10/2011 2:07:45 PM - System Checkpoint

RP299: 7/11/2011 4:13:32 PM - System Checkpoint

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Community Help

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Photoshop Elements 3.0

Adobe Photoshop Elements 9

Adobe Photoshop.com Inspiration Browser

Adobe Reader 9.4.5

Advanced SystemCare 4

America Online (Choose which version to remove)

AOL Coach Version 1.0(Build:20030807.3)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI - Software Uninstall Utility

ATI Control Panel

ATI Display Driver

att.net Toolbar

Banctec Service Agreement

Bonjour

Broadcom Advanced Control Suite 2

Brother HL-4040CN

Canon CanoScan Toolbox 4.1

CanoScan LiDE20,30 Manual

Definition update for Microsoft Office 2010 (KB982726)

Dell Digital Jukebox Driver

Dell Driver Download Manager

Dell Driver Reset Tool

Dell Media Experience

Dell Networking Guide

Dell Solution Center

Dell Support

Dell System Restore

DESI Labeling System

EarthLink Setup Files

Elements 9 Organizer

Elements STI Installer

EPSON Printer Software

Get High Speed Internet!

Help and Support Customization

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Intel Application Accelerator

Intel® 537EP V9x DF PCI Modem

Interactive Word menu to ribbon guide

Internet Explorer Default Page

IObit Malware Fighter

IObit Toolbar v4.5

iTunes

Jasc Paint Shop Photo Album

Jasc Paint Shop Pro 8 Dell Edition

Java 2 Runtime Environment, SE v1.4.2_03

Java Auto Updater

Java 6 Update 21

Learn2 Player (Uninstall Only)

magicJack

Malwarebytes' Anti-Malware

McAfee Security Scan Plus

McAfee SecurityCenter

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Encarta Encyclopedia Standard 2004

Microsoft Money 2004

Microsoft Money 2004 System Pack

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 14

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_CRT_x86

Modem Event Monitor

Modem Helper

Modem On Hold

Mozilla Firefox (3.6.18)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MUSICMATCH® Jukebox

NetZeroInstallers

PowerDVD 5.1

QuickBooks Pro

QuickTime

RealPlayer Basic

Safari

Seagate Manager Installer

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Excel 2010 (KB2523021)

Security Update for Microsoft Office 2010 (KB2289078)

Security Update for Microsoft Office 2010 (KB2289161)

Security Update for Microsoft PowerPoint 2010 (KB2519975)

Security Update for Microsoft Publisher 2010 (KB2409055)

Security Update for Microsoft Word 2010 (KB2345000)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2183461)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Shockwave

Sonic DLA

Sonic MyDVD

Sonic RecordNow!

Sonic Update Manager

SUPERAntiSpyware

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2010 (KB2202188)

Update for Microsoft Office 2010 (KB2413186)

Update for Microsoft Office 2010 (KB2523113)

Update for Microsoft OneNote 2010 (KB2493983)

Update for Microsoft Outlook Social Connector (KB2441641)

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Viewpoint Media Player

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 8

Windows Management Framework Core

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WordPerfect Office 12

Yahoo! Software Update

.

==== Event Viewer Messages From Past Week ========

.

7/9/2011 6:30:33 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.

7/6/2011 8:17:14 PM, error: Dhcp [1002] - The IP address lease 10.0.0.2 for the Network Card with network address 001111892A2F has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).

7/10/2011 9:43:25 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

7/10/2011 9:41:30 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

.

==== End Of File ===========================

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

You have Viewpoint installed.

 

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

 

More information:

 

* ViewMgr.exe - Useless

* Viewpoint to Plunge Into Adware

 

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint

* Viewpoint Manager

* Viewpoint Media Player

* Viewpoint Toolbar

* Viewpoint Experience Technology

******************************************************

Download OTL to your desktop.

 

* Open OTL

* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

 

:OTL
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

 

* Click Run Fix

* OTLI2 may ask to reboot the machine. Please do so if asked.

* Click OK

* A report will open. Copy and Paste that report in your next reply.

******************************************************************

Update Your Java (JRE)

 

Old versions of Java have vulnerabilities that malware can use to infect your system.

 

First Verify your Java Version

 

If there are any other version(s) installed then update now.

 

Get the new version (if needed)

 

If your version is out of date install the newest version of the Sun Java Runtime Environment.

 

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

 

Be sure to close ALL open web browsers before starting the installation.

 

Remove any old versions

 

1. Download JavaRa and unzip the file to your Desktop.

2. Open JavaRA.exe and choose Remove Older Versions

3. Once complete exit JavaRA.

 

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

**************************************************

Please download ComboFix http://img7.imageshack.us/img7/4930/combofix.gif from BleepingComputer.com

 

Alternate link: GeeksToGo.com

 

and save it to your Desktop.

It would be easiest to download using Internet Explorer.

If you insist on using Firefox, make sure that your download settings are as follows:

 

* Tools->Options->Main tab

* Set to "Always ask me where to Save the files".

 

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here

Double click ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

http://i424.photobucket.com/albums/pp322/digistar/Query_RC.gif

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://i424.photobucket.com/albums/pp322/digistar/RC_successful.gif

 

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

 

If you have problems with ComboFix usage, see How to use ComboFix

Link to comment
Share on other sites
kingtel Newbie

kingtel

Posted
  • Author
Posted

Results of Combofix scan

 

ComboFix 11-07-12.09 - Ron 07/12/2011 13:57:56.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.591 [GMT -7:00]

Running from: c:\documents and settings\Ron\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

F:\Autorun.inf

.

---- Previous Run -------

.

c:\documents and settings\Ron\Application Data\Adobe\shed

c:\documents and settings\Ron\Application Data\dwm.exe

c:\documents and settings\Ron\Application Data\Microsoft\conhost.exe

c:\documents and settings\Ron\WINDOWS

F:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2011-06-12 to 2011-07-12 )))))))))))))))))))))))))))))))

.

.

2011-07-12 19:49 . 2011-05-04 11:52 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-07-12 16:32 . 2011-07-12 16:32 -------- d-----w- c:\documents and settings\Ron\Application Data\Malwarebytes

2011-07-12 16:31 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-12 16:31 . 2011-07-12 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-07-12 16:31 . 2011-07-12 16:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-12 16:31 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-12 04:14 . 2011-07-12 04:15 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-07-12 01:50 . 2011-07-12 01:50 -------- d-----w- c:\documents and settings\Ron\Application Data\SUPERAntiSpyware.com

2011-07-12 01:50 . 2011-07-12 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-07-11 21:33 . 2011-07-11 21:33 -------- d-----w- c:\documents and settings\Sally\Application Data\IObit

2011-07-11 21:30 . 2011-07-11 21:30 -------- d-----w- c:\documents and settings\Sally\Application Data\Search Settings

2011-07-10 01:29 . 2011-07-10 01:29 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-07-10 01:25 . 2011-07-10 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2011-07-10 00:41 . 2011-07-10 00:41 -------- d-----w- c:\documents and settings\Ron\Application Data\Search Settings

2011-07-10 00:41 . 2011-07-10 00:41 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater

2011-07-10 00:41 . 2011-07-10 00:41 -------- d-----w- c:\program files\IObit Toolbar

2011-07-10 00:41 . 2011-07-10 00:41 -------- d-----w- c:\program files\Application Updater

2011-07-10 00:41 . 2011-07-10 00:41 -------- d-----w- c:\program files\Common Files\Spigot

2011-07-06 00:58 . 2011-07-06 00:58 -------- d-----w- c:\windows\McAfee.com

2011-07-06 00:09 . 2011-07-06 00:09 -------- d-----w- c:\windows\system32\wbem\Repository

2011-06-26 16:58 . 2011-06-26 16:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-17 10:03 . 2011-06-17 11:29 -------- d-----w- c:\windows\SxsCaPendDel

2011-06-16 18:47 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-04 11:52 . 2010-10-01 15:29 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-04 09:25 . 2010-10-01 15:29 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-02 15:31 . 2004-03-02 18:18 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2004-03-30 01:48 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2002-11-18 11:27 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11 . 2004-02-06 23:05 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2004-03-19 22:38 43520 ------w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2004-03-19 22:38 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2010-10-01 01:57 385024 ------w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2004-03-19 22:40 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-14 21:01 . 2011-03-01 00:14 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-04-14 21:01 . 2011-03-01 00:14 141792 ----a-w- c:\windows\system32\mfevtps.exe

2011-04-14 21:01 . 2011-03-01 00:13 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-04-14 21:01 . 2011-03-01 00:13 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-04-14 21:01 . 2011-03-01 00:13 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-04-14 21:01 . 2011-03-01 00:13 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-04-14 21:01 . 2011-03-01 00:13 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-04-14 21:01 . 2011-03-01 00:13 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-04-14 21:01 . 2011-03-01 00:13 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-04-14 21:01 . 2011-03-01 00:13 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-04-14 21:01 . 2011-03-01 00:13 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-04-14 21:01 . 2011-03-01 00:14 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PhotoshopElements8SyncAgent"="c:\program files\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe" [2010-09-06 1945536]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"cdloader"="c:\documents and settings\Ron\Application Data\mjusbsp\cdloader2.exe" [2010-12-03 50592]

"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]

"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-06-25 534880]

"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2011-06-01 4385112]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

2006-02-10 05:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]

2004-02-19 13:23 61440 ----a-w- c:\dell\BLDBUBG.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

2004-03-15 06:04 122933 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

2004-04-11 16:43 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

2004-06-29 16:23 135168 ----a-w- c:\program files\Intel\Intel Application Accelerator\IAAnotif.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]

2003-09-04 01:12 221184 ----a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

2004-04-19 19:45 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

2004-04-19 19:45 131072 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

2004-04-12 01:15 290816 ------w- c:\program files\Dell\Media Experience\PCMService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

2004-09-29 11:51 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 19:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

2003-08-19 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

"c:\\Documents and Settings\\Ron\\Application Data\\mjusbsp\\magicJack.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [2/28/2011 5:13 PM 84200]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]

R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [9/6/2010 3:19 AM 169408]

R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [4/24/2011 12:23 PM 353168]

R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [6/24/2011 5:30 PM 393112]

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/26/2009 12:32 AM 189736]

R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [6/13/2011 9:41 AM 821080]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/1/2010 5:46 PM 203280]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2/28/2011 5:13 PM 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2/28/2011 5:13 PM 271480]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [2/28/2011 5:14 PM 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\SYSTEM32\mfevtps.exe [2/28/2011 5:14 PM 141792]

R3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [2/28/2011 5:13 PM 56064]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [2/28/2011 5:13 PM 314088]

R3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [2/28/2011 5:13 PM 88736]

R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [7/9/2011 5:40 PM 30368]

R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [7/9/2011 5:40 PM 16080]

S2 0132311309919596mcinstcleanup;McAfee Application Installer Cleanup (0132311309919596);c:\windows\TEMP\013231~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\013231~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 5:47 AM 98304]

S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 4:40 AM 118784]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [2/28/2011 5:13 PM 88736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [2/28/2011 5:13 PM 84488]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [3/19/2004 3:43 PM 14336]

S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [7/9/2011 5:40 PM 239472]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 12:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-12 c:\windows\Tasks\AdobeAAMUpdater-1.0-OWNER-Ron.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29 09:25]

.

2011-07-11 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]

.

2011-07-09 c:\windows\Tasks\ASC4_AutoCare.job

- c:\program files\IObit\Advanced SystemCare 4\AutoCare.exe [2011-04-24 21:46]

.

2011-07-12 c:\windows\Tasks\ASC4_AutoSweep.job

- c:\program files\IObit\Advanced SystemCare 4\AutoSweep.exe [2011-04-24 21:46]

.

2011-07-12 c:\windows\Tasks\ASC4_AutoUpdate.job

- c:\program files\IObit\Advanced SystemCare 4\AutoUpdate.exe [2011-04-24 21:46]

.

2011-07-12 c:\windows\Tasks\ASC4_PerformanceMonitor.job

- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-04-24 21:46]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://att.net

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = http=127.0.0.1:53939

uSearchAssistant =

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\documents and settings\Ron\Application Data\Mozilla\Firefox\Profiles\jkklrtmq.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=380920&p=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 53939

FF - prefs.js: network.proxy.type - 1

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

AddRemove-3032849061.office.microsoft.com - c:\program files\Microsoft Silverlight\4.0.50917.0\Silverlight.Configuration.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-12 14:09

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???x???x???????????????????x???????????x???x???????????x???????????x???x???????????@????????????????????????????D?w????????????7??w????x???x??????????????

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

cdloader = "c:\documents and settings\Ron\Application Data\mjusbsp\cdloader2.exe" MAGICJACK?AGICJAC??????P?"c:\documents and settings\Ron\Application Data\mjusbsp\cdloader

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,7f,b4,ab,ef,fd,4b,4a,81,21,98,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,7f,b4,ab,ef,fd,4b,4a,81,21,98,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1140)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

Completion time: 2011-07-12 14:13:05

ComboFix-quarantined-files.txt 2011-07-12 21:13

.

Pre-Run: 111,602,757,632 bytes free

Post-Run: 111,588,200,448 bytes free

.

- - End Of File - - 5366534FCB67E9CC6076B5776F0DC29C

Link to comment
Share on other sites
kingtel Newbie

kingtel

Posted
  • Author
Posted

Hi Dave,

Finally got OTL to work

 

All processes killed

========== OTL ==========

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: All Users

 

User: Craig

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Danny

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Kari

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32835 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: Ron

->Temp folder emptied: 133120 bytes

->Temporary Internet Files folder emptied: 15254797 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 456 bytes

 

User: Sally

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 439 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 15.00 mb

 

 

OTL by OldTimer - Version 3.2.26.1 log created on 07122011_150830

 

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\Ron\Local Settings\Temp\~DFFE83.tmp not found!

File\Folder C:\Documents and Settings\Ron\Local Settings\Temp\~DFFE93.tmp not found!

File\Folder C:\Documents and Settings\Ron\Local Settings\Temp\~DFFF00.tmp not found!

File\Folder C:\Documents and Settings\Ron\Local Settings\Temp\~DFFF10.tmp not found!

File\Folder C:\Documents and Settings\Ron\Local Settings\Temp\~DFFF65.tmp not found!

File\Folder C:\Documents and Settings\Ron\Local Settings\Temp\~DFFF75.tmp not found!

File\Folder C:\Documents and Settings\Ron\Local Settings\Temp\~DFFFC1.tmp not found!

File\Folder C:\Documents and Settings\Ron\Local Settings\Temp\~DFFFD3.tmp not found!

C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\4JGC6PRQ\showthread[3].htm moved successfully.

 

Registry entries deleted on Reboot...

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

* Download the following tool: RootRepeal - Rootkit Detector

* Direct download link is here: RootRepeal.zip

 

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.

* Click this link to see a list of such programs and how to disable them.

 

* Extract the program file to a new folder such as C:\RootRepeal

* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.

* Select ALL of the checkboxes and then click OK and it will start scanning your system.

* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.

* When done, click on Save Report

* Save it to the same location where you ran it from, such as C:RootRepeal

* Save it as rootrepeal.txt

* Then open that log and select all and copy/paste it back on your next reply please.

* Close RootRepeal.

Link to comment
Share on other sites
kingtel Newbie

kingtel

Posted
  • Author
Posted

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2011/07/12 16:53

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

 

Drivers

-------------------

Name: Fs_Rec.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS

Address: 0xF7C24000 Size: 7936 File Visible: - Signed: -

Status: Hidden from the Windows API!

 

Name: Mup.sys

Image Path: Mup.sys

Address: 0xF7385000 Size: 105472 File Visible: - Signed: -

Status: Hidden from the Windows API!

 

Name: Ntfs.sys

Image Path: Ntfs.sys

Address: 0xF73CC000 Size: 574976 File Visible: - Signed: -

Status: Hidden from the Windows API!

 

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xAD91D000 Size: 49152 File Visible: No Signed: -

Status: -

 

Hidden/Locked Files

-------------------

Path: C:\hiberfil.sys

Status: Locked to the Windows API!

 

Path: c:\windows\temp\perflib_perfdata_170.dat

Status: Allocation size mismatch (API: 16384, Raw: 0)

 

Path: c:\windows\temp\sqlite_brrlgxyo6mhvyz3

Status: Allocation size mismatch (API: 4096, Raw: 0)

 

Path: c:\windows\temp\sqlite_emy4jegdp4fqwpz

Status: Allocation size mismatch (API: 4096, Raw: 0)

 

Path: c:\windows\temp\sqlite_pevqba1v4fsivbz

Status: Allocation size mismatch (API: 4096, Raw: 0)

 

Path: C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP269\A0033763.ini

Status: Visible to the Windows API, but not on disk.

 

Path: c:\documents and settings\ron\local settings\temp\perflib_perfdata_8c0.dat

Status: Allocation size mismatch (API: 16384, Raw: 0)

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\DellDriverDownloadManager.exe.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\DellDriverDownloadManager.exe.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\DellDriverDownloadManager.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\DellDriverDownloadManager.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Core.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Core.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.ISOImage.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.ISOImage.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Interop.IWshRuntimeLibrary.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Interop.IWshRuntimeLibrary.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\stdole.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\stdole.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Xceed.Compression.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Ron\Local Settings\Apps\2.0\HL68R8OC.BMY\GODNWJRW.XC1\manifests\Xceed.Compression.manifest

Status: Locked to the Windows API!

 

==EOF==

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Download CCleaner Slim and save it to your Desktop - Alternate download link

 

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe

Follow the prompts to install the program.

 

* Double-click the CCleaner shortcut on the desktop to start the program.

* Click on the Options block on the left, then choose Cookies.

* Under Cookies to Delete, highlight any cookies you would like to retain permanently

* Click the right arrow > to move them to the Cookies to Keep window.

* Go into Options > Advanced uncheck Only delete files in Windows Temp folders older than 48 hours

* Click Cleaner on the left then Run Cleaner on the right to run the program.

* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

 

Caution: Only use the Registry feature if you are very familiar with the registry.

Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

 

***************************************************************

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

Link to comment
Share on other sites
kingtel Newbie

kingtel

Posted
  • Author
Posted

Results from ESET scan

 

C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined

C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined

C:\Program Files\IObit Toolbar\IE\4.5\iobitToolbarIE.dll a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Documents and Settings\Ron\Application Data\dwm.exe.vir a variant of Win32/Kryptik.QGL trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP300\A0038478.exe a variant of Win32/Kryptik.QGL trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP300\A0039479.exe probably a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined

C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP300\A0039480.exe a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined

C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP300\A0039481.dll a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined

Link to comment
Share on other sites
Cicely Mentor

Cicely

Posted
Posted

Hi kingtel,

 

ESET will give this alarm during the installation of IObit toolbar. We contacted ESET for this issue without any results. IObit toolbar is provided by our partner yahoo. So we are asking yahoo to deal with this issue now.

 

Sorry for this trouble.

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

That looks good. If there are no other issues, we can do some cleanup.

 

To uninstall ComboFix

 

  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall

 

http://i424.photobucket.com/albums/pp322/digistar/Combofix_uninstall_image.jpg

 

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

 

  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

************************************************

To remove all of the tools we used and the files and folders they created do the following:

Double click OTL.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

*****************************************************

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

 

Double-click TFC.exe to run it.

 

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

 

TFC will close all programs when run, so make sure you have saved all your work before you begin.

 

* Click the Start button to begin the cleaning process.

* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.

* Please let TFC run uninterrupted until it is finished.

 

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

*****************************************************

Use the Secunia Software Inspector to check for out of date software.

 

•Click Start Now

 

•Check the box next to Enable thorough system inspection.

 

•Click Start

 

•Allow the scan to finish and scroll down to see if any updates are needed.

•Update anything listed.

.

----------

 

Go to Microsoft Windows Update and get all critical updates.

 

----------

 

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

 

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.

* Using SpywareBlaster to protect your computer from Spyware and Malware

* If you don't know what ActiveX controls are, see here

 

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

 

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

 

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.

Safe Surfing!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...