Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible imbedded trojan/spyware/malware


  • Please log in to reply
3 replies to this topic

#1 edenmd

edenmd

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 19 January 2009 - 04:51 PM

I have WinXP SP3, IE7, and Mcafee Security Suite loaded on my laptop. Last Weds PM, unrequested scan of laptop with alert that I had >100 trojans, viruses, etc and should download spyware removal program to remove. I have read not to do this. Of course I was unable to exit out and the message kept looping. Unable to get to task manager via ctrl+alt+delete. Finally did to hard reboot by removing battery (I know I am not supposed to do this but am a novice). After powering up, IE7 kept hijacking me to undesired websites trying to sell me stuff. Unable to run a McAfee Scan or updates. Unable to get to microsoft to download tools to check for malware. Was told by someone in IT at work that spyware hijacked by web browser, imbedded in IE7/Windows background now, and don't do any financial stuff on it any longer. Basically told me my laptop was toast.

I wasn't willing to settle for this. I was able to get to cnet and download a handful of antispyware programs but none of them found anything. As a final resort before reformatting my harddrive, restored my laptop to it's original state when I purchased it in 2004 from the instructions provided in owner manual. Now I have updated McAfee and Windows and toughened up my internet options and everything appears to be working again. Plan to get some really good antispyware on this machine but would lreally appreciate someone taking a look at my dds.txt and attach.txt files to make sure I don't have any residual infections. And if I do, how to remove.

Gratefully yours, edenmd


DDS (Ver_09-01-18.01) - NTFSx86
Run by DEB at 0:25:25.78 on Mon 01/19/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.182 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\DEB\Desktop\dds.scr

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/apps/vso/en-us/vso9/setexp.asp?regwiz=file://c:\program%20files\mcafee.com\agent\mcregwiz.exe&systempopup=true&affid=105-37&dtag=90H8F61
uURLSearchHooks: N/A: {4d25f926-b9fe-4682-bf72-8ab8210d6d75} - c:\program files\mywaysa\srchasde\1.bin\deSrcAs.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: : {4d25f921-b9fe-4682-bf72-8ab8210d6d75} - c:\program files\mywaysa\srchasde\1.bin\deSrcAs.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [bacstray] BacsTray.exe
mRun: [<NO NAME>]
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 207656]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-1-18 605512]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-18 79240]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-18 35240]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-18 34152]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-18 40488]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-1-18 206112]
R4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-1-18 358736]
R4 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-1-18 144704]

=============== Created Last 30 ================

2009-01-18 23:55 <DIR> --d----- c:\program files\Trend Micro
2009-01-18 23:55 812,344 a------- c:\program files\HJTInstall.exe
2009-01-18 23:37 69 a------- C:\buildbu.bat
2009-01-18 23:11 459,264 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-01-18 23:11 267,776 -------- c:\windows\system32\dllcache\iertutil.dll
2009-01-18 23:11 52,224 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-18 23:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-01-18 23:11 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2009-01-18 23:11 2,455,488 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-01-18 23:11 991,232 -------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-18 23:11 383,488 -------- c:\windows\system32\dllcache\ieapfltr.dll
2009-01-18 23:11 63,488 -------- c:\windows\system32\dllcache\icardie.dll
2009-01-18 22:57 <DIR> --d----- c:\program files\MSXML 4.0
2009-01-18 22:48 8,341 a------- c:\windows\system32\Config.MPF
2009-01-18 22:32 79,240 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-01-18 22:32 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-01-18 22:32 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2009-01-18 22:32 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-01-18 22:31 <DIR> --d----- c:\program files\common files\McAfee
2009-01-18 22:20 <DIR> --d----- c:\docume~1\deb\applic~1\McAfee
2009-01-18 22:09 34,152 a------- c:\windows\system32\drivers\mferkdk.sys
2009-01-18 21:59 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-01-18 21:58 1,160,192 -------- c:\windows\system32\dllcache\urlmon.dll
2009-01-18 21:58 826,368 -------- c:\windows\system32\dllcache\wininet.dll
2009-01-18 21:58 1,499,136 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-01-18 21:58 1,846,400 -------- c:\windows\system32\dllcache\win32k.sys
2009-01-18 21:58 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-18 21:57 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-18 21:57 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-18 21:57 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-18 21:57 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2009-01-18 21:53 114,688 a------- c:\windows\system32\mclsp.dll
2009-01-18 21:53 65,536 a------- c:\windows\system32\mcrtl32.dll
2009-01-18 21:53 32,768 a------- c:\windows\system32\instlsp.exe
2009-01-18 21:53 11,264 a------- c:\windows\system32\sporder.dll
2009-01-18 21:52 203,136 -------- c:\windows\system32\dllcache\rmcast.sys
2009-01-18 21:51 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-18 21:51 333,952 -------- c:\windows\system32\dllcache\srv.sys
2009-01-18 21:51 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2009-01-18 21:51 691,712 -------- c:\windows\system32\dllcache\inetcomm.dll
2009-01-18 21:50 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-01-18 21:50 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2009-01-18 21:50 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2009-01-18 21:49 <DIR> --d----- c:\program files\McAfee
2009-01-18 21:38 <DIR> --d----- c:\windows\system32\scripting
2009-01-18 21:38 <DIR> --d----- c:\windows\l2schemas
2009-01-18 21:38 <DIR> --d----- c:\windows\system32\en
2009-01-18 21:38 <DIR> --d----- c:\windows\system32\bits
2009-01-18 21:34 <DIR> --d----- c:\windows\ServicePackFiles
2009-01-18 21:30 <DIR> --d----- c:\windows\network diagnostic
2009-01-18 21:16 129,045 -------- c:\windows\system32\drivers\cxthsfs2.cty
2009-01-18 21:01 <DIR> --d----- c:\windows\system32\PreInstall
2009-01-18 21:01 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-01-18 21:01 <DIR> --d-h--- c:\windows\$hf_mig$
2009-01-18 20:58 <DIR> --ds---- c:\documents and settings\deb\UserData
2009-01-18 20:52 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-01-18 20:41 <DIR> --d----- c:\windows\system32\appmgmt
2009-01-18 18:31 <DIR> --d----- c:\docume~1\deb\applic~1\Intel
2009-01-18 18:31 <DIR> --d----- c:\documents and settings\DEB
2009-01-18 18:24 8,192 a------- c:\windows\REGLOCS.OLD

==================== Find3M ====================

2009-01-18 21:42 88,963 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-18 18:32 17,307 a------- c:\windows\system32\nvModes.dat
2008-12-11 04:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 06:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll

============= FINISH: 0:26:10.90 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:28 AM

Posted 30 January 2009 - 08:25 AM

Hello edenmd

Welcome to BleepingComputer :thumbup2:
========================
If you are still in need of assistance please post a new dds log.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 edenmd

edenmd
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 30 January 2009 - 11:11 PM

Here is an updated dds log as you requested. edenmd

DDS (Ver_09-01-18.01) - NTFSx86
Run by DEB at 20:05:15.32 on Fri 01/30/2009
Internet Explorer: 7.0.5730.13

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/apps/vso/en-us/vso9/setexp.asp?regwiz=file://c:\program%20files\mcafee.com\agent\mcregwiz.exe&systempopup=true&affid=105-37&dtag=90H8F61
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: : {4d25f921-b9fe-4682-bf72-8ab8210d6d75} - c:\program files\mywaysa\srchasde\1.bin\deSrcAs.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [bacstray] BacsTray.exe
mRun: [<NO NAME>]
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: hotmail.com
Trusted Zone: internet
Trusted Zone: mcafee.com
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-01-28 19:47 <DIR> --d----- c:\windows\system32\XPSViewer
2009-01-28 19:46 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-28 19:46 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-01-28 19:46 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-28 19:46 117,760 -------- c:\windows\system32\prntvpt.dll
2009-01-28 19:46 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-28 19:46 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-01-28 19:46 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-01-28 19:46 <DIR> --d----- C:\9c720fb322eaee46643e51635f
2009-01-28 19:46 <DIR> --d----- c:\windows\SxsCaPendDel
2009-01-22 19:51 <DIR> --d----- c:\docume~1\deb\applic~1\Windows Search
2009-01-22 17:33 <DIR> --d----- c:\docume~1\deb\applic~1\Malwarebytes
2009-01-22 17:33 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-22 17:33 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-22 17:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-22 17:33 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-21 23:30 <DIR> --d----- c:\docume~1\deb\applic~1\Windows Desktop Search
2009-01-21 23:29 <DIR> --d----- c:\windows\system32\GroupPolicy
2009-01-21 23:29 <DIR> --d----- c:\program files\Windows Desktop Search
2009-01-21 23:28 98,304 -------- c:\windows\system32\dllcache\nlhtml.dll
2009-01-21 23:28 29,696 -------- c:\windows\system32\dllcache\mimefilt.dll
2009-01-21 23:28 192,000 -------- c:\windows\system32\dllcache\offfilt.dll
2009-01-21 23:27 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-01-21 23:25 <DIR> --d----- c:\windows\system32\LogFiles
2009-01-21 22:59 2 a------- c:\windows\msoffice.ini
2009-01-21 22:19 26,368 a------- c:\windows\system32\dllcache\usbstor.sys
2009-01-21 21:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-01-21 18:31 45,056 a------- c:\windows\NCUNINST.EXE
2009-01-21 18:31 <DIR> --d----- c:\program files\common files\SWF Studio
2009-01-19 18:15 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-01-19 18:15 268,648 a------- c:\windows\system32\mucltui.dll
2009-01-18 21:55 <DIR> --d----- c:\program files\Trend Micro
2009-01-18 21:55 812,344 a------- c:\program files\HJTInstall.exe
2009-01-18 21:11 459,264 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-01-18 21:11 267,776 -------- c:\windows\system32\dllcache\iertutil.dll
2009-01-18 21:11 52,224 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-18 21:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-01-18 21:11 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2009-01-18 21:11 2,455,488 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-01-18 21:11 991,232 -------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-18 21:11 383,488 -------- c:\windows\system32\dllcache\ieapfltr.dll
2009-01-18 21:11 63,488 -------- c:\windows\system32\dllcache\icardie.dll
2009-01-18 20:57 <DIR> --d----- c:\program files\MSXML 4.0
2009-01-18 20:48 13,141 a------- c:\windows\system32\Config.MPF
2009-01-18 20:32 79,240 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-01-18 20:32 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-01-18 20:32 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2009-01-18 20:32 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-01-18 20:31 <DIR> --d----- c:\program files\common files\McAfee
2009-01-18 20:20 <DIR> --d----- c:\docume~1\deb\applic~1\McAfee
2009-01-18 20:09 34,152 a------- c:\windows\system32\drivers\mferkdk.sys
2009-01-18 19:59 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-01-18 19:58 1,160,192 -------- c:\windows\system32\dllcache\urlmon.dll
2009-01-18 19:58 826,368 -------- c:\windows\system32\dllcache\wininet.dll
2009-01-18 19:58 1,499,136 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-01-18 19:58 1,846,400 -------- c:\windows\system32\dllcache\win32k.sys
2009-01-18 19:58 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-18 19:57 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-18 19:57 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-18 19:57 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-18 19:57 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2009-01-18 19:53 114,688 a------- c:\windows\system32\mclsp.dll
2009-01-18 19:53 65,536 a------- c:\windows\system32\mcrtl32.dll
2009-01-18 19:53 32,768 a------- c:\windows\system32\instlsp.exe
2009-01-18 19:53 11,264 a------- c:\windows\system32\sporder.dll
2009-01-18 19:52 203,136 -------- c:\windows\system32\dllcache\rmcast.sys
2009-01-18 19:51 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-18 19:51 333,952 -------- c:\windows\system32\dllcache\srv.sys
2009-01-18 19:51 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2009-01-18 19:51 691,712 -------- c:\windows\system32\dllcache\inetcomm.dll
2009-01-18 19:50 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-01-18 19:50 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2009-01-18 19:50 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2009-01-18 19:49 <DIR> --d----- c:\program files\McAfee
2009-01-18 19:38 <DIR> --d----- c:\windows\system32\scripting
2009-01-18 19:38 <DIR> --d----- c:\windows\l2schemas
2009-01-18 19:38 <DIR> --d----- c:\windows\system32\en
2009-01-18 19:38 <DIR> --d----- c:\windows\system32\bits
2009-01-18 19:34 <DIR> --d----- c:\windows\ServicePackFiles
2009-01-18 19:30 <DIR> --d----- c:\windows\network diagnostic
2009-01-18 19:16 129,045 -------- c:\windows\system32\drivers\cxthsfs2.cty
2009-01-18 19:01 <DIR> --d----- c:\windows\system32\PreInstall
2009-01-18 19:01 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-01-18 19:01 <DIR> --d-h--- c:\windows\$hf_mig$
2009-01-18 18:58 <DIR> --dsh--- c:\documents and settings\deb\UserData
2009-01-18 18:52 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-01-18 18:41 <DIR> --d----- c:\windows\system32\appmgmt
2009-01-18 16:31 <DIR> --d----- c:\docume~1\deb\applic~1\Intel
2009-01-18 16:31 <DIR> --d----- c:\documents and settings\DEB
2009-01-18 16:24 8,192 a------- c:\windows\REGLOCS.OLD

==================== Find3M ====================

2009-01-18 19:42 88,963 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-18 16:32 17,307 a------- c:\windows\system32\nvModes.dat
2008-12-11 02:57 333,952 a------- c:\windows\system32\drivers\srv.sys

============= FINISH: 20:05:50.53 ===============


==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
ALPS Touch Pad Driver
Broadcom Advanced Control Suite
Business Contact Manager for Outlook 2003
Conexant D480 MDC V.9x Modem
Dell Driver Reset Tool
Dell Home Systems Services Agreement
Dell Media Experience
Dell Media Experience Update
Dell Networking Guide
Dell Picture Studio v3.0
Dell Support
Dell System Restore
Digital Line Detect
Get High Speed Internet!
getPlus® for Adobe
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Intel® PROSet/Wireless Software
Internet Explorer Default Page
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
McAfee Privacy Service
McAfee SecurityCenter
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Small Business Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB954430)
mToolkit
Musicmatch for Windows Media Player
Musicmatch® Jukebox
mWlsSafe
mXML
My Way Search Assistant
mZConfig
NetWaiting
NVIDIA Drivers
Photo Click
PowerDVD 5.1
QuickSet
QuickTime
RealPlayer Basic
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3

==== End Of File ===========================

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:28 AM

Posted 31 January 2009 - 08:32 AM

Please uninstall Viewpoint Media Player and also mywaysa
Then reboot then delete these folders:
c:\program files\mywaysa
c:\program files\Viewpoint
==========================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

Edited by kahdah, 31 January 2009 - 08:32 AM.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users